The following Fedora 26 Security updates need testing: Age URL 166 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 105 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-brace-expansion-1.1.7-1.fc26 68 https://bodhi.fedoraproject.org/updates/FEDORA-2017-690a2548ba openvswitch-2.7.1-2.fc26 59 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325 memcached-1.4.39-1.fc26 56 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 37 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346 botan-1.10.16-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-63f99b3977 drupal7-views-3.18-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7699952c1b mingw-LibRaw-0.18.4-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f699cb371 LibRaw-0.18.4-2.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a9447c0af pure-ftpd-1.0.46-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9f07dfaca python-jwt-1.5.3-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-982bfabc4e libmspack-0.6-0.1.alpha.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4655504984 php-horde-Horde-Image-2.5.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4e01259678 wordpress-4.8.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-11afc3cde9 pkgconf-1.3.9-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a452dc893 moodle-3.2.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a0a31c04e samba-4.6.8-0.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b7dcfe861 kobo-0.6.0-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f68f150f6 abrt-2.10.3-3.fc26 libreport-2.9.1-3.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-148849f8bd libssh2-1.8.0-5.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4a479d6a57 sssd-1.15.3-4.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-368b385c04 webkitgtk4-2.18.0-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d62dd0192 menu-cache-1.0.2-6.D20170913gitfd52af607c.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3f4fcd0b8 nss-3.32.1-1.0.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d libvirt-3.2.1-6.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3cb490f3fc libguestfs-1.36.6-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eaaa4b2079 supermin-5.1.19-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5476b3a1e6 pyOpenSSL-16.2.0-6.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80006ad817 audit-2.7.8-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-22e54382f0 python-blivet-2.1.11-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45767998f5 pango-1.40.12-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b15d219159 gtk3-3.22.21-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-91c444331b gsettings-desktop-schemas-3.24.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6816521508 epiphany-3.24.4-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-feb5e04f8d blivet-gui-2.1.7-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d45f5c7976 network-manager-applet-1.8.2-4.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9bdc9b9379 mutter-3.24.4-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a0a31c04e samba-4.6.8-0.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac7e52d53f linux-firmware-20170828-77.gitb78acc9.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d0014f404 pungi-4.1.19-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-11afc3cde9 pkgconf-1.3.9-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9684858af6 ibus-1.5.16-10.fc26
The following builds have been pushed to Fedora 26 updates-testing
R-htmltools-0.3.6-1.fc26 abook-0.6.1-5.fc26 ansible-2.4.0.0-1.fc26 ardour5-5.12.0-1.fc26 bodhi-2.11.0-1.fc26 cmst-2017.09.01-1.gitdc8c83b.fc26 cri-o-1.0.0-1.rc2.git6784a66.fc26 eclipse-4.7.1-4.fc26 eclipse-ecf-3.13.8-1.fc26 eclipse-epp-logging-2.0.6-1.fc26 eclipse-mpc-1.6.1-1.fc26 fedora-upgrade-27.1-1.fc26 ghc-hxt-charproperties-9.2.0.1-1.fc26 hplip-3.17.9-1.fc26 ibus-1.5.16-10.fc26 libva-vdpau-driver-0.7.4-19.fc26 linux-firmware-20170828-77.gitb78acc9.fc26 moodle-3.2.5-1.fc26 mutter-3.24.4-2.fc26 owncloud-client-2.3.3-2.fc26 php-horde-Horde-Image-2.5.2-1.fc26 php-pear-PHP-CodeSniffer-3.1.0-1.fc26 pkgconf-1.3.9-1.fc26 pungi-4.1.19-1.fc26 rakudo-URI-0.1.4-0.1.20170920gite5c8551.fc26 rubygem-mini_portile2-2.3.0-1.fc26 rubygem-nokogiri-1.8.1-1.fc26 samba-4.6.8-0.fc26 sscg-2.1.0-1.fc26 virt-manager-1.4.3-1.fc26 wordpress-4.8.2-1.fc26 wxPython-3.0.2.0-20.fc26 xorgxrdp-0.2.4-2.fc26
Details about builds:
================================================================================ R-htmltools-0.3.6-1.fc26 (FEDORA-2017-79955a66d5) Tools for HTML -------------------------------------------------------------------------------- Update Information:
Initial package of htmltools for R. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1485585 - Review Request: R-htmltools - Tools for HTML https://bugzilla.redhat.com/show_bug.cgi?id=1485585 --------------------------------------------------------------------------------
================================================================================ abook-0.6.1-5.fc26 (FEDORA-2017-80d3efb5a8) Text-based addressbook program for mutt -------------------------------------------------------------------------------- Update Information:
Minor update fixing two bugs: [file descriptor leak](https://sourceforge.net/p/abook/bugs/6/) and [man page update](https://sourceforge.net/p/abook/bugs/8/). --------------------------------------------------------------------------------
================================================================================ ansible-2.4.0.0-1.fc26 (FEDORA-2017-d6fc6a236c) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to 2.4.0.0. See: https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for detailed change list. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493122 - ansible-2.4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493122 --------------------------------------------------------------------------------
================================================================================ ardour5-5.12.0-1.fc26 (FEDORA-2017-9d919be568) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information:
New upstream bugfix and enhancement release. For details, refer to the [upstream release announcement](https://community.ardour.org/node/15298). --------------------------------------------------------------------------------
================================================================================ bodhi-2.11.0-1.fc26 (FEDORA-2017-9bc10f8dab) A modular framework that facilitates publishing software updates -------------------------------------------------------------------------------- Update Information:
Update to [bodhi-2.11.0](https://github.com/fedora- infra/bodhi/releases/tag/2.11.0). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493587 - bodhi-2.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493587 --------------------------------------------------------------------------------
================================================================================ cmst-2017.09.01-1.gitdc8c83b.fc26 (FEDORA-2017-a38e496162) A Qt based GUI front end for the connman connection manager with systemtray icon -------------------------------------------------------------------------------- Update Information:
Update to 2017.09.01-1.gitdc8c83b -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493528 - cmst-2017-09-19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493528 --------------------------------------------------------------------------------
================================================================================ cri-o-1.0.0-1.rc2.git6784a66.fc26 (FEDORA-2017-90cbc31a5d) OCI-based implementation of Kubernetes Container Runtime Interface -------------------------------------------------------------------------------- Update Information:
bump to 1.0.0-rc2 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 20 2017 Lokesh Mandvekar lsm5@fedoraproject.org - 1.0.0-1.rc2.git6784a66 - bump to v1.0.0-rc2 --------------------------------------------------------------------------------
================================================================================ eclipse-4.7.1-4.fc26 (FEDORA-2017-159f049ae2) An open, extensible IDE -------------------------------------------------------------------------------- Update Information:
Updates the Eclipse Platform, JDT and PDE to Oxygen.1 releases, see the upstream release notes: https://www.eclipse.org/eclipse/news/4.7.1/ --------------------------------------------------------------------------------
================================================================================ eclipse-ecf-3.13.8-1.fc26 (FEDORA-2017-159f049ae2) Eclipse Communication Framework (ECF) Eclipse plug-in -------------------------------------------------------------------------------- Update Information:
Updates the Eclipse Platform, JDT and PDE to Oxygen.1 releases, see the upstream release notes: https://www.eclipse.org/eclipse/news/4.7.1/ --------------------------------------------------------------------------------
================================================================================ eclipse-epp-logging-2.0.6-1.fc26 (FEDORA-2017-159f049ae2) Eclipse Error Reporting tool -------------------------------------------------------------------------------- Update Information:
Updates the Eclipse Platform, JDT and PDE to Oxygen.1 releases, see the upstream release notes: https://www.eclipse.org/eclipse/news/4.7.1/ --------------------------------------------------------------------------------
================================================================================ eclipse-mpc-1.6.1-1.fc26 (FEDORA-2017-159f049ae2) Eclipse Marketplace Client -------------------------------------------------------------------------------- Update Information:
Updates the Eclipse Platform, JDT and PDE to Oxygen.1 releases, see the upstream release notes: https://www.eclipse.org/eclipse/news/4.7.1/ --------------------------------------------------------------------------------
================================================================================ fedora-upgrade-27.1-1.fc26 (FEDORA-2017-8c404328a5) Upgrade Fedora to next version using dnf upgrade (unofficial tool) -------------------------------------------------------------------------------- Update Information:
Upgrade to F27 is now supported. --------------------------------------------------------------------------------
================================================================================ ghc-hxt-charproperties-9.2.0.1-1.fc26 (FEDORA-2017-57cba4bae4) Character properties and classes for XML and Unicode -------------------------------------------------------------------------------- Update Information:
Character properties and classes for XML and Unicode -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1491632 - Review Request: ghc-hxt-charproperties - Character properties and classes for XML and Unicode https://bugzilla.redhat.com/show_bug.cgi?id=1491632 --------------------------------------------------------------------------------
================================================================================ hplip-3.17.9-1.fc26 (FEDORA-2017-13a9b9448f) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information:
The newest upstream version - please test especially usage of hp-plugin for printers, which need special plugin for printing. --------------------------------------------------------------------------------
================================================================================ ibus-1.5.16-10.fc26 (FEDORA-2017-9684858af6) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information:
Fixes the default font on Emojier -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1490733 - ���ibus emoji��� do not fit emoji descriptions and annotations with default Monospace https://bugzilla.redhat.com/show_bug.cgi?id=1490733 --------------------------------------------------------------------------------
================================================================================ libva-vdpau-driver-0.7.4-19.fc26 (FEDORA-2017-3fbda702e0) HW video decode support for VDPAU platforms -------------------------------------------------------------------------------- Update Information:
Fix crash https://bugs.freedesktop.org/show_bug.cgi?id=58836 --------------------------------------------------------------------------------
================================================================================ linux-firmware-20170828-77.gitb78acc9.fc26 (FEDORA-2017-ac7e52d53f) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information:
Fix connection issues with some ath10k devices -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1492161 - WiFi Instability on Dell XPS 13 With Qualcomm Atheros QCA6174 Wireless Network Adapter https://bugzilla.redhat.com/show_bug.cgi?id=1492161 [ 2 ] Bug #1491708 - wpa_supplicant// wireless connection stops working after second rekeying https://bugzilla.redhat.com/show_bug.cgi?id=1491708 [ 3 ] Bug #1490172 - ath10k_pci firmware ver 10.2.4.70.63-2 crashing. https://bugzilla.redhat.com/show_bug.cgi?id=1490172 --------------------------------------------------------------------------------
================================================================================ moodle-3.2.5-1.fc26 (FEDORA-2017-9a452dc893) A Course Management System -------------------------------------------------------------------------------- Update Information:
Patches for CVE-2017-12156, CVE-2017-12157. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493515 - CVE-2017-12156 CVE-2017-12157 moodle: Multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493515 [ 2 ] Bug #1493516 - CVE-2017-12156 CVE-2017-12157 moodle: Multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493516 --------------------------------------------------------------------------------
================================================================================ mutter-3.24.4-2.fc26 (FEDORA-2017-9bdc9b9379) Window and compositing manager based on Clutter -------------------------------------------------------------------------------- Update Information:
Enable tablet support --------------------------------------------------------------------------------
================================================================================ owncloud-client-2.3.3-2.fc26 (FEDORA-2017-42610e34ed) The ownCloud Client -------------------------------------------------------------------------------- Update Information:
Change to BR python2-sphinx instead of python-sphinx --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Image-2.5.2-1.fc26 (FEDORA-2017-4655504984) Horde Image API -------------------------------------------------------------------------------- Update Information:
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. --------------------------------------------------------------------------------
================================================================================ php-pear-PHP-CodeSniffer-3.1.0-1.fc26 (FEDORA-2017-ee938579e8) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information:
Changelog: - This release includes a change to support newer versions of PHPUnit (versions 4, 5, and 6 are now supported) - The custom PHP_CodeSniffer test runner now requires a bootstrap file - Developers with custom standards using the PHP_CodeSniffer test runner will need to do one of the following: - run your unit tests from the PHP_CodeSniffer root dir so the bootstrap file is included - specify the PHP_CodeSniffer bootstrap file on the command line: phpunit --bootstrap=/path/to/phpcs/tests/bootstrap.php - require the PHP_CodeSniffer bootstrap file from your own bootstrap file - If you don't run PHP_CodeSniffer unit tests, this change will not affect you - Thanks to Juliette Reinders Folmer for the patch - A phpcs.xml or phpcs.xml.dist file now takes precedence over the default_standard config setting - Thanks to Bj��rn Fischer for the patch - Both phpcs.xml and phpcs.xml.dist files can now be prefixed with a dot (request #1566) - The order that the files are searched is: .phpcs.xml, .phpcs.xml.dist, phpcs.xml, phpcs.xml.dist - The autoloader will now search for files during unit tests runs from the same locations as during normal phpcs runs - Allows for easier unit testing of custom standards that use helper classes or custom namespaces - Include patterns for sniffs now use OR logic instead of AND logic -- Previously, a file had to be in each of the include patterns to be processed by a sniff - Now, a file has to only be in at least one of the patterns - This change reflects the original intention of the feature - PHPCS will now follow symlinks under the list of checked directories - This previously only worked if you specified the path to a symlink on the command line - Output from --config-show, --config-set, and --config-delete now includes the path to the loaded config file - PHPCS now cleanly exits if its config file is not readable - Previously, a combination of PHP notices and PHPCS errors would be generated - Comment tokens that start with /** are now always tokenized as docblocks - Thanks to Micha? Bundyra for the patch - The PHP-supplied T_YIELD and T_YIELD_FROM token have been replicated for older PHP versions - Thanks to Micha? Bundyra for the patch - Added new Generic.CodeAnalysis.AssignmentInCondition sniff to warn about variable assignments inside conditions - Thanks to Juliette Reinders Folmer for the contribution - Added Generic.Files.OneObjectStructurePerFile sniff to ensure there is a single class/interface/trait per file - Thanks to Mponos George for the contribution - Function call sniffs now check variable function names and self/static object creation - Specific sniffs are Generic.Functions.FunctionCallArgumentSpacing, PEAR.Functions.FunctionCallSignature, and PSR2.Methods.FunctionCallSignature - Thanks to Micha? Bundyra for the patch - Generic.Files.LineLength can now be configured to ignore all comment lines, no matter their length - Set the ignoreComments property to TRUE (default is FALSE) in your ruleset.xml file to enable this - Thanks to Juliette Reinders Folmer for the patch - Generic.PHP.LowerCaseKeyword now checks self, parent, yield, yield from, and closure (function) keywords - Thanks to Micha? Bundyra for the patch - PEAR.Functions.FunctionDeclaration now removes a blank line if it creates one by moving the curly brace during fixing - Squiz.Commenting.FunctionCommentThrowTag now supports PHP 7.1 multi catch exceptions - Squiz.Formatting.OperatorBracket no longer throws errors for PHP 7.1 multi catch exceptions - Squiz.Commenting.LongConditionClosingComment now supports finally statements - Squiz.Formatting.OperatorBracket now correctly fixes pipe separated flags - Squiz.Formatting.OperatorBracket now correctly fixes statements containing short array syntax - Squiz.PHP.EmbeddedPhp now properly fixes cases where the only content in an embedded PHP block is a comment - Thanks to Juliette Reinders Folmer for the patch - Squiz.WhiteSpace.ControlStructureSpacing now ignores comments when checking blank lines at the top of control structures - Squiz.WhiteSpace.ObjectOperatorSpacing now detects and fixes spaces around double colons - Thanks to Julius ��matavi?ius for the patch - Squiz.WhiteSpace.MemberVarSpacing can now be configured to check any number of blank lines between member vars - Set the spacing property (default is 1) in your ruleset.xml file to set the spacing - Squiz.WhiteSpace.MemberVarSpacing can now be configured to check a different number of blank lines before the first member var - Set the spacingBeforeFirst property (default is 1) in your ruleset.xml file to set the spacing - Added a new PHP_CodeSniffer\Util\Tokens::$ooScopeTokens static member var for quickly checking object scope - Includes T_CLASS, T_ANON_CLASS, T_INTERFACE, and T_TRAIT - Thanks to Juliette Reinders Folmer for the patch - PHP_CodeSniffer\Files\File::findExtendedClassName() now supports extended interfaces - Thanks to Martin Hujer for the patch - Fixed bug #1550 : Squiz.Commenting.FunctionComment false positive when function contains closure - Fixed bug #1577 : Generic.InlineControlStructureSniff breaks with a comment between body and condition in do while loops - Fixed bug #1581 : Sniffs not loaded when one-standard directories are being registered in installed_paths - Fixed bug #1591 : Autoloader failing to load arbitrary files when installed_paths only set via a custom ruleset - Fixed bug #1605 : Squiz.WhiteSpace.OperatorSpacing false positive on unary minus after comment - Thanks to Juliette Reinders Folmer for the patch - Fixed bug #1615 : Uncaught RuntimeException when phpcbf fails to fix files - Fixed bug #1637 : Generic.WhiteSpaceScopeIndent closure argument indenting incorrect with multi- line strings - Fixed bug #1638 : Squiz.WhiteSpace.ScopeClosingBrace closure argument indenting incorrect with multi-line strings - Fixed bug #1640 : Squiz.Strings.DoubleQuoteUsage replaces tabs with spaces when fixing - Thanks to Juliette Reinders Folmer for the patch --------------------------------------------------------------------------------
================================================================================ pkgconf-1.3.9-1.fc26 (FEDORA-2017-11afc3cde9) Package compiler and linker metadata toolkit -------------------------------------------------------------------------------- Update Information:
# Security fixes - fix crash in edge case where a .pc file has misquoting in a fragment list. # Other bug fixes: - fix logic edge case when comparing relocated paths --------------------------------------------------------------------------------
================================================================================ pungi-4.1.19-1.fc26 (FEDORA-2017-5d0014f404) Distribution compose tool -------------------------------------------------------------------------------- Update Information:
* Solving dependencies can now be profiled for better insight into which part takes longest. * DNF backend for solving dependencies now correctly reports unsatisfiable requirements. * Logs contain timezone information. * The filter_packages option now no longer applies to lookaside repositories. * Delta RPMs are no longer created for source and debuginfo repositories. It's also possible to select only some variants or architectures that should get deltas. * Ostree installer can now be created only in an empty variant, which avoid overwriting files generated for netinst. * Multiple image builds in a single variant now no longer overwrite the same configuration file. * When lorax fails (but generates some files anyway), Pungi does not copy these files into the compose anymore as they are likely broken. ---- New upstream release. Main updates: Configuration for making ostrees can be simplified by not having to repeat for each architecture. Arbitrary commands can run after cloning data from Git. This will make it possible to merge comps translations during compose time. Copying files from SCM is now also properly documented. Comps packages that are not found are now logged. This is not a bulletproof solution as some of these are expected to be missing. Allow aborting compose when repoclosure fails. We can now also turn this repoclosure off. Debugsource packages are now handled similarly to debuginfo packages. A warning is issued when parts of configuration are not used due to a variant or an architecture being excluded. DNF gathering backend is fixed to correctly exclude fulltree packages. It can also be used to download packages for initial package set. --------------------------------------------------------------------------------
================================================================================ rakudo-URI-0.1.4-0.1.20170920gite5c8551.fc26 (FEDORA-2017-cd512c45ef) Perl 6 realization of URI -------------------------------------------------------------------------------- Update Information:
add initial build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493521 - Review Request: rakudo-URI - Perl 6 realization of URI https://bugzilla.redhat.com/show_bug.cgi?id=1493521 --------------------------------------------------------------------------------
================================================================================ rubygem-mini_portile2-2.3.0-1.fc26 (FEDORA-2017-f13704beb8) Simplistic port-like solution for developers -------------------------------------------------------------------------------- Update Information:
New version 2.3.0 is released. --------------------------------------------------------------------------------
================================================================================ rubygem-nokogiri-1.8.1-1.fc26 (FEDORA-2017-0e0f97bc5a) An HTML, XML, SAX, and Reader parser -------------------------------------------------------------------------------- Update Information:
New version 1.8.1 is released. --------------------------------------------------------------------------------
================================================================================ samba-4.6.8-0.fc26 (FEDORA-2017-5a0a31c04e) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should https://bugzilla.redhat.com/show_bug.cgi?id=1488400 --------------------------------------------------------------------------------
================================================================================ sscg-2.1.0-1.fc26 (FEDORA-2017-ca4251aa4d) Simple SSL certificate generator -------------------------------------------------------------------------------- Update Information:
Add --email option for issuer identity --------------------------------------------------------------------------------
================================================================================ virt-manager-1.4.3-1.fc26 (FEDORA-2017-3cd15c0e37) Desktop tool for managing virtual machines via libvirt -------------------------------------------------------------------------------- Update Information:
* Rebased to version 1.4.3 * Improve install of debian/ubuntu non-x86 media (Viktor Mihajlovski, Andrew Wong) * New virt-install --graphics listen.* (Pavel Hrdina) * New virt-install --disk snapshot_policy= (Pavel Hrdina) * New virt- install --cpu cache.* (Lin Ma) * Several bug fixes --------------------------------------------------------------------------------
================================================================================ wordpress-4.8.2-1.fc26 (FEDORA-2017-4e01259678) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
Upstream announcement: **WordPress 4.8.2 is now available**. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: * $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we���ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco * A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. * A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). * A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ��������� (Chen Ruiqi). * An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx). * A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team. * A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic). * A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar). Thank you to the reporters of these issues for practicing [responsible disclosure](https://make.wordpress.org/core/handbook/testing /reporting-security-vulnerabilities/). In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the [release notes](https://codex.wordpress.org/Version_4.8.2) or consult the [list of change s](https://core.trac.wordpress.org/query?status=closed&milestone=4.8.2&... ponent&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priori ty&col=keywords&order=priority). Thanks to everyone who contributed to 4.8.2. --------------------------------------------------------------------------------
================================================================================ wxPython-3.0.2.0-20.fc26 (FEDORA-2017-14efee944c) GUI toolkit for the Python programming language -------------------------------------------------------------------------------- Update Information:
Make -devel noarch to resolve issue with conflicting archful pkgs (#1493233) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1493233 - Version conflict of wxPython-devel-3.0.2.0-19.fc26.{x86_64,i686} stops all updates of Fedora 26 https://bugzilla.redhat.com/show_bug.cgi?id=1493233 --------------------------------------------------------------------------------
================================================================================ xorgxrdp-0.2.4-2.fc26 (FEDORA-2017-35d2f7a90a) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information:
xorgxrdp v0.2.4 has been released. This version includes fixes of following issues: - Implement disconnection by xrdp-dis command #51 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1482107 - xrdp Xorg session doesn't start after RHEL 7.3 to 7.4 update due to undefined symbol error https://bugzilla.redhat.com/show_bug.cgi?id=1482107 [ 2 ] Bug #1493328 - xorgxrdp-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493328 --------------------------------------------------------------------------------