The following Fedora 28 Security updates need testing:
Age URL
399
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
348
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
347
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
223
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
175
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
155
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28
82
https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5
bind-9.11.5-4.P4.fc28
69
https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692
libu2f-host-1.1.8-1.fc28
49
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a
thunderbird-60.6.1-1.fc28
47
https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59
chromium-73.0.3683.86-2.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9dfd44e1e9
python-gnupg-0.4.4-1.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2019-04e7d39ad3
community-mysql-5.7.26-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d93cf2b34
php-typo3-phar-stream-wrapper-3.1.1-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9b58ccab2c
freeradius-3.0.19-3.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f48c6fedc
singularity-3.1.1-1.1.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c36afa818c
kernel-headers-5.0.16-100.fc28 kernel-5.0.16-100.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
155
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b
nfs-utils-2.3.3-1.rc2.fc28
119
https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c
totem-pl-parser-3.26.2-1.fc28
110
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485
ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28
102
https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef
iproute-4.20.0-1.fc28
85
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28
dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28
64
https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace
fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28
56
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4
python-productmd-1.21-1.fc28
49
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a
thunderbird-60.6.1-1.fc28
41
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58
libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28
27
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e
libblockdev-2.18-2.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209
pungi-4.1.36-1.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c82d274716 dhcp-4.3.6-23.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3ab1dba357
hwdata-0.323-1.fc28
12
https://bodhi.fedoraproject.org/updates/FEDORA-2019-44ac6082f0 fuse-2.9.9-7.fc28
10
https://bodhi.fedoraproject.org/updates/FEDORA-2019-472a7c38e8
osinfo-db-20190504-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c6a2c61f0 pcre2-10.33-2.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-34f798420a
firefox-66.0.5-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-85907cf348
linux-firmware-20190514-96.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c36afa818c
kernel-headers-5.0.16-100.fc28 kernel-5.0.16-100.fc28
The following builds have been pushed to Fedora 28 updates-testing
Carla-2.0.0-0.10.20190501git41f81a8.fc28
R-hexbin-1.27.3-1.fc28
R-tinytex-0.13-1.fc28
R-xfun-0.7-1.fc28
ckeditor-4.11.4-1.fc28
cmake-3.14.4-1.fc28
conu-0.7.1-2.fc28
gnome-shell-extension-system-monitor-applet-38-2.20190515gitfc83a73.fc28
gpxsee-7.6-1.fc28
libmediainfo-19.04-1.fc28
libvirt-4.1.0-6.fc28
mariadb-10.2.24-1.fc28
mediaconch-18.03.2-7.fc28
mediainfo-19.04-1.fc28
perl-Fedora-Rebuild-0.12.1-13.fc28
perl-re-engine-PCRE2-0.15-2.fc28
php-di-5.4.6-7.fc28
php-natxet-cssmin-3.0.6-1.fc28
php-stecman-symfony-console-completion-0.10.1-2.fc28
qemu-2.11.2-5.fc28
qutebrowser-1.6.2-1.fc28
spectre-meltdown-checker-0.41-1.fc28
Details about builds:
================================================================================
Carla-2.0.0-0.10.20190501git41f81a8.fc28 (FEDORA-2019-a6e2c64d86)
Audio plugin host
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.0-0.10.20190501git41f81a8
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Martin Gansser <martinkg(a)fedoraproject.org> -
2.0.0-0.10.20190501git41f81a8
- Update to 2.0.0-0.10.20190501git41f81a8
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
2.0.0-0.9.20181225git2f3a442
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
R-hexbin-1.27.3-1.fc28 (FEDORA-2019-c5310510fc)
Hexagonal Binning Routines
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.27.3-1
- Update to latest version
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.27.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.27.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1709973 - R-hexbin-1.27.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1709973
--------------------------------------------------------------------------------
================================================================================
R-tinytex-0.13-1.fc28 (FEDORA-2019-c7e9971799)
Helper Functions to Install and Maintain 'TeX Live', and Compile 'LaTeX'
Documents
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.13-1
- Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1709843 - R-tinytex-0.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1709843
--------------------------------------------------------------------------------
================================================================================
R-xfun-0.7-1.fc28 (FEDORA-2019-049e3dcb64)
Miscellaneous Functions by 'Yihui Xie'
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.7-1
- Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1709845 - R-xfun-0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1709845
--------------------------------------------------------------------------------
================================================================================
ckeditor-4.11.4-1.fc28 (FEDORA-2019-1dc48a85ff)
WYSIWYG text editor to be used inside web pages
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.11.4 Fixed Issues: *
[#589](https://github.com/ckeditor/ckeditor-dev/issues/589): Fixed: The editor
causes memory leaks in create and destroy cycles. *
[#1397](https://github.com/ckeditor/ckeditor-dev/issues/1397): Fixed: Using the
dialog to remove headers from a [
table](https://ckeditor.com/cke4/addon/table)
with one header row only throws an error. *
[#1479](https://github.com/ckeditor/ckeditor-dev/issues/1479): Fixed:
[
Justification](https://ckeditor.com/cke4/addon/justify) for styled content in
BR mode is disabled. * [#2816](https://github.com/ckeditor/ckeditor-
dev/issues/2816): Fixed: [Enhanced
Image](https://ckeditor.com/cke4/addon/image2) resize handler is visible in
[read-only
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html). *
[#2874](https://github.com/ckeditor/ckeditor-dev/issues/2874): Fixed: [Enhanced
Image](https://ckeditor.com/cke4/addon/image2) resize handler is not created
when the editor is initialized in [read-only
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html). *
[#2775](https://github.com/ckeditor/ckeditor-dev/issues/2775): Fixed:
[
Clipboard](https://ckeditor.com/cke4/addon/clipboard) paste buttons have wrong
state when [read-
only](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html) mode
is set by the mouse event listener with the [Div Editing
Area](https://ckeditor.com/cke4/addon/divarea) plugin. *
[#1901](https://github.com/ckeditor/ckeditor-dev/issues/1901): Fixed: Cannot
open the context menu over a [
Widget](https://ckeditor.com/cke4/addon/widget)
with the <kbd>Shift</kbd>+<kbd>F10</kbd> keyboard shortcut. Other
Changes: *
Updated [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC) and
[
SpellCheckAsYouType](https://ckeditor.com/cke4/addon/scayt) (SCAYT) plugins:
* Language dictionary update: German language was extended with over 600k new
words. * Language dictionary update: Swedish language was extended with
over 300k new words. * Grammar support added for Australian and New
Zealand English, Polish, Slovak, Slovenian and Austrian languages. *
Changed wavy red and green lines that underline spelling and grammar errors to
straight ones. * [#55](https://github.com/WebSpellChecker/ckeditor-
plugin-wsc/issues/55): Fixed: WSC does not use [`CKEDITOR.getUrl()`](https://cke
ditor.com/docs/ckeditor4/latest/api/CKEDITOR.html#method-getUrl) when
referencing style sheets. *
[#166](https://github.com/WebSpellChecker/ckeditor-plugin-scayt/issues/166):
Fixed: SCAYT does not use [`CKEDITOR.getUrl()`](https://ckeditor.com/docs/ckedit
or4/latest/api/CKEDITOR.html#method-getUrl) when referencing style sheets.
* [#56](https://github.com/WebSpellChecker/ckeditor-plugin-wsc/issues/56):
[Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
* Fixed: After removing a dictionary, the words are not underlined and
considered as incorrect. * Fixed: The Slovenian (`sl_SL`) language does
not work. * Fixed: Quotes with code `U+2019` (Right single quotation
mark) are considered separators. * Fixed: Wrong error message formatting
when the service ID is invalid. * Fixed: Absent languages in the
Languages tab when using SCAYT with the [Shared
Spaces](https://ckeditor.com/cke4/addon/sharedspace) plugin. ## CKEditor 4.11.3
Fixed Issues: * [#2721](https://github.com/ckeditor/ckeditor-dev/issues/2721),
[#487](https://github.com/ckeditor/ckeditor-dev/issues/487): Fixed: The order of
sublist items is reversed when a higher level list item is removed. *
[#2527](https://github.com/ckeditor/ckeditor-dev/issues/2527): Fixed:
[
Emoji](https://ckeditor.com/cke4/addon/emoji) autocomplete order does not
prioritize emojis with the name starting from the used string. *
[#2572](https://github.com/ckeditor/ckeditor-dev/issues/2572): Fixed: Icons in
the [
Emoji](https://ckeditor.com/cke4/addon/emoji) dropdown navigation groups
are not centered. * [#1191](https://github.com/ckeditor/ckeditor-
dev/issues/1191): Fixed: Items in the [elements
path](https://ckeditor.com/cke4/addon/elementspath) are draggable. *
[#2292](https://github.com/ckeditor/ckeditor-dev/issues/2292): Fixed: Dropping a
list with a link on the editor's margin causes a console error and removes the
dragged text from editor. * [#2756](https://github.com/ckeditor/ckeditor-
dev/issues/2756): Fixed: The [Auto
Link](https://ckeditor.com/cke4/addon/autolink) plugin causes an error when
typing in the [source editing
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_sourcearea.html). *
[#1986](https://github.com/ckeditor/ckeditor-dev/issues/1986): Fixed: The Cell
Properties dialog from the [Table
Tools](https://ckeditor.com/cke4/addon/tabletools) plugin shows styles that are
not allowed through [`config.allowedContent`](https://ckeditor.com/docs/ckeditor
4/latest/api/CKEDITOR_config.html#cfg-allowedContent). *
[#2565](https://github.com/ckeditor/ckeditor-dev/issues/2565): [IE, Edge] Fixed:
Buttons in the [editor
toolbar](https://ckeditor.com/cke4/addon/toolbar) are
activated by clicking them with the right mouse button. *
[#2792](https://github.com/ckeditor/ckeditor-dev/pull/2792): Fixed: A bug in the
[Copy
Formatting](https://ckeditor.com/cke4/addon/copyformatting) plugin that
caused the following issues: * [#2780](https://github.com/ckeditor/ckeditor-
dev/issues/2780): Fixed: Undo steps disappear after multiple changes of
selection. * [#2470](https://github.com/ckeditor/ckeditor-dev/issues/2470):
[Firefox] Fixed: Widget's nested editable gets blurred upon focus. *
[#2655](https://github.com/ckeditor/ckeditor-dev/issues/2655): [Chrome, Safari]
Fixed: Widget's nested editable cannot be focused under certain circumstances.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 4.11.4-1
- Update to 4.11.4 (RHBZ #1683205)
- Fix rpmlint "W: invalid-license MPLv1.1+" by changing "MPLv1.1+" to
"MPLv1.1"
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1683205 - ckeditor-4.11.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1683205
--------------------------------------------------------------------------------
================================================================================
cmake-3.14.4-1.fc28 (FEDORA-2019-9f85278ead)
Cross-platform make system
--------------------------------------------------------------------------------
Update Information:
- Update to 3.14.4
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.14.4-1
- 3.14.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1710027 - cmake-3.14.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1710027
--------------------------------------------------------------------------------
================================================================================
conu-0.7.1-2.fc28 (FEDORA-2019-99017a207c)
library which makes it easy to write tests for your containers
--------------------------------------------------------------------------------
Update Information:
rhbz#1677664 - Remove hard dependency on docker
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 1 2019 Lukas Slebodnik <lslebodn(a)fedoraproject.org> - 0.7.1-2
- rhbz#1677664 - Remove hard dependency on docker
* Wed Feb 27 2019 Radoslav Pito����k <rado.pitonak(a)gmail.com> 0.7.1-1
- 0.7.1 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1677664 - Remove hard dependency on docker
https://bugzilla.redhat.com/show_bug.cgi?id=1677664
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-system-monitor-applet-38-2.20190515gitfc83a73.fc28
(FEDORA-2019-7862fc77b9)
A Gnome shell system monitor extension
--------------------------------------------------------------------------------
Update Information:
Updated to last upstream commits
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Nicolas Vi��ville <nicolas.vieville(a)uphf.fr> -
1:38-2.20190515gitfc83a73
- Updated to last upstream commits
- Fix #504 (array.to string() warnings)
- Remove obsolete compatibility code
- Scale width of elements if compact display is on
- Updated translation files
- Reverted ByteArray usage breaking display of thermal and fan speed
- Fixed frequency display showing blank due to ByteArray.tostring
--------------------------------------------------------------------------------
================================================================================
gpxsee-7.6-1.fc28 (FEDORA-2019-77aafff026)
GPS log file viewer and analyzer
--------------------------------------------------------------------------------
Update Information:
**News in version 7.6**: * Added support for Garmin IMG maps * Fixed
coordinates info display issues * Fixed rendering of large areas using OpenGL *
Fixed broken speed type switch
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Nikola Forr�� <nforro(a)redhat.com> - 7.6-1
- Update to version 7.6
resolves: #1709052
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1709052 - gpxsee-7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1709052
--------------------------------------------------------------------------------
================================================================================
libmediainfo-19.04-1.fc28 (FEDORA-2019-7155125125)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 19.04-1
- Update to 19.04
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
libvirt-4.1.0-6.fc28 (FEDORA-2019-6e146a714c)
Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:
Define md-clear CPUID bit. Assuming an updated host kernel and microcode, the
md-clear bit will be automatically exposed to guests using the QEMU "-cpu host"
arg, or libvirt "host-model" or "host-passthrough" configurations.
Guests using
a named CPU model it must be manually updated to add this extra CPU feature.
Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Daniel P. Berrang�� <berrange(a)redhat.com> - 4.1.0-6
- Define md-clear CPUID bit
- Resolves: rhbz #1709977 (CVE-2018-12126), rhbz #1709979 (CVE-2018-12127),
rhbz #1709997 (CVE-2018-12130), rhbz #1709984 (CVE-2019-11091)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data
Sampling - Information Leak (MLPDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1667782
[ 2 ] Bug #1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data
Sampling (MSBDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1646781
[ 3 ] Bug #1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling
Uncacheable Memory (MDSUM)
https://bugzilla.redhat.com/show_bug.cgi?id=1705312
[ 4 ] Bug #1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data
Sampling (MFBDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1646784
--------------------------------------------------------------------------------
================================================================================
mariadb-10.2.24-1.fc28 (FEDORA-2019-3185617acc)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.2.24** Release notes:
https://mariadb.com/kb/en/library/mariadb-10224-release-notes/
https://mariadb.com/kb/en/library/mariadb-10223-release-notes/ CVEs fixed by
upstream: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 Maintainer notes:
Most likely last update for Fedora 28 Time to upgrade
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Michal Schorm <mschorm(a)redhat.com> - 3:10.2.24-1
- Rebase to 10.2.24
- CVEs fixed:
CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
--------------------------------------------------------------------------------
================================================================================
mediaconch-18.03.2-7.fc28 (FEDORA-2019-7155125125)
Most relevant technical and tag data for video and audio files (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 18.03.2-7
- Rebuild with new mediainfo 19.04
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.03.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
mediainfo-19.04-1.fc28 (FEDORA-2019-7155125125)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 19.04-1
- Update to 19.04
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.12-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
perl-Fedora-Rebuild-0.12.1-13.fc28 (FEDORA-2019-9349f72e67)
Rebuilds Fedora packages from scratch
--------------------------------------------------------------------------------
Update Information:
This release fixes resetting a "submitbuild" state, parsing repourls
configuration option in a rebuildperl tool, reseting a git tree content on a
branch change, a race condition when deleting files using File-Path-Tiny-0.9,
and not preserving file permissions of list files by a rebuildreset tool. It
also adapts to various changes in a mock tool. It also supresses logging
satisfied dependencies by default now due to an excessive consumption of a
memory. It also uses createrepo_c tool instead a deprecated createrepo tool. It
also uses git-core instrad of big git now.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Petr Pisar <ppisar(a)redhat.com> - 0.12.1-13
- Don't forget to reset a submitbuild state
- Clean _topdir in shared mock enviroment before building a source package
- Use createrepo_c instead of createrepo
- Preserve file permissions when using a rebuildreset tool
- Fix parsing repourls configuration option in a rebuildperl tool
- Supress logging satisfied dependencies
- Do not clean mocks that failed to initialize
- Adapt to mock-1.4.1-1.fc25
- Invoke pyrpkg build with --skip-nvr-check option
- Switch to a selected git branch on the git reset
- Report a package reset failure from a death thread
- Adapt to changes in File-Path-Tiny-0.9
- Require small git-core instead of big git package
--------------------------------------------------------------------------------
================================================================================
perl-re-engine-PCRE2-0.15-2.fc28 (FEDORA-2019-fa7298b00f)
PCRE2 regular expression engine for Perl
--------------------------------------------------------------------------------
Update Information:
This release fixes a random failures of the tests.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Petr Pisar <ppisar(a)redhat.com> - 0.15-2
- Fix a race in t/gh29-segv.t test (upstream bug #34)
--------------------------------------------------------------------------------
================================================================================
php-di-5.4.6-7.fc28 (FEDORA-2019-e4778d7c50)
The dependency injection container for humans
--------------------------------------------------------------------------------
Update Information:
## 5.4.6 - Fix [#554](https://github.com/PHP-DI/PHP-DI/issues/554):
`Container::make()` fails when combined with `decorate()`. ## 5.4.5 Fixup of
5.4.4. - [#531](https://github.com/PHP-DI/PHP-DI/issues/531): performance
improvement. ## 5.4.4 This release was broken because it was tagged against
the wrong branch. - [#531](https://github.com/PHP-DI/PHP-DI/issues/531):
performance improvement.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 5.4.6-7
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
* Fri May 10 2019 Shawn Iwinski <shawn(a)iwin.ski> - 5.4.6-6
- Update to 5.4.6
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.4.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.4.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-natxet-cssmin-3.0.6-1.fc28 (FEDORA-2019-7fbc71649b)
Configurable CSS parser and minifier
--------------------------------------------------------------------------------
Update Information:
### v3.0.6 Fix bracket for count() argument Merge pull request #26 from
umulmrum/master Fix bracket for count() argument ### v3.0.5 Adapt to PHP 7.2
Merge pull request #24 from jtojnar/php72 Fix compatibility with PHP 7.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 26 2019 Remi Collet <remi(a)remirepo.net> - 3.0.6-1
- update to 3.0.6
- add minimal test for our autoloader
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1504423 - php-natxet-cssmin-3.0.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1504423
--------------------------------------------------------------------------------
================================================================================
php-stecman-symfony-console-completion-0.10.1-2.fc28 (FEDORA-2019-55f0c9f1ee)
Automatic BASH completion for Symfony Console based applications
--------------------------------------------------------------------------------
Update Information:
### 0.10.1: Options before command name fixed Fixes options appearing before
the command name (eg. `program -v cmdname`) breaking the detection of the
command that should be completed for ([#83](https://github.com/stecman/symfony-
console-completion/issues/83)) ### 0.10.0: Multi-word / whitespace support in
completions Adds support for quoted and escaped multi-word completions. No
changes are required to upgrade from 0.9.0. BASH users will need to
regenerate/reload their shell hook for multi-word completions to work. ###
0.9.0: Isolation of CompletionCommand from user-defined global options To avoid
conflicts with application-level options defined by the library user,
`CompletionCommand` now ignores custom application options. Options from
Symfony's base `Application` class are retained. No action is needed to upgrade
to this version unless your subclass of `CompletionCommand` has been modified to
use global options defined by your application. In this case you will need to
override `CompletionCommand::filterApplicationOptions` to whitelist your
options. ### 0.8.0: Symfony 4 support Adds Symfony Console 4.x to the versions
supported. No changes are required to update to this version from `0.7.0`.
Other changes: - Commands marked as hidden (`symfony-console` >= 3.2) are
excluded from completion results
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 0.10.1-2
- Fix EPEL6 build
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 0.10.1-1
- Update to 0.10.1 (RHBZ #1562562)
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1562562 - php-stecman-symfony-console-completion-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1562562
--------------------------------------------------------------------------------
================================================================================
qemu-2.11.2-5.fc28 (FEDORA-2019-6e146a714c)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
Define md-clear CPUID bit. Assuming an updated host kernel and microcode, the
md-clear bit will be automatically exposed to guests using the QEMU "-cpu host"
arg, or libvirt "host-model" or "host-passthrough" configurations.
Guests using
a named CPU model it must be manually updated to add this extra CPU feature.
Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Daniel P. Berrang�� <berrange(a)redhat.com> - 2:2.11.2-5
- Define md-clear CPUID bit
- Resolves: rhbz #1710002 (CVE-2018-12126), rhbz #1710004 (CVE-2018-12127),
rhbz #1710003 (CVE-2018-12130), rhbz #1710006 (CVE-2019-11091)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data
Sampling - Information Leak (MLPDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1667782
[ 2 ] Bug #1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data
Sampling (MSBDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1646781
[ 3 ] Bug #1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling
Uncacheable Memory (MDSUM)
https://bugzilla.redhat.com/show_bug.cgi?id=1705312
[ 4 ] Bug #1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data
Sampling (MFBDS)
https://bugzilla.redhat.com/show_bug.cgi?id=1646784
--------------------------------------------------------------------------------
================================================================================
qutebrowser-1.6.2-1.fc28 (FEDORA-2019-a5d781ec45)
A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine
--------------------------------------------------------------------------------
Update Information:
Minor bug fixes only.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.6.2-1
- New upstream release
* Fri Apr 5 2019 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.6.1-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1690768 - qutebrowser-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1690768
--------------------------------------------------------------------------------
================================================================================
spectre-meltdown-checker-0.41-1.fc28 (FEDORA-2019-3214dd9701)
Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 0.41 * Feature: add support for the 4 MDS CVEs (CVE-2018-12126,
CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 / Fallout, RIDL, ZombieLoad) *
Feature: add Spectre and Meltdown mitigation detection for Hygon CPU
([#271](https://github.com/speed47/spectre-meltdown-checker/pull/271)) *
Feature: for SSBD, report whether the mitigation is active (in live mode)
([#210](https://github.com/speed47/spectre-meltdown-checker/issues/210)) *
Enhancement: better Xen and hypervisors detection
([#259](https://github.com/speed47/spectre-meltdown-checker/pull/259))
([#270](https://github.com/speed47/spectre-meltdown-checker/pull/270)) *
Enhancement: in paranoid mode, assume we're running a hypervisor (for L1TF)
unless stated otherwise * Enhancement: better detect Arch kernel image location
([#268](https://github.com/speed47/spectre-meltdown-checker/pull/268)) * Fix:
error when no process used prctl to set SSB mitigation * Fix: invalid names in
json batch mode ([#279](https://github.com/speed47/spectre-meltdown-
checker/issues/279)) * Fix: IBRS kernel reported active even if sysfs had
"IBRS_FW" only ([#275](https://github.com/speed47/spectre-meltdown-
checker/issues/275)) ([#276](https://github.com/speed47/spectre-meltdown-
checker/issues/276)) * Fix: load vmm under BSD if not already loaded
([#274](https://github.com/speed47/spectre-meltdown-checker/issues/274)) * Fix:
misdetection of files under Clear Linux
([#264](https://github.com/speed47/spectre-meltdown-checker/issues/264)) * Misc:
update MCEdb to v110 * Misc: dozens of other fixes and enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Reto Gantenbein <reto.gantenbein(a)linuxmonk.ch> - 0.41-1
- Update to 0.41
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.40-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------