The following Fedora 28 Security updates need testing: Age URL 291 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 240 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 239 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 115 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 46 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 43 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b tomcat-8.5.35-1.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b44528ff1 nagios-4.4.3-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c1be924df gvfs-1.36.2-3.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-901feba171 docker-1.13.1-63.git1185cfd.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-723711c645 docker-latest-1.13.1-40.git1185cfd.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fbd2bad9f9 wireshark-2.6.6-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-40f4af0687 poppler-0.62.0-14.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-077cd6f168 moodle-3.4.7-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 67 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 46 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e highlight-3.48-1.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1c1cd19344 pcre-8.42-6.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-637e5c7a74 pcre2-10.32-5.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2bd43510d5 pungi-4.1.32-3.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8a902b473 selinux-policy-3.14.1-51.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0956d60ffd krb5-1.16.1-25.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ad550b301 glusterfs-4.1.7-2.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-031b192323 gnome-online-accounts-3.28.1-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0335b44dbc lorax-28.25-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c1be924df gvfs-1.36.2-3.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e1cc4fe99 pango-1.42.4-2.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-870e8d8234 osinfo-db-20190120-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-69bc69ce0b appstream-data-28-12.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ffb6dfc8a9 p11-kit-0.23.15-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-40f4af0687 poppler-0.62.0-14.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-83a19b396a mingw-libwebp-1.0.2-1.fc28 libwebp-1.0.2-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1ea282e58d linux-firmware-20190118-91.gita8b75cac.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8e6f259a6e kernel-headers-4.20.4-100.fc28 kernel-4.20.4-100.fc28 kernel-tools-4.20.3-100.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9c4843d39 volume_key-0.3.12-2.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8ae6a68d7b fwupd-1.2.3-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-752f205a3a python-productmd-1.19-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8a8196e1e1 vim-8.1.818-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
argbash-2.8.0-1.fc28 golang-1.10.8-1.fc28 gtk2-2.24.32-4.fc28 libmodulemd-2.1.0-1.fc28 numix-icon-theme-circle-0.1.0-19.20190124.gitda33f8b.fc28 numix-icon-theme-square-0.1.0-4.20190124.gitb37c7e4.fc28 openbabel-2.4.1-12.fc28 paprefs-1.1-1.fc28 radvd-2.17-12.fc28
Details about builds:
================================================================================ argbash-2.8.0-1.fc28 (FEDORA-2019-6d4f176eba) Bash argument parsing code generator -------------------------------------------------------------------------------- Update Information:
Update to argbash 2.8.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Stephen Gallagher sgallagh@redhat.com - 2.8.0-1 - Update to 2.8.0 - New features: * Allow argbash and argbash-init to be run from symbolic links. * Allow scripts generated by argbash-init with complete separation (-s -s) to be run from a symbolic link. * Implemented output to generate manpages using the rst2man utility * Introduced the ARG_VERSION_AUTO macro. - Bugfixes: * Double quotes in help messages are escaped (fixes #61). * Fixed regression that allowed duplicate short options (fixes #58). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669789 - argbash-2.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1669789 --------------------------------------------------------------------------------
================================================================================ golang-1.10.8-1.fc28 (FEDORA-2019-6cf96757fe) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2019-6486 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Jakub ��ajka jcajka@redhat.com - 1.10.8-1 - Rebase to 1.10.8 - Fix for CVE-2019-6486 - Resolves: BZ#1668973 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1668972 - CVE-2019-6486 golang: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1668972 --------------------------------------------------------------------------------
================================================================================ gtk2-2.24.32-4.fc28 (FEDORA-2019-d9c73a4f66) GTK+ graphical user interface library -------------------------------------------------------------------------------- Update Information:
This update backports two bug fixes from upstream, fixing: - calendar: Use the new "%OB" format if supported - Fix compiler warnings with GCC 8.1 in projects using gtk+ -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Kalev Lember klember@redhat.com - 2.24.32-4 - Backport two fixes from upstream (#1669768) - calendar: Use the new "%OB" format if supported - Fix compiler warnings with GCC 8.1 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.24.32-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669768 - Pull some upstream patches https://bugzilla.redhat.com/show_bug.cgi?id=1669768 --------------------------------------------------------------------------------
================================================================================ libmodulemd-2.1.0-1.fc28 (FEDORA-2019-1e79a2acad) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information:
- Update to libmodulemd 2.1.0 and 1.8.2 - Drop upstreamed patches - Add new API ModuleStream.depends_on_stream() and ModuleStream.build_depends_on_stream() to help support auto-detection of when a module stream may need to be rebuilt when its dependencies change. - Don't fail merges when default streams differ, treat it as "no default for this module" - Fix error message - Copy modified value when copying Modulemd.Defaults objects - Fixes discovered by clang and coverity static analysis tools - Test improvements -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 26 2019 Stephen Gallagher sgallagh@redhat.com - 2.1.0-1 - Update to libmodulemd 2.1.0 and 1.8.2 - Drop upstreamed patches - Add new API ModuleStream.depends_on_stream() and ModuleStream.build_depends_on_stream() to help support auto-detection of when a module stream may need to be rebuilt when its dependencies change. - Don't fail merges when default streams differ, treat it as "no default for this module" - Fix error message - Copy modified value when copying Modulemd.Defaults objects - Fixes discovered by clang and coverity static analysis tools - Test improvements * Fri Jan 11 2019 Stephen Gallagher sgallagh@redhat.com - 2.0.0-3 - Fix ordering issue with dependencies - Use glib2 suppression file when running valgrind tests * Fri Jan 11 2019 Stephen Gallagher sgallagh@redhat.com - 2.0.0-2 - Fix issue reading modified value for defaults from YAML streams * Thu Dec 13 2018 Stephen Gallagher sgallagh@redhat.com - 2.0.0-1 - Update to 2.0.0 final - Assorted fixes for validation - Add modulemd-validator tool based on v2 code - Fix a crash when merging defaults * Tue Dec 11 2018 Stephen Gallagher sgallagh@redhat.com - 2.0.0-0.beta2 - Update to 2.0.0beta2 - Better validation of stored content during read and write operations - ModuleIndex now returns FALSE if any subdocument fails - Fix tests on 32-bit platforms - Make unknown keys in YAML maps non-fatal for libmodulemd1 - Make unknown keys in YAML maps optionally fatal for libmodulemd 2.x - Fix RPM version requirements for libmodulemd1 * Mon Dec 10 2018 Stephen Gallagher sgallagh@redhat.com - 2.0.0-0.beta1 - Update to 2.0.0beta1 - Total rewrite to 2.0 API - https://sgallagh.fedorapeople.org/docs/libmodulemd/2.0/ --------------------------------------------------------------------------------
================================================================================ numix-icon-theme-circle-0.1.0-19.20190124.gitda33f8b.fc28 (FEDORA-2019-7411f4427b) Numix Project circle icon theme -------------------------------------------------------------------------------- Update Information:
Update to release 19.01.24 ---- Update the release 18.12.01 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Brendan Early mymindstorm1@gmail.com - 0.1.0-19.20190124.gitda33f8b - Update to release 19.01.24 * Fri Jan 18 2019 Brendan Early mymindstorm1@gmail.com - 0.1.0-18.20181201.git085899f - Update to release 18.12.01 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669279 - numix-icon-theme-circle-19.01.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1669279 --------------------------------------------------------------------------------
================================================================================ numix-icon-theme-square-0.1.0-4.20190124.gitb37c7e4.fc28 (FEDORA-2019-f71f6affff) Numix Project square icon theme -------------------------------------------------------------------------------- Update Information:
Update to release 19.01.24 ---- Update the release 18.12.01 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Brendan Early mymindstorm1@gmail.com - 0.1.0-4.20190124.gitb37c7e4 - Update to release 19.01.24 * Fri Jan 18 2019 Brendan Early mymindstorm1@gmail.com - 0.1.0-3.20181201.git70711c2 - Update to release 18.12.01 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669280 - numix-icon-theme-square-19.01.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1669280 --------------------------------------------------------------------------------
================================================================================ openbabel-2.4.1-12.fc28 (FEDORA-2019-2ec314ac84) Chemistry software file format converter -------------------------------------------------------------------------------- Update Information:
Fix library path in pkg-config file in the devel package. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Dominik Mierzejewski rpm@greysector.net - 2.4.1-12 - Fix path to libdir in .pc (#1669664) - Use https for URL: * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 2.4.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669664 - Wrong pkgconfig file https://bugzilla.redhat.com/show_bug.cgi?id=1669664 --------------------------------------------------------------------------------
================================================================================ paprefs-1.1-1.fc28 (FEDORA-2019-6578828f95) Management tool for PulseAudio -------------------------------------------------------------------------------- Update Information:
An update to the latest upstream release: * https://freedesktop.org/software/pulseaudio/paprefs/#news -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Julian Sikorski belegdol@fedoraproject.org - 1.1-1 - Update to 1.1 - Drop upstreamed patch - Drop dbus-glib BuildRequires -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669432 - paprefs-1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1669432 --------------------------------------------------------------------------------
================================================================================ radvd-2.17-12.fc28 (FEDORA-2019-333a7aa511) A Router Advertisement daemon -------------------------------------------------------------------------------- Update Information:
Fix double-free in InterfaceList ---- Depends on network-online target (#1652459) -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 27 2019 Pavel Zhukov pzhukov@redhat.com - 2.17-12 - Fix double-free in InterfaceList * Tue Nov 27 2018 Pavel Zhukov pzhukov@redhat.com - 2.17-11 - Depends on network-online target (#1652459) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1669297 - radvd: Use After Free in case of misconfiguration https://bugzilla.redhat.com/show_bug.cgi?id=1669297 --------------------------------------------------------------------------------