The following Fedora 29 Security updates need testing:
Age URL
115
https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320
xerces-c27-2.7.0-28.fc29
44
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b89746cb9b
tomcat-9.0.13-1.fc29
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-376ecc221c
nagios-4.4.3-1.fc29
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a034423db8
docker-1.13.1-63.git1185cfd.fc29
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f5b57646b7
docker-latest-1.13.1-40.git1185cfd.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3c45bd2cc3
mingw-python-qt5-5.11.3-2.fc29 mingw-qt5-qt3d-5.11.3-1.fc29
mingw-qt5-qtactiveqt-5.11.3-1.fc29 mingw-qt5-qtbase-5.11.3-1.fc29
mingw-qt5-qtcharts-5.11.3-1.fc29 mingw-qt5-qtdeclarative-5.11.3-1.fc29
mingw-qt5-qtgraphicaleffects-5.11.3-1.fc29 mingw-qt5-qtimageformats-5.11.3-1.fc29
mingw-qt5-qtlocation-5.11.3-1.fc29 mingw-qt5-qtmultimedia-5.11.3-1.fc29
mingw-qt5-qtquickcontrols-5.11.3-1.fc29 mingw-qt5-qtscript-5.11.3-1.fc29
mingw-qt5-qtsensors-5.11.3-1.fc29 mingw-qt5-qtserialport-5.11.3-1.fc29
mingw-qt5-qtsvg-5.11.3-1.fc29 mingw-qt5-qttools-5.11.3-1.fc29
mingw-qt5-qttranslations-5.11.3-1.fc29 mingw-qt5-qtwebkit-5.9.4-0.8.gitbd0657f.fc29
mingw-qt5-qtwebsockets-5.11.3-1.fc29 mingw-qt5-qtwinextras-5.11.3-1.fc29
mingw-qt5-qtxmlpatterns-5.11.3-1.fc29 mingw-sip-4.19.13-2.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d8ec88b21e
moodle-3.5.4-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
45
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d43e7dd21
SLOF-0.1.git20180702-2.fc29
15
https://bodhi.fedoraproject.org/updates/FEDORA-2019-27778372a6
pungi-4.1.32-3.fc29
9
https://bodhi.fedoraproject.org/updates/FEDORA-2019-0ab485544f
libguestfs-1.40.1-2.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca705d784a lorax-29.25-1.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-58052493a6
python-jsonschema-2.6.0-6.fc29
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ea8a50f7eb exo-0.12.4-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c042484003
kernel-4.20.4-200.fc29 kernel-headers-4.20.4-200.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6406ad278b
hivex-1.3.17-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-640a4bb060
supermin-5.1.20-2.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-a23010d9e1
python-productmd-1.19-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
Thunar-1.8.4-1.fc29
argbash-2.8.0-1.fc29
golang-1.11.5-1.fc29
gtk2-2.24.32-4.fc29
libiio-0.17-1.fc29
libmodulemd-2.1.0-1.fc29
numix-icon-theme-circle-0.1.0-19.20190124.gitda33f8b.fc29
numix-icon-theme-square-0.1.0-4.20190124.gitb37c7e4.fc29
openbabel-2.4.1-16.fc29
paprefs-1.1-1.fc29
pipenv-2018.11.26-5.fc29
python36-3.6.8-3.fc29
radvd-2.17-17.fc29
Details about builds:
================================================================================
Thunar-1.8.4-1.fc29 (FEDORA-2019-38fd1ced56)
Thunar File Manager
--------------------------------------------------------------------------------
Update Information:
update to version 1.8.4 ---- update to version 1.8.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 1.8.4-1
- Update to 1.8.4
* Thu Jan 24 2019 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 1.8.3-1
- Update to 1.8.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669165 - [abrt] Thunar: g_file_monitor_emit_event(): thunar killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1669165
[ 2 ] Bug #1641260 - [abrt] Thunar: thunar_file_get_display_name(): thunar killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1641260
[ 3 ] Bug #1659791 - [abrt] Thunar: thunar_shortcuts_model_set_busy(): thunar killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1659791
[ 4 ] Bug #1665577 - Thunar does not provide org.xfce.FileManager dbus service
https://bugzilla.redhat.com/show_bug.cgi?id=1665577
--------------------------------------------------------------------------------
================================================================================
argbash-2.8.0-1.fc29 (FEDORA-2019-8971560906)
Bash argument parsing code generator
--------------------------------------------------------------------------------
Update Information:
Update to argbash 2.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 2.8.0-1
- Update to 2.8.0
- New features:
* Allow argbash and argbash-init to be run from symbolic links.
* Allow scripts generated by argbash-init with complete separation (-s -s) to
be run from a symbolic link.
* Implemented output to generate manpages using the rst2man utility
* Introduced the ARG_VERSION_AUTO macro.
- Bugfixes:
* Double quotes in help messages are escaped (fixes #61).
* Fixed regression that allowed duplicate short options (fixes #58).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669789 - argbash-2.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1669789
--------------------------------------------------------------------------------
================================================================================
golang-1.11.5-1.fc29 (FEDORA-2019-dbd82d0882)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-6486
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Jakub ��ajka <jcajka(a)redhat.com> - 1.11.5-1
- Rebase to go1.11.5
- Fix for CVE-2019-6486
- Resolves: BZ#1668973
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1668972 - CVE-2019-6486 golang: crypto/elliptic implementations of P-521 and
P-384 elliptic curves allow for denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1668972
--------------------------------------------------------------------------------
================================================================================
gtk2-2.24.32-4.fc29 (FEDORA-2019-ed591bb7c7)
GTK+ graphical user interface library
--------------------------------------------------------------------------------
Update Information:
This update backports two bug fixes from upstream, fixing: - calendar: Use the
new "%OB" format if supported - Fix compiler warnings with GCC 8.1 in projects
using gtk+
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Kalev Lember <klember(a)redhat.com> - 2.24.32-4
- Backport two fixes from upstream (#1669768)
- calendar: Use the new "%OB" format if supported
- Fix compiler warnings with GCC 8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669768 - Pull some upstream patches
https://bugzilla.redhat.com/show_bug.cgi?id=1669768
--------------------------------------------------------------------------------
================================================================================
libiio-0.17-1.fc29 (FEDORA-2019-9982caa5d6)
Library for Industrial IO
--------------------------------------------------------------------------------
Update Information:
Update to 0.17, Enable IIOD USB/AIO backend
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 0.17-1
- Update to 0.17
- Enable IIOD USB/AIO backend
--------------------------------------------------------------------------------
================================================================================
libmodulemd-2.1.0-1.fc29 (FEDORA-2019-03bc622a3a)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
- Update to libmodulemd 2.1.0 and 1.8.2 - Drop upstreamed patches - Add new API
ModuleStream.depends_on_stream() and ModuleStream.build_depends_on_stream() to
help support auto-detection of when a module stream may need to be rebuilt
when its dependencies change. - Don't fail merges when default streams differ,
treat it as "no default for this module" - Fix error message - Copy modified
value when copying Modulemd.Defaults objects - Fixes discovered by clang and
coverity static analysis tools - Test improvements
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 26 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 2.1.0-1
- Update to libmodulemd 2.1.0 and 1.8.2
- Drop upstreamed patches
- Add new API ModuleStream.depends_on_stream() and
ModuleStream.build_depends_on_stream() to help support auto-detection of
when a module stream may need to be rebuilt when its dependencies change.
- Don't fail merges when default streams differ, treat it as "no default for
this module"
- Fix error message
- Copy modified value when copying Modulemd.Defaults objects
- Fixes discovered by clang and coverity static analysis tools
- Test improvements
--------------------------------------------------------------------------------
================================================================================
numix-icon-theme-circle-0.1.0-19.20190124.gitda33f8b.fc29 (FEDORA-2019-919f37cdca)
Numix Project circle icon theme
--------------------------------------------------------------------------------
Update Information:
Update to release 19.01.24 ---- Update the release 18.12.01
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Brendan Early <mymindstorm1(a)gmail.com> -
0.1.0-19.20190124.gitda33f8b
- Update to release 19.01.24
* Fri Jan 18 2019 Brendan Early <mymindstorm1(a)gmail.com> -
0.1.0-18.20181201.git085899f
- Update to release 18.12.01
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669279 - numix-icon-theme-circle-19.01.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1669279
--------------------------------------------------------------------------------
================================================================================
numix-icon-theme-square-0.1.0-4.20190124.gitb37c7e4.fc29 (FEDORA-2019-0f5c617110)
Numix Project square icon theme
--------------------------------------------------------------------------------
Update Information:
Update to release 19.01.24 ---- Update the release 18.12.01
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Brendan Early <mymindstorm1(a)gmail.com> -
0.1.0-4.20190124.gitb37c7e4
- Update to release 19.01.24
* Fri Jan 18 2019 Brendan Early <mymindstorm1(a)gmail.com> -
0.1.0-3.20181201.git70711c2
- Update to release 18.12.01
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669280 - numix-icon-theme-square-19.01.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1669280
--------------------------------------------------------------------------------
================================================================================
openbabel-2.4.1-16.fc29 (FEDORA-2019-beefbbb99d)
Chemistry software file format converter
--------------------------------------------------------------------------------
Update Information:
Fix library path in pkg-config file in the devel package.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Dominik Mierzejewski <rpm(a)greysector.net> - 2.4.1-16
- Fix path to libdir in .pc (#1669664)
- Use https for URL:
- Exclude obgui from the main openbabel package
- Disable failing test on s390x/F29+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669664 - Wrong pkgconfig file
https://bugzilla.redhat.com/show_bug.cgi?id=1669664
--------------------------------------------------------------------------------
================================================================================
paprefs-1.1-1.fc29 (FEDORA-2019-e147e44a21)
Management tool for PulseAudio
--------------------------------------------------------------------------------
Update Information:
An update to the latest upstream release: *
https://freedesktop.org/software/pulseaudio/paprefs/#news
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Julian Sikorski <belegdol(a)fedoraproject.org> - 1.1-1
- Update to 1.1
- Drop upstreamed patch
- Drop dbus-glib BuildRequires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669432 - paprefs-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1669432
--------------------------------------------------------------------------------
================================================================================
pipenv-2018.11.26-5.fc29 (FEDORA-2019-ef440e9861)
The higher level Python packaging tool
--------------------------------------------------------------------------------
Update Information:
Fix unbundling. Removes warnings and tracebacks from `pipenv shell` and `pipenv
uninstall`.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 24 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 2018.11.26-5
- Fix a fix of unbundling of packaging (sorry)
* Tue Jan 22 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 2018.11.26-4
- Fix unbundling of packaging
- Fixes
https://github.com/pypa/pipenv/issues/3469
* Wed Jan 9 2019 Owen Taylor <otaylor(a)redhat.com> - 2018.11.26-3
- Fix pexpect import for compatibility mode of pipenv shell
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1668447 - [abrt] pipenv: do_uninstall():
core.py:2012:do_uninstall:ModuleNotFoundError: No module named
'pipenv.vendor.packaging'
https://bugzilla.redhat.com/show_bug.cgi?id=1668447
--------------------------------------------------------------------------------
================================================================================
python36-3.6.8-3.fc29 (FEDORA-2019-7eb6d3b8ea)
Version 3.6 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-5010
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 23 2019 Patrik Kopkan <pkopkan(a)redhat.com> - 3.6.8-3
- fix for CVE-2019-5010 (#1666519, #1666520)
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.6.8-2
- Rebuilt for libcrypt.so.2 (#1666033)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1666519 - CVE-2019-5010 python: NULL pointer dereference using a specially
crafted X509 certificate
https://bugzilla.redhat.com/show_bug.cgi?id=1666519
--------------------------------------------------------------------------------
================================================================================
radvd-2.17-17.fc29 (FEDORA-2019-9790f1867a)
A Router Advertisement daemon
--------------------------------------------------------------------------------
Update Information:
Fix double-free in InterfaceList
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 27 2019 Pavel Zhukov <pzhukov(a)redhat.com> - 2.17-17
- Fix double-free in InterfaceList
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1669297 - radvd: Use After Free in case of misconfiguration
https://bugzilla.redhat.com/show_bug.cgi?id=1669297
--------------------------------------------------------------------------------