The following Fedora 29 Security updates need testing:
Age URL
86
https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320
xerces-c27-2.7.0-28.fc29
29
https://bodhi.fedoraproject.org/updates/FEDORA-2018-42555731d2
nagios-4.4.2-3.fc29
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-36115ae788
mysql-selinux-1.0.0-5.fc29
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb66bc33e6
haproxy-1.8.15-1.fc29
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b89746cb9b
tomcat-9.0.13-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bd545ef39
terminology-1.3.2-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f91054677
tcpreplay-4.3.1-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
32
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6682778e13
pungi-4.1.31-1.fc29
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d43e7dd21
SLOF-0.1.git20180702-2.fc29
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5bbed405f
garcon-0.6.2-1.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d576aa333 lldb-7.0.1-1.fc29
lld-7.0.1-2.fc29 compiler-rt-7.0.1-1.fc29 libomp-7.0.1-1.fc29 clang-7.0.1-1.fc29
llvm-7.0.1-1.fc29 python-lit-0.7.1-1.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-332d9716ff
xfce4-settings-4.13.5-2.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b21c629fd4 gdm-3.30.2-1.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6bcd108af2 libfm-1.3.1-1.fc29
pcmanfm-1.3.1-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ced2065bea mesa-18.2.8-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-69c68f1385
libappstream-glib-0.7.14-4.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-64a4d60839
kernel-4.19.12-301.fc29 kernel-headers-4.19.12-301.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5250b47ed7
analitza-18.04.3-3.fc29 appmenu-qt5-0.3.0+16.10.20160628.1-11.fc29 calibre-3.34.0-2.fc29
deepin-qt5integration-0.3.4-2.fc29 deepin-tool-kit-0.3.3-11.fc29
dnscrypt-proxy-gui-1.21.16-2.fc29 dtkwidget-2.0.9.9-3.fc29 fcitx-qt5-1.2.3-4.fc29
gammaray-2.9.0-5.fc29 hedgewars-0.9.25-2.fc29 kate-18.12.0-1.fc29
kf5-akonadi-server-18.08.3-2.fc29 kf5-frameworkintegration-5.53.0-3.fc29
kf5-kdeclarative-5.53.0-3.fc29 kf5-kwayland-5.53.0-3.fc29 kf5-kxmlgui-5.53.0-3.fc29
kmymoney-5.0.2-2.fc29 kwin-5.14.4-2.fc29 libfm-qt-0.13.1-2.fc29 libqtxdg-3.2.0-2.fc29
lxqt-qtplugin-0.13.0-2.fc29 mscore-2.2.1-6.fc29 plasma-integration-5.14.4-2.fc29
pyotherside-1.5.3-14.fc29 pythonqt-3.2-14.fc29 python-qt5-5.11.3-1.fc29
qgnomeplatform-0.5-6.fc29 qstardict-1.3-7.fc29 qt5-5.11.3-1.fc29 qt5ct-0.35-5.fc29
qt5-qt3d-5.11.3-1.fc29 qt5-qtbase-5.11.3-1.fc29 qt5-qtcanvas3d-5.11.3-1.fc29
qt5-qtcharts-5.11.3-1.fc29 qt5-qtconnectivity-5.11.3-1.fc29 qt5-qtdat
avis3d-5.11.3-1.fc29 qt5-qtdeclarative-5.11.3-1.fc29 qt5-qtdoc-5.11.3-1.fc29
qt5-qtenginio-1.6.2-20.fc29 qt5-qtgamepad-5.11.3-1.fc29
qt5-qtgraphicaleffects-5.11.3-1.fc29 qt5-qtimageformats-5.11.3-1.fc29
qt5-qtlocation-5.11.3-1.fc29 qt5-qtmultimedia-5.11.3-1.fc29
qt5-qtquickcontrols2-5.11.3-1.fc29 qt5-qtquickcontrols-5.11.3-1.fc29
qt5-qtremoteobjects-5.11.3-1.fc29 qt5-qtscript-5.11.3-1.fc29 qt5-qtscxml-5.11.3-1.fc29
qt5-qtsensors-5.11.3-1.fc29 qt5-qtserialbus-5.11.3-1.fc29 qt5-qtserialport-5.11.3-1.fc29
qt5-qtspeech-5.11.3-1.fc29 qt5-qtstyleplugins-5.0.0-29.fc29 qt5-qtsvg-5.11.3-1.fc29
qt5-qttools-5.11.3-1.fc29 qt5-qttranslations-5.11.3-1.fc29
qt5-qtvirtualkeyboard-5.11.3-1.fc29 qt5-qtwayland-5.11.3-1.fc29
qt5-qtwebchannel-5.11.3-1.fc29 qt5-qtwebengine-5.11.3-2.fc29
qt5-qtwebkit-5.212.0-0.31.alpha2.fc29 qt5-qtwebsockets-5.11.3-1.fc29
qt5-qtwebview-5.11.3-1.fc29 qt5-qtx11extras-5.11.3-1.fc29 qt5-qtxmlpatterns-5.11.3-1.fc29
qtcurve-1.9.1-2.fc29 sip-4.19.13-3.fc29 skrooge-2.14.0-3.fc29
texmaker-5.0.2-9.fc29 ugene-1.31.0-4.fc29 xdg-desktop-portal-kde-5.14.4-2.fc29
yarock-1.3.1-5.fc29
The following builds have been pushed to Fedora 29 updates-testing
beep-1.3-26.fc29
bitlbee-discord-0.4.2-1.fc29
borgbackup-1.1.8-1.fc29
cinnamon-4.0.8-1.fc29
did-0.12-1.fc29
electron-cash-3.3.4-1.fc29
gsequencer-2.1.21-0.fc29
jhead-3.02-1.fc29
konqueror-18.12.0-2.fc29
libcdr-0.1.5-1.fc29
libcerf-1.11-1.fc29
libetonyek-0.1.9-1.fc29
libqxp-0.0.2-1.fc29
librsvg2-2.44.11-1.fc29
libsecret-0.18.7-1.fc29
libwpd-0.10.3-1.fc29
mame-0.205-1.fc29
ompl-1.3.2-5.fc29
wxMaxima-18.12.0-1.fc29
Details about builds:
================================================================================
beep-1.3-26.fc29 (FEDORA-2018-92eff16e03)
Beep the PC speaker any number of ways
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-1000532, new non-root permissions and a few smaller
fixes. Fix a directory traversal issue introduced with the fix for
CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any
more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 and a
few smaller fixes
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.3-26
- Stop shipping old sudo related config files
- Refuse to run when run via sudo
- Set up group 'beep' for write access to evdev device with new udev rule
- Update README.fedora to reflect new group permission setup on evdev device
* Fri Dec 28 2018 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.3-25
- guard against directory traversal in /dev/input/ check
- refuse to run if setuid or setgid root
- make the evdev device the first device to look for (does not require root)
* Fri Dec 28 2018 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.3-24
- Actually apply the patches
- Update COPYING with new FSF address
- Fix Patch9 to work as non-git patch (do the rest with shell)
- Proper naming of Patch14
- Exit beep when error accessing API
* Fri Dec 28 2018 Hans Ulrich Niedermann <hun(a)n-dimensional.de> - 1.3-23
- Fix CVE-2018-1000532 and mitigate against related issues (#1595592)
- Fix a number of potential integer overflows
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1595591 - CVE-2018-1000532 beep: External control of file name or path via
--device option
https://bugzilla.redhat.com/show_bug.cgi?id=1595591
--------------------------------------------------------------------------------
================================================================================
bitlbee-discord-0.4.2-1.fc29 (FEDORA-2018-f09c518b7a)
Bitlbee plugin for Discord
--------------------------------------------------------------------------------
Update Information:
Updated to 0.4.2, latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 11 2018 Ben Rosser <rosser.bjr(a)gmail.com> - 0.4.2-1
- Updated to 0.4.2, latest upstream release.
--------------------------------------------------------------------------------
================================================================================
borgbackup-1.1.8-1.fc29 (FEDORA-2018-443b5e5eda)
A deduplicating backup program with compression and authenticated encryption
--------------------------------------------------------------------------------
Update Information:
Upstream Release 1.1.8
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Benjamin Pereto <bpereto(a)fedoraproject.org> - 1.1.8-1
- Upstream Release 1.1.8
--------------------------------------------------------------------------------
================================================================================
cinnamon-4.0.8-1.fc29 (FEDORA-2018-244e6747d5)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Update to 4.0.8 and patch to fix
https://github.com/linuxmint/Cinnamon/issues/8225
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.8-1
- Update to 4.0.8 release
--------------------------------------------------------------------------------
================================================================================
did-0.12-1.fc29 (FEDORA-2018-d8ab605b88)
What did you do last week, month, year?
--------------------------------------------------------------------------------
Update Information:
Trello comments, Google tasks, SSL, bugs...
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 20 2018 Petr ��pl��chal <psplicha(a)redhat.com> 0.12-1
- Add missing redmine dependency [fix #177]
- Fix GitLab plugin's ssl_verify option [fix #168]
- Document GitLab access token scope
- Merge ssl_verify support for Jira [#169]
- Merge support for Trello commented cards [#170]
- Fix commented cards title, improve the test suite
- Add a simple test for completed tasks, update auth
- Merge support for completed Google tasks [#173]
- Merge fix for the Google dependencies [#166]
- Document additional google dependencies
- Adding support for Google tasks
- Add commentCard to trello DEFAULT_FILTERS
- Allow to set 'ssl_verify' config for jira plugin
- Support 'creator' in bugzilla plugin [fix #167]
- Give a nice error when user not found [fix #159]
- Fix jira basic authentication [fix #163]
- Fix long_description in setup.py
- Update pip installation instructions
- Update the example config with recent plugins
- Describe in more detail how the tool works
- Silently ignore non-git directories [fix #143]
- Separate arguments preparation, add test coverage
- New option --test to run a simple smoke test
- Remove python2-gssapi from Requires
- Make REQUESTS_CA_BUNDLE example copy-paste-able
- Merge fix for the gitlab --since issue [fix #156]
- Remove gssapi dependency from the main cli module
- Quick start section, update install instructions
- Simplify setup.py, update requires
- Fix --since issue in gitlab plugin
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1660215 - Backport Jira basic auth fix
https://bugzilla.redhat.com/show_bug.cgi?id=1660215
[ 2 ] Bug #1657656 - traceback when getting bugzilla info
https://bugzilla.redhat.com/show_bug.cgi?id=1657656
--------------------------------------------------------------------------------
================================================================================
electron-cash-3.3.4-1.fc29 (FEDORA-2018-7d6590724e)
A lightweight Bitcoin Cash client
--------------------------------------------------------------------------------
Update Information:
Updated to 3.3.4. Security fix by upstream: Anti-Phishing protection..
Server-provided text will not appear in user-facing GUI windows anymore.
Server error messages are instead parsed and mapped to predefined strings.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Jonny Heggheim <hegjon(a)gmail.com> - 3.3.4-1
- Updated to version 3.3.4
--------------------------------------------------------------------------------
================================================================================
gsequencer-2.1.21-0.fc29 (FEDORA-2018-68a7984295)
Audio processing engine
--------------------------------------------------------------------------------
Update Information:
updated Source to point to new minor version directory
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
jhead-3.02-1.fc29 (FEDORA-2018-cb65b1b40b)
Tool for displaying EXIF data embedded in JPEG images
--------------------------------------------------------------------------------
Update Information:
updated to 3.02 (#1661744)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Adrian Reber <adrian(a)lisas.de> - 3.02-1
- updated to 3.02 (#1661744)
- dropped upstreamed patches
* Wed Sep 19 2018 Adrian Reber <adrian(a)lisas.de> - 3.00-12
- Added more buffer overflow Debian patches (should also fix CVE-2018-16554,
CVE-2016-3822)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1661744 - jhead-3.02 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1661744
--------------------------------------------------------------------------------
================================================================================
konqueror-18.12.0-2.fc29 (FEDORA-2018-c7e6196529)
KDE File Manager and Browser
--------------------------------------------------------------------------------
Update Information:
New upstream release, switch to kwebkitpart backend by default to workaround
kwebenginepart issue of failing to unload on quit.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 18.12.0-2
- default to kwebkitpart until kwebenginepart works properly (#1523082,kde#401976)
* Sat Dec 8 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 18.12.0-1
- 18.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1523082 - konqueror does not start a second time
https://bugzilla.redhat.com/show_bug.cgi?id=1523082
--------------------------------------------------------------------------------
================================================================================
libcdr-0.1.5-1.fc29 (FEDORA-2018-e14d4811b0)
A library for import of CorelDRAW drawings
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 David Tardon <dtardon(a)redhat.com> - 0.1.5-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
libcerf-1.11-1.fc29 (FEDORA-2018-cb974b5d2a)
A library that provides complex error functions
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release: fixes a bug introduced in v1.8 that had
broken the normalization of the Voigt function. Other significant changes: *
Restore libcerf.pc * Add INSTALL instructions, and other minor adjustments for
use of libcerf in C++ projects * Support 'ctest', which runs the numeric
accuracy tests from test1.c. * Rename type cmplx into _cerf_cmplx to avoid name
clash with Gnuplot pre 5.3.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Jos�� Matos <jamatos(a)fedoraproject.org> - 1.11-1
- update to 1.11
- adds html documentation to the devel subpackage
- adds a pkgconfig .pc file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639186 - Review Request: libcerf - a library that provides complex error
functions
https://bugzilla.redhat.com/show_bug.cgi?id=1639186
[ 2 ] Bug #1476616 - enable libcerf in gnuplot.
https://bugzilla.redhat.com/show_bug.cgi?id=1476616
--------------------------------------------------------------------------------
================================================================================
libetonyek-0.1.9-1.fc29 (FEDORA-2018-3388099b53)
A library for import of Apple iWork documents
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 David Tardon <dtardon(a)redhat.com> - 0.1.9-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
libqxp-0.0.2-1.fc29 (FEDORA-2018-fd4a32d0b9)
Library for import of QuarkXPress documents
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 David Tardon <dtardon(a)redhat.com> - 0.0.2-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
librsvg2-2.44.11-1.fc29 (FEDORA-2018-6cb0431cce)
An SVG library based on cairo
--------------------------------------------------------------------------------
Update Information:
librsvg 2.44.11 release. - Fix crash when a linear RGB filter is followed by
an SRGB filter (Ivan Molodetskikh). - Fix #393 - Stack overflow when freeing
thousands of sibling elements. - Fix #395 - feMorphology was crashing with a
negative scaling transformation. - Fix positioning of adjacent <tspan>
elements.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Kalev Lember <klember(a)redhat.com> - 2.44.11-1
- Update to 2.44.11
--------------------------------------------------------------------------------
================================================================================
libsecret-0.18.7-1.fc29 (FEDORA-2018-3e13bb18c6)
Library for storing and retrieving passwords and other secrets
--------------------------------------------------------------------------------
Update Information:
libsecret 0.18.7 release. * Migrate from intltool to gettext * Fix
uninitialized memory returned by secret_item_get_schema_name() * secret-
session: Avoid double-free in service_encode_plain_secret() * Port tap script
to Python 3 * Build and test fixes * Updated translations
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Kalev Lember <klember(a)redhat.com> - 0.18.7-1
- Update to 0.18.7
- Fix unowned gir and vala directories
- Tighten soname glob to avoid unnoticed soname bumps
--------------------------------------------------------------------------------
================================================================================
libwpd-0.10.3-1.fc29 (FEDORA-2018-4ef3593fd8)
A library for import of WordPerfect documents
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 David Tardon <dtardon(a)redhat.com> - 0.10.3-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
mame-0.205-1.fc29 (FEDORA-2018-520dfd6cd0)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest mame release: *
https://www.mamedev.org/?p=464
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 28 2018 Julian Sikorski <belegdol(a)fedoraproject.org> - 0.205-1
- Update to 0.205
- Add jack-audio-connection-kit to BuildRequires
--------------------------------------------------------------------------------
================================================================================
ompl-1.3.2-5.fc29 (FEDORA-2018-66c18df007)
The Open Motion Planning Library
--------------------------------------------------------------------------------
Update Information:
Fixed bug that caused build failures, built for f29.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 2 2018 Iryna Shcherbina <shcherbina.iryna(a)gmail.com> - 1.3.2-4
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1605302 - ompl: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1605302
--------------------------------------------------------------------------------
================================================================================
wxMaxima-18.12.0-1.fc29 (FEDORA-2018-f1463d3af2)
Graphical user interface for Maxima
--------------------------------------------------------------------------------
Update Information:
A bug fix release that addresses: * Corrected the line break algorithm for
printing and displaying maths and text; * Better GTK3 compatibility for Linux.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 29 2018 Jos�� Matos <jamatos(a)fedoraproject.org> - 18.12.0-1
- 18.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643722 - wxmaxima (18.02.10) does not properly render text after scrooling
the page
https://bugzilla.redhat.com/show_bug.cgi?id=1643722
[ 2 ] Bug #1574901 - [abrt] wxMaxima: wxTrap(): wxmaxima killed by SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=1574901
--------------------------------------------------------------------------------