Mentor
by pmkellly@frontier.com
Hi I'm Pat (tablepc)
I joined the QA group a few weeks ago and I've been helping out a bit,
but I've concluded I need a mentor. If you would like to do that please
reply.
Have a Great Day!
Pat
6 years
Re: [Test-Announce] Fedora 28 Beta status is GO, release on April
03, 2018
by Adam Williamson
On Thu, 2018-03-29 at 19:18 +0200, Jan Kurik wrote:
> The Fedora 28 Beta RC3 compose [1] is considered as GOLD and is going to be
> shipped live on Tuesday, April 3rd, 2018.
Just so folks now, this means we're shipping Beta-1.3 (RC3) as Beta
final. That decision is now done and irreversible. There's no need to
test Beta-1.1 any more.
It *is* still useful to run any outstanding Beta-1.3 tests, though, as
they feed into Final preparation.
A new nightly validation event will be created sometime soon after Beta
release, and become the 'current' event, then we'll be testing
nightlies again up until Final candidates.
Thanks folks!
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
6 years
Fedora 28 updates-testing report
by updates@fedoraproject.org
The following Fedora 28 Security updates need testing:
Age URL
15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfdad62cd6 wireshark-2.4.5-3.fc28
12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d305559481 mosquitto-1.4.15-1.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb66329dee sqlite-3.22.0-4.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c9f6768cf exempi-2.4.5-1.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1aeac808ce gd-2.2.5-3.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-633acf0ed6 jackson-databind-2.9.4-3.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60ec960104 bchunk-1.2.2-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b13b720a3d php-7.2.4-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5e668e64 thunderbird-52.7.0-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8049b2c488 nodejs-8.11.0-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-75bca4c5a0 drupal7-7.58-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-906ba26b4d drupal8-8.4.6-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-654231f9e7 libtirpc-1.0.3-0.fc28
14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c10274df1 pcre2-10.31-4.fc28
10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-83ed6f8a9a pcre-8.42-1.fc28
10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6019d0a8f0 xfce4-settings-4.12.3-1.fc28
10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-64a05f528d hivex-1.3.15-3.fc28
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-42200bfff3 python-setuptools-39.0.1-1.fc28
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c1670b318 realmd-0.16.3-12.fc28
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-74acab54cf qemu-2.11.1-2.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-00c5193ae8 libpwquality-1.4.0-7.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb196768cd avahi-0.7-10.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb66329dee sqlite-3.22.0-4.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-998509b780 python-asn1crypto-0.24.0-1.fc28 python-cryptography-vectors-2.2.1-1.fc28 python-cryptography-2.2.1-1.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c9f6768cf exempi-2.4.5-1.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-370f1fc201 libX11-1.6.5-7.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a4d0ee124 dnsmasq-2.79-1.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee87d2721 python-pid-2.1.1-7.fc28
5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ea9ace8675 libiscsi-1.18.0-3.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3c9b95a7b readline-7.0-9.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02e145266f gdbm-1.14.1-4.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a95a4a8d8e osinfo-db-20180325-1.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-782412cd18 sgabios-0.20170427git-1.fc28
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-08531132c6 checkpolicy-2.7-7.fc28 libselinux-2.7-13.fc28 libsemanage-2.7-12.fc28 libsepol-2.7-6.fc28 policycoreutils-2.7-17.fc28
3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-543efe8260 SLOF-0.1.git20171214-2.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2dead92f8 appstream-data-28-6.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-93c3715e80 openldap-2.4.46-1.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b709c38412 ppp-2.4.7-18.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-efe2f471f2 satyr-0.25-4.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-09a48963ea bcache-tools-1.0.8-12.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2b3791b2b abrt-2.10.8-2.fc28 bluez-5.49-2.fc28 cryptsetup-2.0.2-2.fc28 device-mapper-multipath-0.7.4-2.git07e7bd5.fc28 fastd-18-9.fc28 filezilla-3.32.0-0.rc1.fc28.1 freeradius-3.0.15-12.fc28 fwts-18.01.00-2.fc28 gdal-2.2.4-2.fc28 gdcm-2.8.4-5.fc28 gfal2-2.15.3-2.fc28 girara-0.2.7-7.fc28 gluster-block-0.3-5.fc28 json-c-0.13.1-1.fc28 lcgdm-dav-0.20.0-2.fc28 libmypaint-1.3.0-7.fc28 libreport-2.9.3-8.fc28 libstorj-1.0.2-5.fc28 libu2f-host-1.1.4-3.fc28 libu2f-server-1.0.1-12.fc28 libverto-jsonrpc-0.1.0-19.fc28 libvmi-0.11.0-13.20170706gite919365.fc28 mypaint-1.2.1-18.fc28 ndctl-59.2-2.fc28 newsbeuter-2.9-9.fc28 openhpi-3.7.0-5.fc28 opensips-2.3.3-3.fc28 postgis-2.4.3-3.fc28 riemann-c-client-1.9.0-10.fc28 strongswan-5.6.2-2.fc28 sway-0.15.1-3.fc28 syslog-ng-3.14.1-4.fc28 systemtap-3.2-8.fc28 tlog-4-3.fc28 zmap-2.1.1-7.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-318a38494a util-linux-2.32-2.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bbffdeb641 kernel-4.16.0-0.rc7.git0.1.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c1484e4cd audit-2.8.3-2.fc28
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-109321c535 tcp_wrappers-7.6-91.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a24ede24b4 publicsuffix-list-20180328-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be5660a0d9 git-2.17.0-0.2.rc2.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1668d86ea9 enca-1.19-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5e668e64 thunderbird-52.7.0-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-87d72fc01e vte291-0.51.3-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1f0ce82941 libreport-2.9.4-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8d801e7eb7 libsolv-0.6.34-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7f1047b24e pygobject3-3.28.2-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
adapta-gtk-theme-3.93.0.220-1.fc28
amarok-2.9.0-1.fc28
ansifilter-2.10-1.fc28
dialog-1.3-13.20171209.fc28
dmlite-1.10.1-3.fc28
dogtag-pki-10.6.0-0.3.fc28
dogtag-pki-theme-10.6.0-0.3.fc28
gap-pkg-guava-3.14-1.fc28
glibc-2.27-8.fc28
gnome-software-3.28.0-5.fc28
highlight-3.42-1.fc28
httpd-2.4.33-1.fc28
ibus-1.5.18-4.fc28
jgoodies-common-1.8.1-1.fc28
krb5-1.16-18.fc28
libid3tag-0.15.1b-27.fc28
libsecret-0.18.6-1.fc28
lollypop-0.9.403-1.fc28
mariadb-10.2.14-1.fc28
mariadb-connector-c-3.0.3-3.fc28
mate-themes-3.22.16-1.fc28
mod_http2-1.10.16-1.fc28
nano-2.9.5-1.fc28
nvml-1.4-3.fc28
openssl-1.1.0h-2.fc28
passwd-0.80-1.fc28
php-zendframework-zend-diactoros-1.7.1-1.fc28
php-zendframework-zend-dom-2.7.0-1.fc28
pki-console-10.6.0-0.3.fc28
pki-core-10.6.0-0.3.fc28
plymouth-0.9.3-5.fc28
podman-0.3.5-1.gitdb6bf9e.fc28
python-social-auth-app-flask-1.0.0-1.fc28
python-social-auth-app-flask-sqlalchemy-1.0.1-1.fc28
python-social-auth-core-1.7.0-1.fc28
python-social-auth-storage-sqlalchemy-1.1.0-1.fc28
python37-3.7.0-0.14.b3.fc28
salt-2017.7.5-1.fc28
selinux-policy-3.14.1-19.fc28
skopeo-0.1.29-1.git7add6fc.fc28
sqlitebrowser-3.10.1-5.fc28
uwsgi-2.0.16-1.fc28
Details about builds:
================================================================================
adapta-gtk-theme-3.93.0.220-1.fc28 (FEDORA-2018-65e1f5c155)
An adaptive Gtk+ theme based on Material Design Guidelines
--------------------------------------------------------------------------------
Update Information:
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1562036 - adapta-gtk-theme-3.93.0.204 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1562036
--------------------------------------------------------------------------------
================================================================================
amarok-2.9.0-1.fc28 (FEDORA-2018-e635906fa4)
Media player
--------------------------------------------------------------------------------
Update Information:
New upstream release, includes many bugfixes and improvements, see also:
https://amarok.kde.org/en/node/888
--------------------------------------------------------------------------------
================================================================================
ansifilter-2.10-1.fc28 (FEDORA-2018-869769d94f)
ANSI terminal escape code converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 2.10 upstream version, fixes rhbz #1552957
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1552957 - ansifilter-2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1552957
--------------------------------------------------------------------------------
================================================================================
dialog-1.3-13.20171209.fc28 (FEDORA-2018-7e2bb6f473)
A utility for creating TTY dialog boxes
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream release and also a fix for building the
package with the latest hardened LDFLAGS.
--------------------------------------------------------------------------------
================================================================================
dmlite-1.10.1-3.fc28 (FEDORA-2018-7ce07c8d2c)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite
1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a
major update to DPM internals including Dome.
--------------------------------------------------------------------------------
================================================================================
dogtag-pki-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284)
Dogtag Public Key Infrastructure (PKI) Suite
--------------------------------------------------------------------------------
Update Information:
Update to PKI 10.6.0 Beta 2
--------------------------------------------------------------------------------
================================================================================
dogtag-pki-theme-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284)
Certificate System - Dogtag PKI Theme Components
--------------------------------------------------------------------------------
Update Information:
Update to PKI 10.6.0 Beta 2
--------------------------------------------------------------------------------
================================================================================
gap-pkg-guava-3.14-1.fc28 (FEDORA-2018-53b2583bef)
Computing with error-correcting codes
--------------------------------------------------------------------------------
Update Information:
Changes in version 3.14: - The external binaries from J. S. Leon and Cen Tjhai
can now be used on all architectures (Unix/Linux, MacOS, and Windows) - The bug
fix for MinimumWeight() from 3.13 was not sufficiently well tested... - The
decoding method for cyclic codes fails in certain situations. We are leaving
this as a known bug for the moment. - A bug fix for MinimumDistanceLeon() from
Alex K. - Lots of clean up of the lib files -- removing old comments, obsolete
version strings, leftovers from CVS, etc. - Constructions were added for several
of the optimal codes in the bounds tables that were referenced in the now
defunct online table by Brouwer and Verhoeff.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1560989 - gap-pkg-guava-v3.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1560989
--------------------------------------------------------------------------------
================================================================================
glibc-2.27-8.fc28 (FEDORA-2018-7da76edc12)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update incorporates various fixes from the upstream glibc 2.27 branch,
including updated locale definitions for `ca_ES` (RHBZ#1546495).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1546495 - ca_ES: update date definitions from CLDR
https://bugzilla.redhat.com/show_bug.cgi?id=1546495
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.28.0-5.fc28 (FEDORA-2018-df398f7390)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
- Fix empty OS Updates showing up - Make rpm-ostree update triggering work
--------------------------------------------------------------------------------
================================================================================
highlight-3.42-1.fc28 (FEDORA-2018-4e6661d114)
Universal source code to formatted text converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 3.42 upstream version
--------------------------------------------------------------------------------
================================================================================
httpd-2.4.33-1.fc28 (FEDORA-2018-6744ca470d)
Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of the Apache HTTP Server,
version 2.4.33. A number of security vulnerabilities are fixed in this release:
* *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) *
*Low*: Possible out of bound access after failure in reading the HTTP request
(CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest
(CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in
the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap
when using too small Accept-Language values (CVE-2017-15710) * *Moderate*:
Tampering of mod_session data for CGI applications (CVE-2018-1283) For more
information about changes in this release, see:
https://www.apache.org/dist/httpd/CHANGES_2.4.33
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1560174 - httpd-2.4.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1560174
[ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560618
[ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560644
[ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560635
[ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560400
[ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560396
[ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560616
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.18-4.fc28 (FEDORA-2018-7442c8ce1c)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
improve order of unicode matches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1554714 - improve order of unicode matches
https://bugzilla.redhat.com/show_bug.cgi?id=1554714
--------------------------------------------------------------------------------
================================================================================
jgoodies-common-1.8.1-1.fc28 (FEDORA-2018-a38eb01a35)
Common library shared by JGoodies libraries and applications
--------------------------------------------------------------------------------
Update Information:
* Marked classes ArrayListModel and LinkedListModel as final. * Replaced files
package.html by package-info.java.
--------------------------------------------------------------------------------
================================================================================
krb5-1.16-18.fc28 (FEDORA-2018-a0cb211d9c)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Fix issue with calling `kdestroy -A` when the ccache is KCM ---- * Enable
SPAKE on clients and servers. In its current form, SPAKE makes brute force
attacks on passwords infeasible and makes Kerberos less reliant on time
synchronization. More information: https://datatracker.ietf.org/doc/draft-ietf-
kitten-krb-spake-preauth/?include_text=1 * Improve protections for internal,
sensitive buffers. * Improve internal hex-encoding/decoding support. ---- -
List preauth types in trace output when known - Add support for pkinit freshness
(rfc8070) - misc bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561917 - kdestroy -A does not work with multiple principals when using KCM
https://bugzilla.redhat.com/show_bug.cgi?id=1561917
[ 2 ] Bug #1540086 - [RFE] make preauth types more descriptive in krb5 trace
https://bugzilla.redhat.com/show_bug.cgi?id=1540086
--------------------------------------------------------------------------------
================================================================================
libid3tag-0.15.1b-27.fc28 (FEDORA-2018-d187b44f75)
ID3 tag manipulation library
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2004-2779 and CVE-2017-11550
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561983 - CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop
https://bugzilla.redhat.com/show_bug.cgi?id=1561983
[ 2 ] Bug #1478934 - CVE-2017-11550 libid3tag: NULL Pointer Dereference in id3_ucs4_length function in ucs4.c
https://bugzilla.redhat.com/show_bug.cgi?id=1478934
--------------------------------------------------------------------------------
================================================================================
libsecret-0.18.6-1.fc28 (FEDORA-2018-5af20cd3ac)
Library for storing and retrieving passwords and other secrets
--------------------------------------------------------------------------------
Update Information:
libsecret 0.18.6 release. * Fix shared key derivation between libsecret and
gnome-keyring [#778357] * Avoid run-time error when gnome-keyring is not
responding [#787391] * Enable cross compilation [#748111] * Port build scripts
to Python 3 [#687637] * Build and test fixes [#767002, #777826, #734630,
#768112] * GI annotation fixes [#785034] * Fix textual typos [#782206, ...] *
Updated translations
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.403-1.fc28 (FEDORA-2018-6a600adbe1)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7
--------------------------------------------------------------------------------
================================================================================
mariadb-10.2.14-1.fc28 (FEDORA-2018-12f271b5a2)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.2.14** Release notes:
https://mariadb.com/kb/en/library/mariadb-10214-release-notes/ Maintainer
Update I do now consider Spider storage engine ready to use in Fedora, as I
was finally able to run its testsuite successfully Upstream Warning
Upgrading from earlier 10.2.x versions is highly recommended for all Galera
users due to bug MDEV-12837 which caused serious stability issues with earlier
versions. See the bug issue page for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561251 - mariadb-10.2.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1561251
--------------------------------------------------------------------------------
================================================================================
mariadb-connector-c-3.0.3-3.fc28 (FEDORA-2018-b161e11f7f)
The MariaDB Native Client library (C driver)
--------------------------------------------------------------------------------
Update Information:
Fix of the plugindir
--------------------------------------------------------------------------------
================================================================================
mate-themes-3.22.16-1.fc28 (FEDORA-2018-cb1b196799)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- update to 3.22.16
--------------------------------------------------------------------------------
================================================================================
mod_http2-1.10.16-1.fc28 (FEDORA-2018-eec13e2e8d)
module implementing HTTP/2 for Apache 2
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of mod_http2, version 1.10.16.
This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was
destroyed after being handled, mod_http2 could have written a NULL pointer
potentially to an already freed memory. The memory pools maintained by the
server make this vulnerabilty hard to trigger in usual configurations, the
reporter and the team could not reproduce it outside debug builds, so it is
classified as low risk.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1561570
[ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560627
--------------------------------------------------------------------------------
================================================================================
nano-2.9.5-1.fc28 (FEDORA-2018-bd7aefcc75)
A small text editor
--------------------------------------------------------------------------------
Update Information:
GNU nano 2.9.5 "Ki��a pada" changes the way the Scroll-Up and Scroll-Down
commands work (M-- and M-+): instead of keeping the cursor in the same screen
position they now keep the cursor in the same text position (if possible). This
version further adds a new color name, "normal", which gives the default
foreground or background color, which is useful when you want to undo some
overzealous painting by earlier syntax regexes.
--------------------------------------------------------------------------------
================================================================================
nvml-1.4-3.fc28 (FEDORA-2018-4f96e400d5)
Persistent Memory Development Kit (former NVML)
--------------------------------------------------------------------------------
Update Information:
update to PMDK version 1.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1539562 - nvml: redhat-rpm-config linker flags not injected into build
https://bugzilla.redhat.com/show_bug.cgi?id=1539562
[ 2 ] Bug #1539564 - nvml: Missing -lpthread for some library links
https://bugzilla.redhat.com/show_bug.cgi?id=1539564
[ 3 ] Bug #1480578 - nvml-1.4-rc4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1480578
--------------------------------------------------------------------------------
================================================================================
openssl-1.1.0h-2.fc28 (FEDORA-2018-49651b2236)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Minor update to version 1.1.0h.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561260 - CVE-2018-0733 openssl: Implementation bug in PA-RISC CRYPTO_memcmp function allows attackers to forge authenticated messages in a reduced number of attempts
https://bugzilla.redhat.com/show_bug.cgi?id=1561260
[ 2 ] Bug #1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1561266
--------------------------------------------------------------------------------
================================================================================
passwd-0.80-1.fc28 (FEDORA-2018-82b50aece6)
An utility for setting or changing passwords using PAM
--------------------------------------------------------------------------------
Update Information:
Update to **passwd-0.80**
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293929 - passwd man page is incomplete
https://bugzilla.redhat.com/show_bug.cgi?id=1293929
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-diactoros-1.7.1-1.fc28 (FEDORA-2018-c433d8f226)
PSR HTTP Message implementations
--------------------------------------------------------------------------------
Update Information:
**Version 1.7.1** - 2018-02-26 * **Changed** -
[#293](https://github.com/zendframework/zend-diactoros/pull/293) updates
`Uri::getHost()` to cast the value via `strtolower()` before returning it.
While this represents a change, it is fixing a bug in our implementation: the
PSR-7 specification for the method, which follows IETF RFC 3986 section 3.2.2,
requires that the host name be normalized to lowercase. * **Fixed** -
[#290](https://github.com/zendframework/zend-diactoros/pull/290) fixes
`Stream::getSize()` such that it checks that the result of `fstat` was
succesful before attempting to return its `size` member; in the case of an
error, it now returns `null`.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-dom-2.7.0-1.fc28 (FEDORA-2018-39557dac3e)
Zend Framework Dom component
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.0** - 2018-03-27 * **Added** -
[#20](https://github.com/zendframework/zend-dom/pull/4) adds support for
attribute selectors that contain spaces, such as `input[value="Marty McFly"]`.
Previously, spaces within the selector value would result in a query per space-
separated word; they now, correctly, result in a single query for the exact
value. - [#19](https://github.com/zendframework/zend-dom/pull/4) adds
support for PHP versions 7.1 and 7.2. - Adds documentation and publishes it
to https://docs.zendframework.com/zend-dom/ * **Removed** -
[#13](https://github.com/zendframework/zend-dom/pull/4) and
[#19](https://github.com/zendframework/zend-dom/pull/4) remove support for PHP
versions prior to 5.6. - [#13](https://github.com/zendframework/zend-
dom/pull/4) and [#19](https://github.com/zendframework/zend-dom/pull/4) remove
support for HHVM.
--------------------------------------------------------------------------------
================================================================================
pki-console-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284)
Certificate System - PKI Console
--------------------------------------------------------------------------------
Update Information:
Update to PKI 10.6.0 Beta 2
--------------------------------------------------------------------------------
================================================================================
pki-core-10.6.0-0.3.fc28 (FEDORA-2018-1270ede284)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
Update to PKI 10.6.0 Beta 2
--------------------------------------------------------------------------------
================================================================================
plymouth-0.9.3-5.fc28 (FEDORA-2018-1d88d843bf)
Graphical Boot Animation and Logger
--------------------------------------------------------------------------------
Update Information:
https://src.fedoraproject.org/rpms/plymouth/c/daa9884553360ae7cf21ecddb30...
931329?branch=master
--------------------------------------------------------------------------------
================================================================================
podman-0.3.5-1.gitdb6bf9e.fc28 (FEDORA-2018-3c6bce4c98)
Manage Pods, Containers and Container Images
--------------------------------------------------------------------------------
Update Information:
Upstream release 0.3.5
--------------------------------------------------------------------------------
================================================================================
python-social-auth-app-flask-1.0.0-1.fc28 (FEDORA-2018-a083d68bda)
The Flask app component of python-social-auth
--------------------------------------------------------------------------------
Update Information:
The initial python-social-auth packages
--------------------------------------------------------------------------------
================================================================================
python-social-auth-app-flask-sqlalchemy-1.0.1-1.fc28 (FEDORA-2018-a083d68bda)
The Flask app component of python-social-auth with SQLAlchemy integration
--------------------------------------------------------------------------------
Update Information:
The initial python-social-auth packages
--------------------------------------------------------------------------------
================================================================================
python-social-auth-core-1.7.0-1.fc28 (FEDORA-2018-a083d68bda)
The core component of the python-social-auth ecosystem
--------------------------------------------------------------------------------
Update Information:
The initial python-social-auth packages
--------------------------------------------------------------------------------
================================================================================
python-social-auth-storage-sqlalchemy-1.1.0-1.fc28 (FEDORA-2018-a083d68bda)
The SQLAlchemy storage component of python-social-auth
--------------------------------------------------------------------------------
Update Information:
The initial python-social-auth packages
--------------------------------------------------------------------------------
================================================================================
python37-3.7.0-0.14.b3.fc28 (FEDORA-2018-53b3891e8d)
Version 3.7 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Update to 3.7.0b3
--------------------------------------------------------------------------------
================================================================================
salt-2017.7.5-1.fc28 (FEDORA-2018-ee16b473ba)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to feature release 2017.7.5-1 for Python 2
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.14.1-19.fc28 (FEDORA-2018-234de0ee13)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1063900
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561304 - SELinux is preventing accounts-daemon from using the 'dac_override' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1561304
[ 2 ] Bug #1561467 - SELinux is preventing abrt-hook-ccpp from using the 'dac_override' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1561467
[ 3 ] Bug #1561053 - SELinux is preventing cockpit-ws read access on cpuinfo
https://bugzilla.redhat.com/show_bug.cgi?id=1561053
--------------------------------------------------------------------------------
================================================================================
skopeo-0.1.29-1.git7add6fc.fc28 (FEDORA-2018-a0399ca7a2)
Inspect Docker images and repositories on registries
--------------------------------------------------------------------------------
Update Information:
docker-archive generates docker legacy compatible images Do not create
$DiffID subdirectories for layers with no configs Ensure the layer IDs in
legacy docker/tarfile metadata are unique docker-archive: repeated layers
are symlinked in the tar file sysregistries: remove all trailing slashes
Improve docker/* error messages Fix failure to make auth directory
Create a new slice in Schema1.UpdateLayerInfos Drop unused
storageImageDestination.{image,systemContext} Load a *storage.Image only
once in storageImageSource Support gzip for docker-archive files Remove
.tar extension from blob and config file names ostree, src: support copy of
compressed layers ostree: re-pull layer if it misses
uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI
conversion Add /etc/containers/certs.d as default certs directory
--------------------------------------------------------------------------------
================================================================================
sqlitebrowser-3.10.1-5.fc28 (FEDORA-2018-66ee458330)
Create, design, and edit SQLite database files
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue where the sqlitebrowser application could not be
minimized when using certain desktop environments, among which gnome shell.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561976 - Unable to minimize and to switch workspaces
https://bugzilla.redhat.com/show_bug.cgi?id=1561976
--------------------------------------------------------------------------------
================================================================================
uwsgi-2.0.16-1.fc28 (FEDORA-2018-81823acb6d)
Fast, self-healing, application container server
--------------------------------------------------------------------------------
Update Information:
- Disable tcp_wrapper support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1518795 - [F28 change] uwsgi should not require tcp_wrappers
https://bugzilla.redhat.com/show_bug.cgi?id=1518795
--------------------------------------------------------------------------------
6 years
Fedora 27 updates-testing report
by updates@fedoraproject.org
The following Fedora 27 Security updates need testing:
Age URL
41 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36 dovecot-2.2.34-1.fc27
23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27
23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27
16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27
12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c2e0a998d acpica-tools-20180209-1.fc27
12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad652798b8 mosquitto-1.4.15-1.fc27
10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-50f0da5d38 tomcat-8.0.50-1.fc27
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-223d8fc52a java-1.8.0-openjdk-aarch32-1.8.0.161-1.180220.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c442aad4dc exempi-2.4.5-1.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f9d3604d6 librelp-1.2.15-1.fc27
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1217b02061 bchunk-1.2.2-1.fc27
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-12f92ff831 php-7.1.16-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ecf73042e3 libuv-1.19.2-1.fc27 nodejs-8.11.0-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-143886fdbd drupal7-7.58-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e6d8c314b drupal8-8.4.6-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e06468b832 libid3tag-0.15.1b-25.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27
16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27
12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55a6726164 PackageKit-1.1.9-2.fc27 gnome-software-3.28.0-4.fc27 libappstream-glib-0.7.7-2.fc27
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-95dac71a1c pcre-8.42-1.fc27
9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e344a6d79b xfce4-settings-4.12.3-1.fc27
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-adbc1da28c pcre2-10.31-4.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c442aad4dc exempi-2.4.5-1.fc27
2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3255279d3d satyr-0.25-2.fc27
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4e2a6c0c93 libtirpc-1.0.3-1.fc27
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7128949eb5 enca-1.19-1.fc27
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-26de7be74c libreport-2.9.3-3.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1858d4d1 passwd-0.80-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6900d92768 publicsuffix-list-20180328-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-13dc9b1bf6 exo-0.12.0-3.fc27 xfce4-screenshooter-1.9.1-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
amarok-2.9.0-1.fc27
ansifilter-2.10-1.fc27
dmlite-1.10.1-3.fc27
highlight-3.42-1.fc27
httpd-2.4.33-1.fc27
jgoodies-common-1.8.1-1.fc27
kernel-4.15.14-300.fc27
krb5-1.15.2-8.fc27
lollypop-0.9.403-1.fc27
mariadb-10.2.14-1.fc27
mate-themes-3.22.16-1.fc27
mod_http2-1.10.16-1.fc27
openssl-1.1.0h-1.fc27
podman-0.3.5-1.gitdb6bf9e.fc27
python-entrypoints-0.2.3-5.fc27
python37-3.7.0-0.14.b3.fc27
salt-2017.7.5-1.fc27
selinux-policy-3.13.1-283.30.fc27
shotwell-0.28.1-1.fc27
skopeo-0.1.29-1.git7add6fc.fc27
sqlitebrowser-3.10.1-5.fc27
Details about builds:
================================================================================
amarok-2.9.0-1.fc27 (FEDORA-2018-3d0fab95b6)
Media player
--------------------------------------------------------------------------------
Update Information:
New upstream release, includes many bugfixes and improvements, see also:
https://amarok.kde.org/en/node/888
--------------------------------------------------------------------------------
================================================================================
ansifilter-2.10-1.fc27 (FEDORA-2018-00436eefa8)
ANSI terminal escape code converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 2.10 upstream version, fixes rhbz #1552957
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1552957 - ansifilter-2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1552957
--------------------------------------------------------------------------------
================================================================================
dmlite-1.10.1-3.fc27 (FEDORA-2018-0658b1d4ef)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
dmlite 1.10 is a major update to DPM internals including Dome. ---- dmlite
1.10 is a major update to DPM internals including Dome. ---- dmlite 1.10 is a
major update to DPM internals including Dome. ---- * new upstream release
--------------------------------------------------------------------------------
================================================================================
highlight-3.42-1.fc27 (FEDORA-2018-7df97ca3e3)
Universal source code to formatted text converter
--------------------------------------------------------------------------------
Update Information:
- Updated to new 3.42 upstream version
--------------------------------------------------------------------------------
================================================================================
httpd-2.4.33-1.fc27 (FEDORA-2018-375e3244b6)
Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of the Apache HTTP Server,
version 2.4.33. A number of security vulnerabilities are fixed in this release:
* *Low*: Possible out of bound read in mod_cache_socache (CVE-2018-1303) *
*Low*: Possible out of bound access after failure in reading the HTTP request
(CVE-2018-1301) * *Low*: Weak Digest auth nonce generation in mod_auth_digest
(CVE-2018-1312) * *Low*: <FilesMatch> bypass with a trailing newline in
the file name (CVE-2017-15715) * *Low*: Out of bound write in mod_authnz_ldap
when using too small Accept-Language values (CVE-2017-15710) * *Moderate*:
Tampering of mod_session data for CGI applications (CVE-2018-1283) For more
information about changes in this release, see:
https://www.apache.org/dist/httpd/CHANGES_2.4.33
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1560174 - httpd-2.4.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1560174
[ 2 ] Bug #1560618 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560618
[ 3 ] Bug #1560644 - CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560644
[ 4 ] Bug #1560635 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560635
[ 5 ] Bug #1560400 - CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560400
[ 6 ] Bug #1560396 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560396
[ 7 ] Bug #1560616 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560616
--------------------------------------------------------------------------------
================================================================================
jgoodies-common-1.8.1-1.fc27 (FEDORA-2018-12b3bd191c)
Common library shared by JGoodies libraries and applications
--------------------------------------------------------------------------------
Update Information:
* Marked classes ArrayListModel and LinkedListModel as final. * Replaced files
package.html by package-info.java.
--------------------------------------------------------------------------------
================================================================================
kernel-4.15.14-300.fc27 (FEDORA-2018-7802740586)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.15.14 update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1558977 - NFS mounts failing when keytab present
https://bugzilla.redhat.com/show_bug.cgi?id=1558977
--------------------------------------------------------------------------------
================================================================================
krb5-1.15.2-8.fc27 (FEDORA-2018-04d2f01b78)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Fix issue with calling `kdestroy -A` when the ccache is KCM
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561917 - kdestroy -A does not work with multiple principals when using KCM
https://bugzilla.redhat.com/show_bug.cgi?id=1561917
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.403-1.fc27 (FEDORA-2018-41027994c7)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.403 ---- - Update lollypop-portal to 0.9.7 ---- Update to
0.9.402 ---- Update to 0.9.401 ---- Update to 0.9.400
--------------------------------------------------------------------------------
================================================================================
mariadb-10.2.14-1.fc27 (FEDORA-2018-dd7f4bd9d5)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.2.14** Release notes:
https://mariadb.com/kb/en/library/mariadb-10214-release-notes/ Maintainer
Update I do now consider Spider storage engine ready to use in Fedora, as I
was finally able to run its testsuite successfully Upstream Warning
Upgrading from earlier 10.2.x versions is highly recommended for all Galera
users due to bug MDEV-12837 which caused serious stability issues with earlier
versions. See the bug issue page for more information.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561251 - mariadb-10.2.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1561251
--------------------------------------------------------------------------------
================================================================================
mate-themes-3.22.16-1.fc27 (FEDORA-2018-f36a0bbffd)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- update to 3.22.16
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1559045 - gtk+ "Foreign drawing" broken under MATE
https://bugzilla.redhat.com/show_bug.cgi?id=1559045
--------------------------------------------------------------------------------
================================================================================
mod_http2-1.10.16-1.fc27 (FEDORA-2018-0a95bff197)
module implementing HTTP/2 for Apache 2
--------------------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of mod_http2, version 1.10.16.
This includes a security fix (CVE-2018-1302): When an HTTP/2 stream was
destroyed after being handled, mod_http2 could have written a NULL pointer
potentially to an already freed memory. The memory pools maintained by the
server make this vulnerabilty hard to trigger in usual configurations, the
reporter and the team could not reproduce it outside debug builds, so it is
classified as low risk.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561570 - CVE-2018-1302 mod_http2: httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1561570
[ 2 ] Bug #1560627 - CVE-2018-1302 httpd: Use-after-free on HTTP/2 stream shutdown [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560627
--------------------------------------------------------------------------------
================================================================================
openssl-1.1.0h-1.fc27 (FEDORA-2018-76afaf1961)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Minor update to version 1.1.0h.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561260 - CVE-2018-0733 openssl: Implementation bug in PA-RISC CRYPTO_memcmp function allows attackers to forge authenticated messages in a reduced number of attempts
https://bugzilla.redhat.com/show_bug.cgi?id=1561260
[ 2 ] Bug #1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1561266
--------------------------------------------------------------------------------
================================================================================
podman-0.3.5-1.gitdb6bf9e.fc27 (FEDORA-2018-fcedb23729)
Manage Pods, Containers and Container Images
--------------------------------------------------------------------------------
Update Information:
Upstream release 0.3.5
--------------------------------------------------------------------------------
================================================================================
python-entrypoints-0.2.3-5.fc27 (FEDORA-2018-13b54a0aba)
Discover and load entry points from installed packages
--------------------------------------------------------------------------------
Update Information:
provide dist-info
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1530098 - entrypoints version issue
https://bugzilla.redhat.com/show_bug.cgi?id=1530098
--------------------------------------------------------------------------------
================================================================================
python37-3.7.0-0.14.b3.fc27 (FEDORA-2018-5462c32db4)
Version 3.7 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Update to 3.7.0b3
--------------------------------------------------------------------------------
================================================================================
salt-2017.7.5-1.fc27 (FEDORA-2018-c4cdd53a52)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to feature release 2017.7.5-1 for Python 2 ---- Update to feature
release 2017.7.4
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.13.1-283.30.fc27 (FEDORA-2018-b3791c3118)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1063903
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561755 - SELinux is preventing sh from 'connectto' accesses on the unix_stream_socket /var/lib/sss/pipes/nss.
https://bugzilla.redhat.com/show_bug.cgi?id=1561755
[ 2 ] Bug #1561295 - SELinux is preventing postmap from read, write access on the chr_file /dev/pts/6.
https://bugzilla.redhat.com/show_bug.cgi?id=1561295
[ 3 ] Bug #1560816 - SELinux is preventing mdadm from 'read' accesses on the blk_file md0p1.
https://bugzilla.redhat.com/show_bug.cgi?id=1560816
[ 4 ] Bug #1501331 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1501331
--------------------------------------------------------------------------------
================================================================================
shotwell-0.28.1-1.fc27 (FEDORA-2018-4a0f4e66af)
A photo organizer for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
shotwell 0.28.1 release, with a number of bug fixes and translation updates
compared to the previous 0.27.x releases in Fedora 27. For details, see
https://mail.gnome.org/archives/ftp-release-list/2018-March/msg00231.html
--------------------------------------------------------------------------------
================================================================================
skopeo-0.1.29-1.git7add6fc.fc27 (FEDORA-2018-e98514e9ae)
Inspect Docker images and repositories on registries
--------------------------------------------------------------------------------
Update Information:
docker-archive generates docker legacy compatible images Do not create
$DiffID subdirectories for layers with no configs Ensure the layer IDs in
legacy docker/tarfile metadata are unique docker-archive: repeated layers
are symlinked in the tar file sysregistries: remove all trailing slashes
Improve docker/* error messages Fix failure to make auth directory
Create a new slice in Schema1.UpdateLayerInfos Drop unused
storageImageDestination.{image,systemContext} Load a *storage.Image only
once in storageImageSource Support gzip for docker-archive files Remove
.tar extension from blob and config file names ostree, src: support copy of
compressed layers ostree: re-pull layer if it misses
uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI
conversion Add /etc/containers/certs.d as default certs directory
--------------------------------------------------------------------------------
================================================================================
sqlitebrowser-3.10.1-5.fc27 (FEDORA-2018-94adafd7b5)
Create, design, and edit SQLite database files
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue where the sqlitebrowser application could not be
minimized when using certain desktop environments, among which gnome shell.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561976 - Unable to minimize and to switch workspaces
https://bugzilla.redhat.com/show_bug.cgi?id=1561976
--------------------------------------------------------------------------------
6 years
Fedora rawhide compose report: 20180330.n.0 changes
by Fedora Rawhide Report
OLD: Fedora-Rawhide-20180329.n.1
NEW: Fedora-Rawhide-20180330.n.0
===== SUMMARY =====
Added images: 4
Dropped images: 1
Added packages: 0
Dropped packages: 2
Upgraded packages: 28
Downgraded packages: 0
Size of added packages: 0 B
Size of dropped packages: 17.83 KiB
Size of upgraded packages: 2.02 GiB
Size of downgraded packages: 0 B
Size change of upgraded packages: -66.15 MiB
Size change of downgraded packages: 0 B
===== ADDED IMAGES =====
Image: AtomicHost raw-xz ppc64le
Path: AtomicHost/ppc64le/images/Fedora-AtomicHost-Rawhide-20180330.n.0.ppc64le.raw.xz
Image: Python_Classroom live x86_64
Path: Labs/x86_64/iso/Fedora-Python-Classroom-Live-x86_64-Rawhide-20180330.n.0.iso
Image: AtomicHost qcow2 ppc64le
Path: AtomicHost/ppc64le/images/Fedora-AtomicHost-Rawhide-20180330.n.0.ppc64le.qcow2
Image: Container_Minimal_Base docker aarch64
Path: Container/aarch64/images/Fedora-Container-Minimal-Base-Rawhide-20180330.n.0.aarch64.tar.xz
===== DROPPED IMAGES =====
Image: Container_Base docker s390x
Path: Container/s390x/images/Fedora-Container-Base-Rawhide-20180329.n.1.s390x.tar.xz
===== ADDED PACKAGES =====
===== DROPPED PACKAGES =====
Package: php-channel-drush-1.3-9.fc28
Summary: Adds pear.drush.org channel to PEAR
RPMs: php-channel-drush
Size: 8.60 KiB
Package: php-channel-symfony2-1.3-9.fc28
Summary: Adds pear.symfony.com channel to PEAR
RPMs: php-channel-symfony2
Size: 9.23 KiB
===== UPGRADED PACKAGES =====
Package: ansifilter-2.10-1.fc29
Old package: ansifilter-2.8-2.fc28
Summary: ANSI terminal escape code converter
RPMs: ansifilter ansifilter-gui
Size: 1.58 MiB
Size change: 26.77 KiB
Changelog:
* Fri Mar 30 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.10-1
- Updated to new 2.10 upstream version, fixes rhbz #1552957
Package: dogtag-pki-10.6.0-0.3.fc29
Old package: dogtag-pki-10.6.0-0.2.fc29
Summary: Dogtag Public Key Infrastructure (PKI) Suite
RPMs: dogtag-pki
Size: 8.73 KiB
Size change: 120 B
Changelog:
* Thu Mar 29 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.0-0.3
- Rebased to PKI 10.6.0 beta2
Package: dogtag-pki-theme-10.6.0-0.3.fc29
Old package: dogtag-pki-theme-10.6.0-0.2.fc29
Summary: Certificate System - Dogtag PKI Theme Components
RPMs: dogtag-pki-console-theme dogtag-pki-server-theme
Size: 370.72 KiB
Size change: 180 B
Changelog:
* Thu Mar 29 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.0-0.3
- Rebased to PKI 10.6.0 beta2
Package: erlang-cache_tab-1.0.13-1.fc29
Old package: erlang-cache_tab-1.0.12-4.fc29
Summary: Erlang cache table application
RPMs: erlang-cache_tab
Size: 392.08 KiB
Size change: -22.88 KiB
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.13-1
- Update to 1.0.13 (#1560116).
- https://github.com/processone/cache_tab/blob/1.0.13/CHANGELOG.md
- Add a debug package.
Package: erlang-eimp-1.0.3-1.fc29
Old package: erlang-eimp-1.0.2-1.fc29
Summary: Erlang Image Manipulation Process
RPMs: erlang-eimp
Size: 403.24 KiB
Size change: 28.98 KiB
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.3-1
- Update to 1.0.3 (#1561272).
Package: erlang-epam-1.0.3-5.fc29
Old package: erlang-epam-1.0.3-5.fc28
Summary: Library for ejabberd for PAM authentication support
RPMs: erlang-epam
Size: 355.97 KiB
Size change: 1.70 KiB
Package: erlang-esip-1.0.22-1.fc29
Old package: erlang-esip-1.0.21-4.fc29
Summary: ProcessOne SIP server component in Erlang
RPMs: erlang-esip
Size: 1.10 MiB
Size change: 1012 B
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.22-1
- Update to 1.0.22 (#1560798).
- https://github.com/processone/esip/blob/1.0.22/CHANGELOG.md
Package: erlang-ezlib-1.0.4-1.fc29
Old package: erlang-ezlib-1.0.3-2.fc28
Summary: Native zlib driver for Erlang
RPMs: erlang-ezlib
Size: 153.52 KiB
Size change: 4.39 KiB
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.4-1
- Update to 1.0.4 (#1559855).
- https://github.com/processone/ezlib/blob/1.0.4/CHANGELOG.md
Package: erlang-fast_yaml-1.0.13-1.fc29
Old package: erlang-fast_yaml-1.0.12-4.fc29
Summary: An Erlang wrapper for libyaml "C" library
RPMs: erlang-fast_yaml
Size: 186.75 KiB
Size change: 5.27 KiB
Changelog:
* Tue Mar 27 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.13-1
- Update to 1.0.13 (#1559643).
- https://github.com/processone/fast_yaml/blob/1.0.13/CHANGELOG.md
Package: erlang-luerl-0.3-1.fc29
Old package: erlang-luerl-0.2-6.fc29
Summary: Lua in Erlang
RPMs: erlang-luerl
Size: 389.06 KiB
Size change: 2.93 KiB
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 0.3-1
- Update to 0.3 (#1560805).
Package: erlang-stun-1.0.21-1.fc29
Old package: erlang-stun-1.0.20-3.fc29
Summary: STUN and TURN library for Erlang / Elixir
RPMs: erlang-stun
Size: 98.98 KiB
Size change: 628 B
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.0.21-1
- Update to 1.0.21 (#1559662).
- https://github.com/processone/stun/blob/1.0.21/CHANGELOG.md
Package: erlang-xmpp-1.1.20-1.fc29
Old package: erlang-xmpp-1.1.19-4.fc29
Summary: Erlang/Elixir XMPP parsing and serialization library
RPMs: erlang-xmpp
Size: 8.72 MiB
Size change: -99.47 KiB
Changelog:
* Thu Mar 29 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 1.1.20-1
- Update to 1.1.20 (#1559664).
- https://github.com/processone/xmpp/blob/1.1.20/CHANGELOG.md
- Provide a debug package.
Package: gap-pkg-carat-2.2.2-1.fc29
Old package: gap-pkg-carat-2.2.1-1.fc29
Summary: GAP interface to CARAT
RPMs: gap-pkg-carat
Size: 180.08 KiB
Size change: 2.38 KiB
Changelog:
* Fri Mar 30 2018 Jerry James <loganjerry(a)gmail.com> - 2.2.2-1
- New upstream version
Package: gap-pkg-guava-3.14-1.fc29
Old package: gap-pkg-guava-3.13.1-7.fc28
Summary: Computing with error-correcting codes
RPMs: gap-pkg-guava
Size: 11.95 MiB
Size change: 67.32 KiB
Changelog:
* Thu Mar 29 2018 Jerry James <loganjerry(a)gmail.com> - 3.14-1
- New upstream version
- Drop upstreamed -bibtex patch
Package: gnome-software-3.28.0-5.fc29
Old package: gnome-software-3.28.0-4.fc29
Summary: A software center for GNOME
RPMs: gnome-software gnome-software-devel gnome-software-editor gnome-software-snap
Size: 29.28 MiB
Size change: 32.97 KiB
Changelog:
* Thu Mar 29 2018 Kalev Lember <klember(a)redhat.com> - 3.28.0-5
- Fix empty OS Updates showing up
- Make rpm-ostree update triggering work
Package: ibus-1.5.18-4.fc29
Old package: ibus-1.5.18-3.fc29
Summary: Intelligent Input Bus for Linux OS
RPMs: ibus ibus-devel ibus-devel-docs ibus-gtk2 ibus-gtk3 ibus-libs ibus-py2override ibus-pygtk2 ibus-setup ibus-wayland
Size: 44.34 MiB
Size change: 8.53 KiB
Changelog:
* Fri Mar 30 2018 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.18-4
- Fixed Bug 1554714 - improve order of unicode matches
Package: java-1.8.0-openjdk-1:1.8.0.162-4.b12.fc29
Old package: java-1.8.0-openjdk-1:1.8.0.161-9.b14.fc29
Summary: OpenJDK Runtime Environment
RPMs: java-1.8.0-openjdk java-1.8.0-openjdk-accessibility java-1.8.0-openjdk-accessibility-debug java-1.8.0-openjdk-debug java-1.8.0-openjdk-demo java-1.8.0-openjdk-demo-debug java-1.8.0-openjdk-devel java-1.8.0-openjdk-devel-debug java-1.8.0-openjdk-headless java-1.8.0-openjdk-headless-debug java-1.8.0-openjdk-javadoc java-1.8.0-openjdk-javadoc-debug java-1.8.0-openjdk-javadoc-zip java-1.8.0-openjdk-javadoc-zip-debug java-1.8.0-openjdk-openjfx java-1.8.0-openjdk-openjfx-debug java-1.8.0-openjdk-openjfx-devel java-1.8.0-openjdk-openjfx-devel-debug java-1.8.0-openjdk-src java-1.8.0-openjdk-src-debug
Size: 1.13 GiB
Size change: 3.65 MiB
Changelog:
* Wed Mar 21 2018 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.162-1.b12
- Update to aarch64-jdk8u162-b12 and aarch64-shenandoah-jdk8u162-b12.
- Remove upstreamed patches for 8181055/PR3394/RH1448880,
- 8181419/PR3413/RH1463144, 8145913/PR3466/RH1498309,
- 8168318/PR3466/RH1498320, 8170328/PR3466/RR1498321 and
- 8181810/PR3466/RH1498319.
* Mon Mar 26 2018 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.162-2.b12
- Added patch 540 rhbz1548475-LDFLAGSusage.patch to honor build flags fully
* Thu Mar 29 2018 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.162-3.b12
- returned patch562 rhbz_1540242.patch
- added Patch563 rhbz_1536622-JDK8197429-jdk8.patch
* Thu Mar 29 2018 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.162-4.b12
- added experimental %define _find_debuginfo_opts -g
- in attempt to fix https://bugzilla.redhat.com/show_bug.cgi?id=1520879
- no idea what will come out
Package: libalkimia-7.0.1-3.fc29
Old package: libalkimia-7.0.1-2.fc29
Summary: Financial library
RPMs: libalkimia libalkimia-devel libalkimia-doc libalkimia-qt5 libalkimia-qt5-devel
Size: 909.09 KiB
Size change: 4.91 KiB
Changelog:
* Thu Mar 29 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 7.0.1-3
- -qt4: make kde4 kmymoney buildable again
- -qt4: use gmp unconditionally (as previous alkimia v5 used gmp)
Package: libguestfs-1:1.39.2-2.fc29
Old package: libguestfs-1:1.39.2-1.fc29
Summary: Access and modify virtual machine disk images
RPMs: erlang-libguestfs libguestfs libguestfs-bash-completion libguestfs-benchmarking libguestfs-devel libguestfs-forensics libguestfs-gfs2 libguestfs-gobject libguestfs-gobject-devel libguestfs-hfsplus libguestfs-inspect-icons libguestfs-java libguestfs-java-devel libguestfs-javadoc libguestfs-jfs libguestfs-man-pages-ja libguestfs-man-pages-uk libguestfs-nilfs libguestfs-reiserfs libguestfs-rescue libguestfs-rsync libguestfs-tools libguestfs-tools-c libguestfs-ufs libguestfs-xfs libguestfs-zfs lua-guestfs ocaml-libguestfs ocaml-libguestfs-devel perl-Sys-Guestfs php-libguestfs python2-libguestfs python3-libguestfs ruby-libguestfs virt-dib virt-p2v-maker virt-v2v
Size: 100.69 MiB
Size change: 25.06 KiB
Changelog:
* Thu Mar 29 2018 Richard W.M. Jones <rjones(a)redhat.com> - 1:1.39.2-2
- Add patch to fix detection of qemu mandatory locking.
Package: libomp-6.0.0-2.fc29
Old package: libomp-6.0.0-1.fc29
Summary: OpenMP runtime for clang
RPMs: libomp libomp-devel
Size: 1.78 MiB
Size change: 23.36 KiB
Changelog:
* Wed Mar 28 2018 Tom Stellard <tstellar(a)redhat.com> - 6.0.0-2
- Enable libomptarget plugins
Package: libsecret-0.18.6-1.fc29
Old package: libsecret-0.18.5-7.fc28
Summary: Library for storing and retrieving passwords and other secrets
RPMs: libsecret libsecret-devel
Size: 1.75 MiB
Size change: -1.79 KiB
Changelog:
* Thu Mar 29 2018 Kalev Lember <klember(a)redhat.com> - 0.18.6-1
- Update to 0.18.6
- Use valgrind_arches macro instead of hardcoding valgrind arch list
Package: php-composer-ca-bundle-1.1.1-1.fc29
Old package: php-composer-ca-bundle-1.1.0-2.fc28
Summary: Lets you find a path to the system CA
RPMs: php-composer-ca-bundle
Size: 16.41 KiB
Size change: 200 B
Changelog:
* Fri Mar 30 2018 Remi Collet <remi(a)remirepo.net> - 1.1.1-1
- update to 1.1.1 (no change)
- use range dependencies on F27+
- use phpunit6 on F27+
Package: pki-console-10.6.0-0.3.fc29
Old package: pki-console-10.6.0-0.2.fc29
Summary: Certificate System - PKI Console
RPMs: pki-console
Size: 1.15 MiB
Size change: 1.25 KiB
Changelog:
* Thu Mar 29 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.0-0.3
- Rebased to PKI 10.6.0 beta2
Package: pki-core-10.6.0-0.3.fc29
Old package: pki-core-10.6.0-0.2.fc29
Summary: Certificate System - PKI Core Components
RPMs: pki-base pki-base-java pki-ca pki-javadoc pki-kra pki-ocsp pki-server pki-symkey pki-tks pki-tools pki-tps python2-pki python3-pki
Size: 16.40 MiB
Size change: 75.05 KiB
Changelog:
* Thu Mar 29 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.0-0.3
- Iryna Shcherbina <ishcherb(a)redhat.com>: Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
- Rebased to PKI 10.6.0 beta2
Package: python3-3.6.5-1.fc29
Old package: python3-3.6.4-20.fc29
Summary: Interpreter of the Python programming language
RPMs: python3 python3-debug python3-devel python3-idle python3-libs python3-test python3-tkinter
Size: 143.16 MiB
Size change: -164.45 KiB
Changelog:
* Thu Mar 29 2018 Charalampos Stratakis <cstratak(a)redhat.com> - 3.6.5-1
- Update to 3.6.5
Package: python37-3.7.0-0.14.b3.fc29
Old package: python37-3.7.0-0.13.b2.fc29
Summary: Version 3.7 of the Python interpreter
RPMs: python37
Size: 133.98 MiB
Size change: 643.66 KiB
Changelog:
* Thu Mar 29 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.7.0-0.14.b3
- Update to 3.7.0b3
Package: rust-1.25.0-1.fc29
Old package: rust-1.24.1-1.fc29
Summary: The Rust Programming Language
RPMs: rust rust-debugger-common rust-doc rust-gdb rust-lldb rust-src rust-std-static rustfmt-preview
Added RPMs: rustfmt-preview
Size: 401.94 MiB
Size change: -70.55 MiB
Changelog:
* Thu Mar 29 2018 Josh Stone <jistone(a)redhat.com> - 1.25.0-1
- Update to 1.25.0.
Package: salt-2017.7.5-1.fc29
Old package: salt-2017.7.4-1.fc29
Summary: A parallel remote execution system
RPMs: salt salt-api salt-cloud salt-master salt-minion salt-ssh salt-syndic
Size: 10.15 MiB
Size change: 95.51 KiB
Changelog:
* Tue Mar 27 2018 SaltStack Packaging Team <packaging(a)saltstack.com> - 2017.7.5-1
- Update to feature release 2017.7.5-1 for Python 2
===== DOWNGRADED PACKAGES =====
6 years