The following Fedora 28 Security updates need testing:
Age URL
309
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
258
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
257
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
133
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
85
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
85
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
64
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28
61
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b
tomcat-8.5.35-1.fc28
33
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e
systemd-238-11.gita76ee90.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6cf96757fe
golang-1.10.8-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d
spice-0.14.0-5.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1cf31e58f
thunderbird-60.5.0-4.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3f9a71578d
java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-82acb29c1b
ghostscript-9.26-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-710afd062a
gsi-openssh-7.8p1-3.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a16e1127d3
python-markdown2-2.3.7-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8cbe2a05cd
mosquitto-1.5.6-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-75ee9101ea
netmask-2.4.4-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8e683d3810
kf5-kauth-5.54.0-2.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-829524f28f
moby-engine-18.06.0-2.ce.git0ffa825.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e
flatpak-1.0.7-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-31e6f6e545
rubygem-activejob-5.1.5-2.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-02e13cb1a8
libexif-0.6.21-19.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c602845b91 nss-3.42.1-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5c54d58073
webkit2gtk3-2.22.6-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-963ea958f9
runc-1.0.0-68.dev.git6635b4f.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f455ef79b8
docker-1.13.1-65.git1185cfd.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61
kernel-headers-4.20.8-100.fc28 kernel-4.20.8-100.fc28 kernel-tools-4.20.8-100.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
85
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
64
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b
nfs-utils-2.3.3-1.rc2.fc28
55
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e
highlight-3.48-1.fc28
33
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e
systemd-238-11.gita76ee90.fc28
28
https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c
totem-pl-parser-3.26.2-1.fc28
24
https://bodhi.fedoraproject.org/updates/FEDORA-2019-870e8d8234
osinfo-db-20190120-1.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9c4843d39
volume_key-0.3.12-2.fc28
20
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485
ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28
14
https://bodhi.fedoraproject.org/updates/FEDORA-2019-2735cb18d8 lorax-28.26-1.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef
iproute-4.20.0-1.fc28
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-67c405c3d8
hwdata-0.320-1.fc28
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-856b9ada37
selinux-policy-3.14.1-53.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4ab744e2bc
firefox-65.0-4.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d
spice-0.14.0-5.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f6fcc53d28
libidn2-2.1.1a-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5db0dc40c
nss-pem-1.0.5-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b9a64e04c4
polkit-0.115-2.2.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1cf31e58f
thunderbird-60.5.0-4.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-df5f3b0bb2
gnome-online-accounts-3.28.2-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e
flatpak-1.0.7-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4855c4d486
curl-7.59.0-10.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d70bc2e1c8 samba-4.8.9-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c602845b91 nss-3.42.1-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-02e13cb1a8
libexif-0.6.21-19.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61
kernel-headers-4.20.8-100.fc28 kernel-4.20.8-100.fc28 kernel-tools-4.20.8-100.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-dc66cd245f
pungi-4.1.33-1.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-069924b60e vim-8.1.897-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
R-stringi-1.3.1-1.fc28
buildstream-1.2.4-1.fc28
goldendict-1.5-0.19.RC2.fc28
linux-firmware-20190213-93.git710963fe.fc28
lynis-2.7.1-1.fc28
mgetty-1.1.37-10.fc28
pspg-1.6.3-3.fc28
python-pykwalify-1.7.0-1.fc28
sphinx-2.2.11-11.fc28
standard-test-roles-3.1-1.fc28
subversion-api-docs-1.11.1-1.fc28
vultr-1.15.0-2.fc28
Details about builds:
================================================================================
R-stringi-1.3.1-1.fc28 (FEDORA-2019-4c4143e194)
Character String Processing Facilities
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 13 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.3.1-1
- Update to latest version
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1606939 - R-stringi-1.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1606939
--------------------------------------------------------------------------------
================================================================================
buildstream-1.2.4-1.fc28 (FEDORA-2019-75e0431626)
Build/integrate software stacks
--------------------------------------------------------------------------------
Update Information:
* Migration of scripts to use tox * Force updating tags when fetching from git
repos ([#812](https://gitlab.com/BuildStream/buildstream/issues/812)) * Avoid
downloading unused submodules
([#804](https://gitlab.com/BuildStream/buildstream/issues/804)) * Fixed cleanup
of cache server with disk is full
([#609](https://gitlab.com/BuildStream/buildstream/issues/609)) * Fixed possible
artifact cache corruption
([#749](https://gitlab.com/BuildStream/buildstream/issues/749)) * Fixed `bst
checkout --deps none` behavior
([#670](https://gitlab.com/BuildStream/buildstream/issues/670))
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Mathieu Bridon <bochecha(a)daitauha.fr> - 1.2.4-1
- Update to the latest upstream release.
--------------------------------------------------------------------------------
================================================================================
goldendict-1.5-0.19.RC2.fc28 (FEDORA-2019-e143e7ddca)
A feature-rich dictionary lookup program
--------------------------------------------------------------------------------
Update Information:
- Switched to Qt5 to fix major issues with HiDPI displays. - Moved to latest
snapshot to resolve issues with latest GCC compiler versions. - Major SPEC
cleanup.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Mosaab Alzoubi <moceap(a)hotmail.com> - 1.5-0.20.RC2
- Cant build on s390x check koji #1210158
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.5-0.19.RC2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jan 26 2019 Mosaab Alzoubi <moceap(a)hotmail.com> - 1.5-0.18.RC2
- TRY TO FIX
https://koji.fedoraproject.org/koji/taskinfo?taskID=32260066
* Mon Sep 24 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1.5-0.17.RC2
- Switched to Qt5 to fix major issues with HiDPI displays.
- Moved to latest snapshot to resolve issues with latest GCC compiler versions.
- Major SPEC cleanup.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.5-0.16.RC2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1338571 - Not owrking
https://bugzilla.redhat.com/show_bug.cgi?id=1338571
[ 2 ] Bug #1594569 - Update Goldendict from GIT (Qt4 deprecation->Qt5)
https://bugzilla.redhat.com/show_bug.cgi?id=1594569
[ 3 ] Bug #1572681 - [abrt] goldendict: std::__replacement_assert(): goldendict killed
by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1572681
[ 4 ] Bug #1667084 - Switch to Qt5 to fix major issues with HiDPI displays
https://bugzilla.redhat.com/show_bug.cgi?id=1667084
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20190213-93.git710963fe.fc28 (FEDORA-2019-f27089e66c)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
* ath10k updates for QCA6174/QCA9888/QCA988X/QCA9984 * Marvell updates for
SD8977/SD8897-B0/PCIe-USB8997 * amdgpu: add firmware for vega20 from 18.50 *
nvidia: add TU10x typec controller firmware * bnx2x: Add FW 7.13.11.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Peter Robinson <pbrobinson(a)fedoraproject.org>
20190213-93.git710963fe
- ath10k updates for QCA6174/QCA9888/QCA988X/QCA9984
- Marvell updates for SD8977/SD8897-B0/PCIe-USB8997
- amdgpu: add firmware for vega20 from 18.50
- nvidia: add TU10x typec controller firmware
- bnx2x: Add FW 7.13.11.0
* Thu Feb 7 2019 Peter Robinson <pbrobinson(a)fedoraproject.org>
20190118-92.gita8b75cac
- Split out LiquidIO and Netronome firmware to their own package
- Ship just one copy of WHENCE
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435816 - Crash on standby / Wifi disconnect on Surface Book
https://bugzilla.redhat.com/show_bug.cgi?id=1435816
[ 2 ] Bug #1507273 - Marvell AVASTAR Wireless-AC fails initialization, loses entire
connectivity after few minutes
https://bugzilla.redhat.com/show_bug.cgi?id=1507273
[ 3 ] Bug #1560973 - ath10k_pci firmware crash
https://bugzilla.redhat.com/show_bug.cgi?id=1560973
[ 4 ] Bug #1622362 - missing brcmfmac43430a0_sdio.txt file (and manual workaround)
https://bugzilla.redhat.com/show_bug.cgi?id=1622362
[ 5 ] Bug #1651779 - Surface Go - QCA6174 wifi card not correctly recognized and
therefore not working
https://bugzilla.redhat.com/show_bug.cgi?id=1651779
[ 6 ] Bug #1663634 - QCA6174 ath10k_pci firmware issue
https://bugzilla.redhat.com/show_bug.cgi?id=1663634
[ 7 ] Bug #1669051 - amdgpu can't load polaris10_mc.bin on kernel 4.20.3-200.fc29
https://bugzilla.redhat.com/show_bug.cgi?id=1669051
--------------------------------------------------------------------------------
================================================================================
lynis-2.7.1-1.fc28 (FEDORA-2019-aa788a5aed)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
2.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Gwyn Ciesla <gwync(a)protonmail.com> - 2.7.1-1
- 2.7.1
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1671425 - lynis-2.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1671425
--------------------------------------------------------------------------------
================================================================================
mgetty-1.1.37-10.fc28 (FEDORA-2019-3d38ab031e)
A getty replacement for use with data and fax modems
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-16741,CVE-2018-16744,CVE-2018-16745
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Tomas Korbar <tkorbar(a)redhat.com> - 1.1.37-10
- Fix possible command injection in fax/faxq-helper.c (bug #1628755)
- CVE-2018-16741
* Thu Feb 14 2019 Tomas Korbar <tkorbar(a)redhat.com> - 1.1.37-9
- Fix multiple security problems in faxrec.c
- Possible Command injection in faxrec.c (bug #1629976)
- CVE-2018-16744
- Stack-based buffer overflow in fax_notify_mail() in faxrec.c (bug #1629980)
- CVE-2018-16745
* Thu Feb 14 2019 Tomas Korbar <tkorbar(a)redhat.com> - 1.1.37-8
- Fix Out-of-bound access in putwhitespan() function g3/g32pbm.c
- bug #1629986
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1628754 - CVE-2018-16741 mgetty: command injection in faxrunq
https://bugzilla.redhat.com/show_bug.cgi?id=1628754
[ 2 ] Bug #1629975 - CVE-2018-16744 mgetty: Command injection in faxrec.c
https://bugzilla.redhat.com/show_bug.cgi?id=1629975
[ 3 ] Bug #1629979 - CVE-2018-16745 mgetty: Stack-based buffer overflow in
fax_notify_mail() in faxrec.c
https://bugzilla.redhat.com/show_bug.cgi?id=1629979
[ 4 ] Bug #1629985 - mgetty: Out-of-bound access in putwhitespan() function g3/g32pbm.c
https://bugzilla.redhat.com/show_bug.cgi?id=1629985
--------------------------------------------------------------------------------
================================================================================
pspg-1.6.3-3.fc28 (FEDORA-2019-f5f5534c70)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
A unix pager optimized for psql
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1677259 - Review Request: pspg - A unix pager optimized for psql
https://bugzilla.redhat.com/show_bug.cgi?id=1677259
--------------------------------------------------------------------------------
================================================================================
python-pykwalify-1.7.0-1.fc28 (FEDORA-2019-5fe6c5cd78)
Python lib/cli for JSON/YAML schema validation
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.7.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 13 2019 Marek Goldmann <mgoldman(a)redhat.com> - 1.7.0-1
- Release 1.7.0
- Update url to fetch source from GitHub
- Drop strict version requirements in requirements.txt
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.5.1-8
- Rebuilt for Python 3.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1635216 - [abrt] python3-pykwalify: resolve():
__init__.py:781:resolve:pkg_resources.DistributionNotFound: The
'python-dateutil==2.4.2' distribution was not found and is required by pykwalify
https://bugzilla.redhat.com/show_bug.cgi?id=1635216
[ 2 ] Bug #1658365 - Initiating unresponsive maintainer process (Per FESCo policy)
https://bugzilla.redhat.com/show_bug.cgi?id=1658365
[ 3 ] Bug #1597149 - python-pykwalify-1.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1597149
--------------------------------------------------------------------------------
================================================================================
sphinx-2.2.11-11.fc28 (FEDORA-2019-fa9cc57659)
Free open-source SQL full-text search engine
--------------------------------------------------------------------------------
Update Information:
Revert incorrect use of _tmpfiledir
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Orion Poplawski <orion(a)nwra.com> - 2.2.11-11
- Revert incorrect use of _tmpfiledir rhbx#1551735
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.11-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 20 2018 Ben Cotton <bcotton(a)fedoraproject.org> - 2.2.11-9
- Fix FTBFS rhbz#1606397
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.11-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1551735 - sphinx: strange directories under /usr/lib/tmpfiles.d/
https://bugzilla.redhat.com/show_bug.cgi?id=1551735
--------------------------------------------------------------------------------
================================================================================
standard-test-roles-3.1-1.fc28 (FEDORA-2019-addfe58ac6)
Standard Test Interface Ansible roles
--------------------------------------------------------------------------------
Update Information:
Update to 3.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Andrei Stepanov <astepano(a)redhat.com> - 3.1-1
- Build with the latest merged PRs.
--------------------------------------------------------------------------------
================================================================================
subversion-api-docs-1.11.1-1.fc28 (FEDORA-2019-deadf58e58)
Subversion API documentation
--------------------------------------------------------------------------------
Update Information:
Rebuild against subversion 1.11.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 14 2019 Bojan Smojver <bojan(a)rexursive.com> 1.11.1-1
- bump up to 1.11.1
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.11.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 7 2018 Bojan Smojver <bojan(a)rexursive.com> 1.11.0-1
- bump up to 1.11.0
* Sat Jul 21 2018 Bojan Smojver <bojan(a)rexursive.com> 1.10.2-1
- bump up to 1.10.2
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1676049 - subversion-api-docs: FTBFS in Fedora rawhide/f30
https://bugzilla.redhat.com/show_bug.cgi?id=1676049
--------------------------------------------------------------------------------
================================================================================
vultr-1.15.0-2.fc28 (FEDORA-2019-de157aef3e)
Vultr CLI
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1663709 - Review Request: vultr - Vultr CLI
https://bugzilla.redhat.com/show_bug.cgi?id=1663709
--------------------------------------------------------------------------------