The following Fedora 28 Security updates need testing:
Age URL
228
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
177
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
176
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
169
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
137
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf
docker-latest-1.13.1-37.git9cb56fd.fc28
52
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
29
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d748596e9
drupal8-8.6.2-1.fc28
25
https://bodhi.fedoraproject.org/updates/FEDORA-2018-18023f40fa
drupal7-7.60-2.fc28
25
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d2739ebed
php-Smarty2-2.6.31-2.fc28
24
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee55d77c9 links-2.17-1.fc28
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a5d1fa335e
gettext-0.19.8.1-18.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c8db7357b
chromium-70.0.3538.77-4.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0d2429d3 bird-1.6.4-2.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-89413a04e0
wireshark-2.6.4-1.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-02e965a729
rubygem-rack-2.0.4-4.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-86e2487df2
pdns-recursor-4.1.7-1.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d716df9942
rubygem-loofah-2.0.3-6.fc28
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1
glusterfs-4.1.6-1.fc28
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b4820696e1
community-mysql-5.7.24-1.fc28
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790
mupdf-1.14.0-6.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f73869d61e
php-PHPMailer-5.2.27-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f5e6e9957
php-phpmailer6-6.0.6-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4d68cf2b1c
flatpak-1.0.6-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-96b48b34ae
mingw-uriparser-0.9.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a3ef0a026f
uriparser-0.9.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4910a3260
moodle-3.4.6-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9581d9624
python-notebook-5.5.0-6.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1 tmux-2.8-2.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef486b9e50
dnsdist-1.3.3-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5ed8fb9efa
python3-3.6.7-2.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-998a7b6fc3 ibus-1.5.19-8.fc28
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-de1faf9ca6
libtirpc-1.0.3-6.rc2.fc28
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196
shadow-utils-4.6-4.fc28
16
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a5d1fa335e
gettext-0.19.8.1-18.fc28
14
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f893865248
edk2-20180815gitcb5f4f45ce-2.fc28
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1
glusterfs-4.1.6-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4d68cf2b1c
flatpak-1.0.6-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06 pam-1.3.1-8.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f5e72a448 grilo-0.3.7-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d169dbb09d
osinfo-db-20181116-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-183750cf72
mesa-demos-8.4.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ec86b4414f
xorg-x11-drv-ati-18.1.0-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9912804951
firefox-63.0.3-2.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-02374556d9
thunderbird-60.3.1-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5ed8fb9efa
python3-3.6.7-2.fc28
The following builds have been pushed to Fedora 28 updates-testing
cobbler-2.8.4-2.fc28
cqrlog-2.3.0-3.fc28
eccodes-2.9.2-1.fc28
libneurosim-0-4.20181124.git0364674.fc28
moin-1.9.10-1.fc28
nest-2.16.0-4.fc28
python-img2pdf-0.3.2-1.fc28
python-toml-0.10.0-1.fc28
qjackctl-0.5.5-2.fc28
qsynth-0.5.3-1.fc28
runc-1.0.0-59.dev.gitccb5efd.fc28
Details about builds:
================================================================================
cobbler-2.8.4-2.fc28 (FEDORA-2018-288d5d5b39)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226,
CVE-2018-10931) - Make koan require python2-ethtool (BZ 1638933)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 25 2018 Orion Poplawski <orion(a)nwra.com> - 2.8.4-2
- Make koan require python2-ethtool (BZ 1638933)
* Sat Nov 24 2018 Orion Poplawski <orion(a)nwra.com> - 2.8.4-1
- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 30 2018 Orion Poplawski <orion(a)nwra.com> - 2.8.3-3
- koan requires urlgrabber
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643860 - Kickstart generation is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1643860
[ 2 ] Bug #1614433 - CVE-2018-10931 cobbler: CobblerXMLRPCInterface exports all its
methods over XMLRPC [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1614433
[ 3 ] Bug #1613292 - cobbler: XMLRPC API endpoints are not correctly validating security
tokens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1613292
[ 4 ] Bug #1638933 - koan RPM should require python-ethtool
https://bugzilla.redhat.com/show_bug.cgi?id=1638933
--------------------------------------------------------------------------------
================================================================================
cqrlog-2.3.0-3.fc28 (FEDORA-2018-d141de0426)
An amateur radio contact logging program
--------------------------------------------------------------------------------
Update Information:
Patch to use libmariadb instead of libmysqldclient.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 9 2018 Richard Shaw <hobbes1069(a)gmail.com> - 2.3.0-3
- Clean up scripts that are no longer required by the packaging guidelines.
* Sat Oct 27 2018 Jim Lieb <lieb(a)sea-troll.net.> - 2.3.0-3
- Fix mysql/mariadb client lib search path
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1592176 - dependency not listed (cqrlog requires mariadb-connector-c-devel)
https://bugzilla.redhat.com/show_bug.cgi?id=1592176
--------------------------------------------------------------------------------
================================================================================
eccodes-2.9.2-1.fc28 (FEDORA-2018-ed551da068)
WMO data format decoding and encoding
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream version 2.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 24 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.9.2-1
- Upgrade to upstream version 2.9.2
* Sun Oct 7 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.9.0-1
- Upgrade to upstream version 2.9.0
* Sat Sep 15 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.8.2-4
- add Excludearch for aarch64 on epel7
* Sat Sep 15 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.8.2-3
- Explicitely disable python in cmake call and use ctest3 rather than ctest
to ensure the build runs on EPEL-7 as well
* Thu Sep 13 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.8.2-2
- Remove python2 sub-package as per Mass Python 2 Package Removal for f30
* Sun Sep 9 2018 Jos de Kloe <josdekloe(a)gmail.com> - 2.8.2-1
- Upgrade to version 2.8.2
--------------------------------------------------------------------------------
================================================================================
libneurosim-0-4.20181124.git0364674.fc28 (FEDORA-2018-4c8b4be40d)
Common interfaces for neuronal simulators
--------------------------------------------------------------------------------
Update Information:
* Update to latest snapshot: puts required libraries in the right place. * NEST
built with libneurosim support
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 24 2018 Ankur Sinha <ankursinha AT fedoraproject DOT org> -
0-4.20181124.git0364674
- Use bcond conditionals
* Sat Nov 24 2018 Ankur Sinha <ankursinha AT fedoraproject DOT org> -
0-3.20181124.git0364674
- Update to latest upstream commit
- Put libraries in correct locations. libpyneurosim is NOT a python extension module
- Remove python sub packages: other software must link against both libneurosim and
libpyneurosim
- All explained in:
https://github.com/INCF/libneurosim/issues/12
--------------------------------------------------------------------------------
================================================================================
moin-1.9.10-1.fc28 (FEDORA-2018-ce80431ed9)
MoinMoin is a WikiEngine to collaborate on easily editable web pages
--------------------------------------------------------------------------------
Update Information:
Update to 1.9.10 (rhbz #1641242)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 25 2018 Athmane Madjoudj <athmane(a)fedoraproject.org> - 1.9.10-1
- Update to 1.9.10 (rhbz #1641242)
- Remove the backported patch
- Minor spec fix: README path and py2/env shebang
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.9-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1641242 - moin-1.9.10 is available, contains security fixes
https://bugzilla.redhat.com/show_bug.cgi?id=1641242
--------------------------------------------------------------------------------
================================================================================
nest-2.16.0-4.fc28 (FEDORA-2018-4c8b4be40d)
The neural simulation tool
--------------------------------------------------------------------------------
Update Information:
* Update to latest snapshot: puts required libraries in the right place. * NEST
built with libneurosim support
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 24 2018 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 2.16.0-4
- Use bcond
- Enable libneurosim support
--------------------------------------------------------------------------------
================================================================================
python-img2pdf-0.3.2-1.fc28 (FEDORA-2018-f75d92ea4b)
Lossless images to PDF conversion library and command
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 24 2018 Georg Sauthoff <mail(a)gms.tf> - 0.3.2-1
- Update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
python-toml-0.10.0-1.fc28 (FEDORA-2018-e01c8e4bd3)
Python Library for Tom's Obvious, Minimal Language
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 25 2018 Julien Enselme <jujens(a)jujens.eu> - 0.10.0-1
- Update to 0.10.0 (#1652946)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652946 - python-toml: Please update to 0.10.0
https://bugzilla.redhat.com/show_bug.cgi?id=1652946
--------------------------------------------------------------------------------
================================================================================
qjackctl-0.5.5-2.fc28 (FEDORA-2018-15f007c4fb)
Qt based JACK control application
--------------------------------------------------------------------------------
Update Information:
- Old deprecated Qt4 build support is no more. - Graph port sort options
added as View / Sort menu. - System tray options now subject to current
desktop environment availability. - Also disable Setup / Misc / Other / Save
JACK server configuration to (.jackdrc) when JACK D-Bus interface is enabled. -
Whether to use server synchronous mode option added to Setup / Settings /
Parameters (only applied when JACK D-BUS interface is enabled). - Disable
some Setup / Settings / Advanced parameters when JACK D-Bus interface is enabled
and vice-versa. - Attempt to power-cycle JACK D-Bus service on demand; -
Marked as probably useless anyway, old "H/W Monitor" option (-H) is now being
ditched from Setup / Settings / Advanced tab.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 25 2018 Orcan Ogetbil <oget [DOT] fedora [AT] gmail [DOT] com> - 0.5.5-2
- Appdata fix
* Sun Nov 25 2018 Orcan Ogetbil <oget [DOT] fedora [AT] gmail [DOT] com> - 0.5.5-1
- New version
--------------------------------------------------------------------------------
================================================================================
qsynth-0.5.3-1.fc28 (FEDORA-2018-8144a69ed1)
Qt based Fluidsynth GUI front end
--------------------------------------------------------------------------------
Update Information:
qsynth-0.5.3 ------------------ - Current FluidSynth version information
added to command line output (-V, --version). - Overhaul adaptations to the
FluidSynth API V2 (>= 2.0.0). - AppStream metadata updated to be the most
compliant with latest
freedesktop.org specification and recommendation.
qsynth-0.5.2 ------------------ - AppData/AppStream metadata is now settled
under an all permisssive license (FSFAP). qsynth-0.5.1 ------------------ -
Disable singleton/unique application instance setup logic when the display
server platform is not X11. - Fixed deprecated calls to
fluid_synth_get_channel_info(), fluid_synth_set_midi_router() and
fluid_settings_getstr() (as signaled on libfluidsynth >= 1.1.9). - A little
hardening on the configure (autoconf) macro side.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 25 2018 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> 0.5.3-1
- Update to 0.5.3
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1446604 - qsynth-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1446604
--------------------------------------------------------------------------------
================================================================================
runc-1.0.0-59.dev.gitccb5efd.fc28 (FEDORA-2018-504e197a65)
CLI for running Open Containers
--------------------------------------------------------------------------------
Update Information:
RC6 for runc
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 24 2018 Dan Walsh <dwalsh(a)redhat.name> - 2:1.0.0-59.dev.gitccb5efd3
- rc6 build
* Wed Nov 7 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-58.dev.git079817c
- autobuilt 079817c
--------------------------------------------------------------------------------