The following Fedora 27 Security updates need testing:
Age URL
257
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
189
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408
dpdk-17.08.2-1.fc27
152
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01
nodejs-brace-expansion-1.1.11-1.fc27
143
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219
unrtf-0.21.9-8.fc27
120
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750
mailman-2.1.21-9.fc27
120
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1
openslp-2.0.0-15.fc27
77
https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c
tomcat-8.0.53-1.fc27
77
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1
unixODBC-2.3.7-1.fc27
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6
xerces-c27-2.7.0-28.fc27
22
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e010c6501
chromium-69.0.3497.100-1.fc27
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28ea2290ad
python33-3.3.7-3.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c9120d494
rpm-4.14.2.1-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f20a0cead5 xen-4.9.3-2.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d527206a77
roundcubemail-1.3.8-1.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-56ec0ccd82 feh-2.28-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
173
https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27
mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
133
https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93
upower-0.99.8-1.fc27
97
https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e
geoclue2-2.4.11-1.fc27
77
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24
iproute-4.17.0-1.fc27
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a93cc4270
gnome-software-3.28.2-4.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c9120d494
rpm-4.14.2.1-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f20a0cead5 xen-4.9.3-2.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-845c2b9bc6
highlight-3.47-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
NetworkManager-1.8.8-2.fc27
cabextract-1.8-1.fc27
drupal7-7.60-2.fc27
dwgrep-0.4-1.fc27
et-5.1.8-1.fc27
ghostwriter-1.7.3-1.fc27
grass-7.4.2-1.fc27
ipmctl-01.00.00.3344-1.fc27
java-1.8.0-openjdk-aarch32-1.8.0.191.181022-1.fc27
jglobus-2.1.0-11.fc27
libabigail-1.5-1.fc27
libgit2-0.26.8-1.fc27
libmspack-0.8-0.1.alpha.fc27
libssh-0.7.7-1.fc27
libtaskotron-0.9.1-1.fc27
lldpad-1.0.1-9.git036e314.fc27
lollypop-0.9.610-1.fc27
mkvtoolnix-28.2.0-1.fc27
perl-CPAN-Perl-Releases-3.80-1.fc27
perl-DateTime-TimeZone-2.21-1.fc27
perl-IRI-0.009-1.fc27
php-Smarty2-2.6.31-2.fc27
php-pear-CAS-1.3.6-1.fc27
php-pecl-psr-0.5.1-1.fc27
php-samyoul-u2f-php-server-1.1.4-1.fc27
pungi-4.1.30-1.fc27
python-requests-2.20.0-1.fc27
qt-virt-manager-0.70.91-1.fc27
uronode-2.9-4.fc27
wingpanel-indicator-notifications-2.1.2-1.fc27
Details about builds:
================================================================================
NetworkManager-1.8.8-2.fc27 (FEDORA-2018-fc3018b1bd)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin
(CVE-2018-15688)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Thomas Haller <thaller(a)redhat.com> - 1:1.8.8-2
- dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639067 - CVE-2018-15688 systemd: Out-of-bounds heap write in
systemd-networkd dhcpv6 option handling
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
--------------------------------------------------------------------------------
================================================================================
cabextract-1.8-1.fc27 (FEDORA-2018-c73d257297)
Utility for extracting cabinet (.cab) archives
--------------------------------------------------------------------------------
Update Information:
Latest stable releases of libmspack and cabextract, includes security fixes for
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.8-1
- 1.8
* Wed Jul 25 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.7-1
- 1.7 (#1186186)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1610941 - CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro
for CHM decompression
https://bugzilla.redhat.com/show_bug.cgi?id=1610941
[ 2 ] Bug #1610896 - CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers
in mspack/kwajd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1610896
[ 3 ] Bug #1610934 - CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number
validity checks
https://bugzilla.redhat.com/show_bug.cgi?id=1610934
[ 4 ] Bug #1644215 - CVE-2018-18585 libmspack: NULL pointer dereference in
chmd_read_headers in mspack/chmd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1644215
[ 5 ] Bug #1644214 - CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
https://bugzilla.redhat.com/show_bug.cgi?id=1644214
--------------------------------------------------------------------------------
================================================================================
drupal7-7.60-2.fc27 (FEDORA-2018-4c0b99a9eb)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
*
https://www.drupal.org/project/drupal/releases/7.60 * [SA-
CORE-2018-006](https://www.drupal.org/SA-CORE-2018-006)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.60-2
- Explicit python dependencies
- Explicit python2 except el5
- See
https://koji.fedoraproject.org/koji/buildinfo?buildID=1156502
* Sat Oct 27 2018 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.60-1
- Update to 7.60 (RHBZ #1643121 / RHBZ #1643122 / RHBZ #1643124 / SA-CORE-2018-006)
- Remove patch drupal-7.14-CVE-2012-2922 (see
https://groups.drupal.org/node/230373)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.59-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643121 - drupal: Multiple Vulnerabilities - SA-CORE-2018-006
https://bugzilla.redhat.com/show_bug.cgi?id=1643121
--------------------------------------------------------------------------------
================================================================================
dwgrep-0.4-1.fc27 (FEDORA-2018-a8cf7e71fe)
A tool for querying Dwarf (debuginfo) graphs
--------------------------------------------------------------------------------
Update Information:
- Rebase to 0.4 (
https://github.com/pmachata/dwgrep/releases/tag/0.4)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Petr Machata <pmachata(a)gmail.com> - 0.4-1
- Rebase to 0.4
--------------------------------------------------------------------------------
================================================================================
et-5.1.8-1.fc27 (FEDORA-2018-9803c36bdb)
Remote shell that survives IP roaming and disconnect
--------------------------------------------------------------------------------
Update Information:
Fix crash when two clients join the same server simultaneously
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 5.1.8-1
-
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v5.1.8
--------------------------------------------------------------------------------
================================================================================
ghostwriter-1.7.3-1.fc27 (FEDORA-2018-f9c6871840)
Cross-platform, aesthetic, distraction-free Markdown editor
--------------------------------------------------------------------------------
Update Information:
Initial release.
--------------------------------------------------------------------------------
================================================================================
grass-7.4.2-1.fc27 (FEDORA-2018-9b69c5d131)
GRASS GIS - Geographic Resources Analysis Support System
--------------------------------------------------------------------------------
Update Information:
new upstream version GRASS GIS 7.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.2-0
- new upstream version 7.4.2
* Sun Sep 9 2018 Pavel Raiskup <praiskup(a)redhat.com> - 7.4.1-8
- Clean up of PostgreSQL support (PR#4)
* Tue Jul 31 2018 Florian Weimer <fweimer(a)redhat.com> - 7.4.1-7
- Rebuild with fixed binutils
* Sun Jul 29 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-6
- added BuildRequires gcc-c++ to address RHBZ #1604262 due to RHBZ #1551327 (removing gcc
and gcc-c++ from default buildroot)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 8 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-4
- fix Python macro to explicitely use Python 2 interpreter
* Sat Jul 7 2018 Scott Talbert <swt(a)techie.net> - 7.4.1-3
- Update BRs: remove wxGTK-devel and add cairo-devel
* Sat Jun 23 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-2
- fix wxPython package dependency name for CentOS7
* Tue Jun 12 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-1
- new upstream version 7.4.1
- do not fail on EPEL6 with appstream-util
--------------------------------------------------------------------------------
================================================================================
ipmctl-01.00.00.3344-1.fc27 (FEDORA-2018-4bc6bc0654)
Utility for managing Intel Optane DC persistent memory modules
--------------------------------------------------------------------------------
Update Information:
Release v01.00.00.3344
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Juston Li <juston.li(a)intel.com> - 01.00.00.3344-1
- Release 01.00.00.3279
- logrotate and python spec patches removed, in upstream
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-aarch32-1.8.0.191.181022-1.fc27 (FEDORA-2018-cca64e06ba)
OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project
--------------------------------------------------------------------------------
Update Information:
8u191 update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Alex Kashchenko <akashche(a)redhat.com> - 1:1.8.0.191-1.181022
- update sources to 8u191
- sync with mainline package
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-11.fc27 (FEDORA-2018-6595344cfd)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
Apply patches from OSG/WLCG.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.1.0-11
- Apply patches from OSG/WLCG
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 2 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.1.0-9
- Disble axis and tomcat modules for Fedora >= 28 (missing dependencies)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libabigail-1.5-1.fc27 (FEDORA-2018-2d27f4d2dd)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.5 tarball
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 25 2018 Dodji Seketeli <dodji(a)seketeli.org> - 1.5-1
- Update to upstream 1.5 tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1638554 - abipkgdiff: abg-comp-filter.cc:902: bool
abigail::comparison::filtering::is_mostly_distinct_diff(const abigail::comparison::diff*):
Assertion `td' failed.
https://bugzilla.redhat.com/show_bug.cgi?id=1638554
--------------------------------------------------------------------------------
================================================================================
libgit2-0.26.8-1.fc27 (FEDORA-2018-3448c8aec1)
C implementation of the Git core methods as a library with a solid API
--------------------------------------------------------------------------------
Update Information:
Update to 0.26.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 26 2018 Pete Walter <pwalter(a)fedoraproject.org> - 0.26.8-1
- Update to 0.26.8
- Update upstream URL
--------------------------------------------------------------------------------
================================================================================
libmspack-0.8-0.1.alpha.fc27 (FEDORA-2018-c73d257297)
Library for CAB and related files compression and decompression
--------------------------------------------------------------------------------
Update Information:
Latest stable releases of libmspack and cabextract, includes security fixes for
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 0.8-0.1.alpha
- 0.8alpha
- use %make_build %make_install %ldconfig_scriptlets %license
- devel: use %{?_isa} to tighten dep on main pkg
- drop deprecated Group: tag
- %files: tighten to include library soname
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1610941 - CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro
for CHM decompression
https://bugzilla.redhat.com/show_bug.cgi?id=1610941
[ 2 ] Bug #1610896 - CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers
in mspack/kwajd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1610896
[ 3 ] Bug #1610934 - CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number
validity checks
https://bugzilla.redhat.com/show_bug.cgi?id=1610934
[ 4 ] Bug #1644215 - CVE-2018-18585 libmspack: NULL pointer dereference in
chmd_read_headers in mspack/chmd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1644215
[ 5 ] Bug #1644214 - CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
https://bugzilla.redhat.com/show_bug.cgi?id=1644214
--------------------------------------------------------------------------------
================================================================================
libssh-0.7.7-1.fc27 (FEDORA-2018-6d5b4aca58)
A library implementing the SSH protocol
--------------------------------------------------------------------------------
Update Information:
Update to version 0.7.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Andreas Schneider <asn(a)redhat.com> - 0.7.7-1
- Update to version 0.7.7
https://www.libssh.org/2018/10/29/libssh-0-8-5-and-libssh-0-7-7/
--------------------------------------------------------------------------------
================================================================================
libtaskotron-0.9.1-1.fc27 (FEDORA-2018-b24b0d429b)
Taskotron Support Library
--------------------------------------------------------------------------------
Update Information:
Update for Fedora 29 GA
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 0.9.1-1
- Fedora 29 GA
--------------------------------------------------------------------------------
================================================================================
lldpad-1.0.1-9.git036e314.fc27 (FEDORA-2018-e9d1ec6dbc)
Intel LLDP Agent
--------------------------------------------------------------------------------
Update Information:
- Add upstream fix for improper sanitization of shell-escape codes when lldptool
parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP
selectors in APP TLVs. This allows configuration of DSCP-based packet
prioritization on capable network devices.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 16 2018 Petr Machata <pmachata(a)gmail.com> - 1.0.1-9.git036e314
- Add open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch (BZ 1614932,
1614896 (CVE-2018-10932)
- Add open-lldp-v1.0.1-28-support-DSCP-selectors.patch (BZ 1618377)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1614896 - CVE-2018-10932 lldptool: improper sanitization of shell-escape
codes
https://bugzilla.redhat.com/show_bug.cgi?id=1614896
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.610-1.fc27 (FEDORA-2018-b17408dc41)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.610 ---- Update to 0.9.609 ---- Update to 0.9.608 ----
Update to 0.9.607 ---- Update to 0.9.605
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.610-1
- Update to 0.9.610
* Thu Oct 25 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.609-1
- Update to 0.9.609
* Thu Oct 25 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.608-1
- Update to 0.9.608
* Mon Oct 22 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.607-1
- Update to 0.9.607
* Fri Oct 19 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.605-1
- Update to 0.9.605
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1641370 - [abrt] lollypop: _on_populated():
view.py:272:_on_populated:AttributeError: 'RadioWidget' object has no attribute
'is_populated'
https://bugzilla.redhat.com/show_bug.cgi?id=1641370
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-28.2.0-1.fc27 (FEDORA-2018-8587111c5a)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
# Version 28.2.0 "The Awakening" 2018-10-25 ## Bug fixes * mkvmerge, mkvinfo,
mkvextract, mkvpropedit, MKVToolNix GUI's info tool & chapter editor: fixed a
case of memory being accessed after it had been freed earlier. This can be
triggered by specially crafted Matroska files and lead to arbitrary code
execution. The vulnerability was reported as Cisco TALOS 2018-0694 on
2018-10-25. # Version 28.1.0 "Morning Child" 2018-10-23 ## Bug fixes *
mkvmerge: AV1 parser: fixed an error in the sequence header parser if neither
the `reduced_still_picture_header` nor the `frame_id_numbers_present_flag` is
set. Part of the fix for #2410. * mkvmerge: AV1 parser: when creating the `av1C`
structure for the Codec Private element the sequence header OBU wasn't copied
completely: its common data (type field & OBU size among others) was missing.
Part of the fix for #2410. * mkvmerge: Matroska reader, AV1: mkvmerge will try
to re-create the `av1C` data stored in Codec Private when reading AV1 from
Matroska or WebM files created by mkvmerge v28.0.0. Part of the fix for #2410. *
MKVToolNix GUI: info tool: the tool will no longer stop scanning elements when
an EBML Void element is found after the first Cluster element. Fixes #2413. #
Version 28.0.0 "Voice In My Head" 2018-10-20 ## New features and enhancements
* mkvmerge: AV1 parser: updated the code for the finalized AV1 bitstream
specification. Part of the implementation of #2261. * mkvmerge: AV1 packetizer:
updated the code for the finalized AV1-in-Matroska & WebM mapping specification.
Part of the implementation of #2261. * mkvmerge: AV1 support: the `--engage
enable_av1` option has been removed again. Part of the implementation of #2261.
* mkvmerge: MP4 reader: added support for AV1. Part of the implementation of
#2261. * mkvmerge: DTS: implemented dialog normalization gain removal for
extension substreams. Implements #2377. * mkvmerge, mkvextract: simple text
subtitles: added a workaround for simple text subtitle tracks that don't contain
a duration. Implements #2397. * mkvextract: added support for extracting AV1 to
IVF. Part of the implementation of #2261. * mkvextract: IVF extractor (AV1, VP8,
VP9): precise values will be used for the frame rate numerator & denominator
header fields for certain well-known values of the track's default duration. *
mkvmerge: VP9: mkvmerge will now create codec private data according to the VP9
codec mapping described in the WebM specifications. Implements #2379. *
MKVToolNix GUI: automatic scaling for high DPI displays is activated if the GUI
is compiled with Qt ��� 5.6.0. Fixes #1996 and #2383. * MKVToolNix GUI: added a
menu item ("Help" ��� "System information") for displaying information
about the
system MKVToolNix is running on in order to make debugging easier. * MKVToolNix
GUI: multiplexer, header editor: the user can enter a list of predefined track
names in the preferences. She can later select from them in "track name" combo
box. Implements #2230. ## Bug fixes * mkvmerge: JSON identification: fixed a
bug when removing invalid UTF-8 data from strings before they're output as JSON.
Fixes #2398. * mkvmerge: MP4/QuickTime reader: fixed handling of PCM audio with
FourCC `in24`. Fixes #2391. * mkvmerge: MPEG transport stream reader, teletext
subtitles: the decision whether or not to keep frames around in order to
potentially merge them with the following frame is made sooner. That avoids
problems if there are large gaps between teletext subtitle frames which could
lead to frames being interleaved too late. Fixes #2393. * mkvextract: IVF
extractor (AV1, VP8, VP8): the frame rate header fields weren't clamped to 16
bits properly causing wrong frame rates to be written in certain situations. *
mkvpropedit, MKVToolNix GUI's header editor: fixed file corruption when a one-
byte space must be covered with a new EBML void element but all surrounding
elements have a "size length" field that's eight bytes long already. Fixes
#2406.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 28.2.0-1
- update to 28.2.0
- fixes CVE-2018-4022 (#1644258)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644258 - CVE-2018-4022 mkvtoolnix: MKVINFO read_one_element code execution
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1644258
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.80-1.fc27 (FEDORA-2018-55f26d4c2b)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.80-1
- 3.80 bump
* Tue Oct 23 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.78-1
- 3.78 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643844 - Upgrade perl-CPAN-Perl-Releases to 3.80
https://bugzilla.redhat.com/show_bug.cgi?id=1643844
[ 2 ] Bug #1641955 - Upgrade perl-CPAN-Perl-Releases to 3.78
https://bugzilla.redhat.com/show_bug.cgi?id=1641955
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.21-1.fc27 (FEDORA-2018-818e13f8b3)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.21-1
- 2.21 bump (2018g Olson database)
* Fri Oct 19 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.20-1
- 2.20 bump (2018f Olson database)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643850 - Upgrade perl-DateTime-TimeZone to 2.21
https://bugzilla.redhat.com/show_bug.cgi?id=1643850
[ 2 ] Bug #1640990 - Upgrade perl-DateTime-TimeZone to 2.20
https://bugzilla.redhat.com/show_bug.cgi?id=1640990
--------------------------------------------------------------------------------
================================================================================
perl-IRI-0.009-1.fc27 (FEDORA-2018-7e3e33171d)
Internationalized Resource Identifiers
--------------------------------------------------------------------------------
Update Information:
This release corrects required minimal Perl version. We deliver it only to
provide up-to-date module version string.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Petr Pisar <ppisar(a)redhat.com> - 0.009-1
- 0.009 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644619 - Upgrade perl-IRI to 0.009
https://bugzilla.redhat.com/show_bug.cgi?id=1644619
--------------------------------------------------------------------------------
================================================================================
php-Smarty2-2.6.31-2.fc27 (FEDORA-2018-60c74d2b16)
Smarty - the compiling PHP template engine
--------------------------------------------------------------------------------
Update Information:
2017-11-03 * replace functions deprecated in PHP 7.2 2016-09-11 Uwe Tews *
{math} fix parameter checking order to avoid misleading message * {math} replace
wrong versiom 2016-07-19 Uwe Tews * {math} shell injection vulnerability
patch provided by Tim Weber 2015-12-30 Uwe Tews * fixed plugin filepath
cache must not be static, because of possible problem when using multiple
Smarty instances with diffrent plugins_dir settings
https://github.com/smarty-
php/smarty/issues/146 2015-06-21 Uwe Tews * PHP7 raises E_DEPRECATED use
__construct for compatibility 2013-09-30 * Fixed old vulnerability bug
https://bugs.gentoo.org/show_bug.cgi?id=356615 2013-07-16 Uwe Tews * Fixed
made Smarty_Compiler.class.php compatible with PHP 5.5
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 27 2018 Shawn Iwinski <shawn(a)iwin.ski> - 2.6.31-2
- Add composer provides
* Sat Oct 27 2018 Shawn Iwinski <shawn(a)iwin.ski> - 2.6.31-1
- Update to 2.6.31
- Update license from LGPLv2+ to LGPLv3
- Full spec update
- Remove broken demo files
- Add autoloader
- Move license file from docs directory to shared licenses directory
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.27-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.27-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-pear-CAS-1.3.6-1.fc27 (FEDORA-2018-95695b59c7)
Central Authentication Service client library in php
--------------------------------------------------------------------------------
Update Information:
**Version 1.3.6** **Security Fixes:** * Fix XSS in proxy mode [#271]
(Joachim Fritschi) **Bug Fixes:** * Fix bad condition [#252] (Brice
Vercoustre) * Hash ticket strings to generate valid-length session-ids [#224,
#244, #248] (Adam Franco) * Fix "phpCAS" class capitalization in code [#273,
#277] (phy25) **Improvement:** * Remove fallback for __autoload [#247]
(marinaglancy) * More robust check for Windows OS in File.php [#275]
(xamount) * Fix continue statement within switch/case for php 7.3
compatibility [#278] (stonk7)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 26 2018 Remi Collet <remi(a)remirepo.net> - 1.3.6-1
- update to 1.3.6
- new github and packagist owner
--------------------------------------------------------------------------------
================================================================================
php-pecl-psr-0.5.1-1.fc27 (FEDORA-2018-0016b4e188)
PSR interfaces
--------------------------------------------------------------------------------
Update Information:
**Version 0.5.1** - Fix `Psr\Http\Message\ServerRequestInterface` not actually
extending `Psr\Http\Message\RequestInterface`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Remi Collet <remi(a)remirepo.net> - 0.5.1-1
- update to 0.5.1
--------------------------------------------------------------------------------
================================================================================
php-samyoul-u2f-php-server-1.1.4-1.fc27 (FEDORA-2018-8e1ed9d0a3)
Server side handling class for FIDO U2F registration and authentication
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.4** * fix issue when there is more than one U2F key registered
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
pungi-4.1.30-1.fc27 (FEDORA-2018-653a7a63f1)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
* Fix dependencies in `pungi-legacy` subpackage. * Include fixes for ISOs
containing multiple variants. * Fix issues with hybrid depsolver.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.30-1
- gather: Expand wildcards in Pungi (lsedlar)
- repoclosure: Extract logs from hybrid solver (lsedlar)
- gather: Track multilib that doesn't exist (lsedlar)
- Get the NSVC from Koji module CG build metadata (jkaluza)
- extra_iso: Include media.repo and .discinfo (lsedlar)
- hybrid: Don't add debuginfo as langpacks (lsedlar)
- fus: Write solvables to file (lsedlar)
- hybrid: Honor filter_packages (lsedlar)
- Include all test fixtures in source tarball (lsedlar)
- extra-iso: Use correct efiboot.img file (lsedlar)
- extra-iso: Fix treeinfo (lsedlar)
- createiso: Move code for tweaking treeinfo into a function (lsedlar)
- extra-iso: Generate jigdo by default (lsedlar)
* Mon Oct 15 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-3
- Save memory less agressively
* Wed Oct 10 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-2
- Add dependency on xorriso to pungi-legacy
- Bump dependency on python-productmd
* Wed Oct 10 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-1
- hybrid: Only include modules that are not in lookaside (lsedlar)
- Try to be more conservative about memory usage (lsedlar)
- hybrid: Remove modules not listed by fus (lsedlar)
- gather: Make devel modules configurable (lsedlar)
- pkgset: Stop prefilling RPM artifacts (lsedlar)
- gather: Create devel module for each normal module (lsedlar)
- pkgset: Save package set for each module (lsedlar)
- fus: List lookaside repos first (lsedlar)
- gather: Work with repos without location_base (lsedlar)
- Remove extra dependencies (lsedlar)
- Set repodata mtime to SOURCE_DATE_EPOCH (marmarek)
- Make sure .treeinfo file is sorted (marmarek)
- Use constant MBR ID for isohybrid (marmarek)
- Use xorriso instead of genisoimage (marmarek)
- Use $SOURCE_DATE_EPOCH (if set) in discinfo file (marmarek)
- unified_isos: Add extra variants to metadata (lsedlar)
- extra_iso: Add list of variants to metadata (lsedlar)
- linker: Simplify creating pool (lsedlar)
- gather: Hide pid of fus process (lsedlar)
- fus: Strip protocol from repo path (lsedlar)
- Add 'pkgset_koji_builds' option to include extra builds in a compose
(jkaluza)
- ostree: Reduce duplication in tests (lsedlar)
- ostree: Use --touch-if-changed (lsedlar)
- ostree: Fix handler crash without commit ID (lsedlar)
- gather: Filter arches similarly to pkgset (lsedlar)
- Stop shipping and remove RELEASE-NOTES (pbrobinson)
--------------------------------------------------------------------------------
================================================================================
python-requests-2.20.0-1.fc27 (FEDORA-2018-41320b315a)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
- Update to v2.20.0 - Includes fix for CVE-2018-18074
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jeremy Cline <jeremy(a)jcline.org> - 2.20.0-1
- Update to v2.20.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643830 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does
not remove Authorization header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1643830
[ 2 ] Bug #1591531 - python-requests-2.19.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1591531
--------------------------------------------------------------------------------
================================================================================
qt-virt-manager-0.70.91-1.fc27 (FEDORA-2018-fbf868c03b)
Qt Virtual Machine Manager
--------------------------------------------------------------------------------
Update Information:
some enhancements;
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 24 2018 Fl@sh <kaperang07(a)gmail.com> - 0.70.91-1
- version updated;
--------------------------------------------------------------------------------
================================================================================
uronode-2.9-4.fc27 (FEDORA-2018-a28a4187c3)
Alternative packet radio system for Linux
--------------------------------------------------------------------------------
Update Information:
This is an update fixing logging of users after clean installation.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.9-4
- Create empty database of current users
* Fri Jul 20 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.9-3
- Fixed FTBFS by adding gcc requirement
Resolves: rhbz#1606621
- Cleaned leftover files
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wingpanel-indicator-notifications-2.1.2-1.fc27 (FEDORA-2018-3467424b36)
Notifications Indicator for wingpanel
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.2. Release notes:
https://github.com/elementary
/wingpanel-indicator-notifications/releases/tag/2.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-1
- Update to version 2.1.2.
--------------------------------------------------------------------------------