The following Fedora 28 Security updates need testing:
Age URL
335
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
285
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
283
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
159
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
112
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
91
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28
88
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b
tomcat-8.5.35-1.fc28
22
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d7ef743ef0
librsvg2-2.42.7-2.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa95c8120f
thunderbird-60.5.1-1.fc28
20
https://bodhi.fedoraproject.org/updates/FEDORA-2019-216ba46b12
mingw-poppler-0.62.0-3.fc28
19
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8b5e704a73
poppler-0.62.0-16.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5
bind-9.11.5-4.P4.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3c1aed2aa9
cfitsio-3.430-2.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-07d447a1d3
golang-googlecode-net-0-0.48.20190302git16b79f2.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b2d986c3e9
freerdp-2.0.0-49.20190304git435872b.fc28 gnome-boxes-3.28.5-2.fc28
pidgin-sipe-1.24.0-3.fc28 remmina-1.3.3-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bce6498890 xen-4.10.3-2.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-efa799fd16 php-7.2.16-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692
libu2f-host-1.1.8-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-694e3aa4e8
ntp-4.2.8p13-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5ad2149e99
python2-django1.11-1.11.20-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-7b9bb0e426
ghostscript-9.26-3.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8cdd669aca
tcpflow-1.5.0-4.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b73bd3e5d
libzip-1.5.2-1.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-918aad6bd5 SDL-1.2.15-32.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
91
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b
nfs-utils-2.3.3-1.rc2.fc28
82
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e
highlight-3.48-1.fc28
55
https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c
totem-pl-parser-3.26.2-1.fc28
48
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9c4843d39
volume_key-0.3.12-2.fc28
47
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485
ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28
39
https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef
iproute-4.20.0-1.fc28
31
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b9a64e04c4
polkit-0.115-2.2.fc28
22
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28
dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28
22
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d7ef743ef0
librsvg2-2.42.7-2.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa95c8120f
thunderbird-60.5.1-1.fc28
19
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8b5e704a73
poppler-0.62.0-16.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2019-68e7e119bb
udisks2-2.7.6-3.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f3460f6658
perl-5.26.3-417.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2019-80802d12fa
python-setuptools-40.8.0-1.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e2f4fbaad
lxsession-0.5.4-1.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2019-35f82e5d32
lxpanel-0.10.0-1.fc28
10
https://bodhi.fedoraproject.org/updates/FEDORA-2019-16c2256578 audit-2.8.5-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac998d3003 vim-8.1.994-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5090aeed7f
osinfo-db-20190304-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bce6498890 xen-4.10.3-2.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3b5f8c9144
python-pid-2.2.3-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c0afa6a261
hwdata-0.321-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3880624c44
openldap-2.4.46-5.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c4107ac9d3 koji-1.17.0-5.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-3516fa2764
kernel-headers-4.20.15-100.fc28 kernel-4.20.15-100.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f38cfd1456
ntfs-3g-2017.3.23-10.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace
fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
R-NISTunits-1.0.1-1.fc28
R-measurements-1.3.0-1.fc28
R-stringi-1.4.3-1.fc28
R-tinytex-0.11-1.fc28
R-udunits2-0.13-1.fc28
fedmod-0.6.2-1.fc28
fotoxx-19.6-1.fc28
icedtea-web-1.8-1.fc28
lcgdm-1.12.0-2.fc28
libjpeg-turbo-1.5.3-7.fc28
openwsman-2.6.5-4.fc28
optimizer-1.1.0-2.fc28
php-twig-1.38.2-2.fc28
php-twig2-2.7.2-1.fc28
python-passlib-1.7.1-2.fc28
rubygem-liquid-4.0.3-1.fc28
tcpreplay-4.3.2-1.fc28
wireshark-2.6.7-1.fc28
wordpress-5.1.1-1.fc28
Details about builds:
================================================================================
R-NISTunits-1.0.1-1.fc28 (FEDORA-2019-7b11779a49)
Fundamental Physical Constants and Unit Conversions from NIST
--------------------------------------------------------------------------------
Update Information:
Initial package of NISTunits for R
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687260 - Review Request: R-NISTunits - Fundamental Physical Constants and
Unit Conversions from NIST
https://bugzilla.redhat.com/show_bug.cgi?id=1687260
--------------------------------------------------------------------------------
================================================================================
R-measurements-1.3.0-1.fc28 (FEDORA-2019-f93e38632d)
Tools for Units of Measurement
--------------------------------------------------------------------------------
Update Information:
Initial package of measurements for R
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687274 - Review Request: R-measurements - Tools for Units of Measurement
https://bugzilla.redhat.com/show_bug.cgi?id=1687274
--------------------------------------------------------------------------------
================================================================================
R-stringi-1.4.3-1.fc28 (FEDORA-2019-94c8a25898)
Character String Processing Facilities
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.4.3-1
- Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688045 - R-stringi-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1688045
--------------------------------------------------------------------------------
================================================================================
R-tinytex-0.11-1.fc28 (FEDORA-2019-23a12484a5)
Helper Functions to Install and Maintain 'TeX Live', and Compile 'LaTeX'
Documents
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2019 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.11-1
- Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688006 - R-tinytex-0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1688006
--------------------------------------------------------------------------------
================================================================================
R-udunits2-0.13-1.fc28 (FEDORA-2019-a9432c4c12)
Udunits-2 Bindings for R
--------------------------------------------------------------------------------
Update Information:
Initial package of udunits2 for R
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687624 - Review Request: R-udunits2 - Udunits-2 Bindings for R
https://bugzilla.redhat.com/show_bug.cgi?id=1687624
--------------------------------------------------------------------------------
================================================================================
fedmod-0.6.2-1.fc28 (FEDORA-2019-3c37f33acf)
Utilities for generating & maintaining modulemd files
--------------------------------------------------------------------------------
Update Information:
This is an enhancement and bug fix release. It introduces the `repo2module`
command which lets users create modulemd files from existing local RPM
repositories. Additionally, it fixes some cases where architectures were hard-
coded.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2019 Nils Philippsen <nils(a)redhat.com> 0.6.2-1
- Update version metadata for release 0.6.2 (nils(a)redhat.com)
- repo2module: allow feeding from existing modulemd (nils(a)redhat.com)
- repo2module: set NSVC, default profile from API pkg (or default)
(nils(a)redhat.com)
- add ModuleFromRepoGenerator and repo2module command (nils(a)redhat.com)
- parse_dataset_name(): cope with 'architectures' missing (nils(a)redhat.com)
- add reading list of packages from a repository (nils(a)redhat.com)
- allow writing caches silently (nils(a)redhat.com)
- DistroPaths: work with local repositories (nils(a)redhat.com)
- cope with non-x86_64 multilib (nils(a)redhat.com)
- add script to generate compat arch configuration (nils(a)redhat.com)
- _depchase: don't hardcode x86_64 (nils(a)redhat.com)
- fix summarize_modules() called from outside CLI (nils(a)redhat.com)
- fix typo (nils(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
fotoxx-19.6-1.fc28 (FEDORA-2019-51cce808f3)
Photo editor
--------------------------------------------------------------------------------
Update Information:
19.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Gwyn Ciesla <gwync(a)protonmail.com> - 19.6-1
- 19.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688141 - fotoxx-19.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1688141
--------------------------------------------------------------------------------
================================================================================
icedtea-web-1.8-1.fc28 (FEDORA-2019-ca1658b241)
Additional Java components for OpenJDK - Java browser plug-in and Web Start
implementation
--------------------------------------------------------------------------------
Update Information:
Updated to fres upstream release:
https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/041320....
New in release 1.8 (2019-03-12): * added support for javafx-desc and so allwong
run of pure-javafx only applications * --nosecurity enhanced for possibility to
skip invalid signatures * enhanced to allow resources to be read also from
j2se/java element (OmegaT) * PR3644 - java.lang.NoClassDefFoundError: Could not
initialize class
net.sourceforge.jnlp.runtime.JNLPRuntime$DeploymentConfigurationHolder *
deployment.config now support generic url instead just file * Added support for
windows desktop shortcuts via
https://github.com/DmitriiShamrikov/mslinks *
cache can now be operated by groups, list by -Xcacheids (details via -verbose,
can filter by regex), Xclearcache now can clear only selected id. There is also
gui to operate cache via id in itweb-settings now. * desktop shortcut name get
shortened to title or file if title is missing. * shared native launchers *
scripted launchers rework: Windows bat launchers rewritten to be feature
complete, Linux shell launchers made portable, build enhanced to produce
platform independent image
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 26 2019 - Jiri Vanek <jvanek(a)redhat.com> -1.8pre-0.2
- itw-modularjdk.args marked as config(norepalce)
* Thu Feb 21 2019 - Jiri Vanek <jvanek(a)redhat.com> -1.8pre-0.1
- updated to soon to release itw 1.8 with native launchers
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.1-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 16 2018 - Jiri Vanek <jvanek(a)redhat.com> -1.7.1-11
- added usptream pathces
* Mon Jul 16 2018 - Jiri Vanek <jvanek(a)redhat.com> -1.7.1-10
- added usptream pathces
- removed most relicts off plugin
* Mon Jul 16 2018 - Jiri Vanek <jvanek(a)redhat.com> -1.7.1-8
- removed rhino
* Thu May 24 2018 - Jiri Vanek <jvanek(a)redhat.com> -1.7.1-6
- removed clang
* Mon May 14 2018 - Jiri Vanek <jvanek(a)redhat.com> -1.7.1-6
- added an applied patch1, oracleForms.patch to make oracle forms working
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.12.0-2.fc28 (FEDORA-2019-b8cd6e4dce)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
A fix for multi-protocol space divergence issues :
https://its.cern.ch/jira/browse/LCGDM-2752 ---- A fix for multi-protocol space
divergence issues :
https://its.cern.ch/jira/browse/LCGDM-2752
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.12.0-2
- Add isa provides for python2 packages
* Fri Mar 8 2019 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.12.0-1
- New upstream release 1.12.0
- Drop patch lcgdm-1.10.0-explicit-python2
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.10.0-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 1.10.0-15
- Rebuilt for libcrypt.so.2 (#1666033)
* Fri Jan 4 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 1.10.0-14
- Add patch to use explicit python2 shebangs, fixes FTBFS for Fedora 30
- Link the c compiled python modules with proper LDFLAGS
* Thu Aug 9 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.10.0-13
- Use explicit --with-python=/usr/bin/python2 in configure (fixes rawhide)
- Remove redundant macro definitions for old Fedora and EPEL releases
- Only filter provides on EPEL 6 - the others filter correctly by default
- Add python34-lfc and python34-dnf packages for EPEL 7
- Remove obsolete Group tags
- Fix more python subpackage names
- Fix shebang in dpm-listspaces script
- Use %license, %ldconfig_scriptlets and %systemd_requires
* Mon Jul 16 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.10.0-12
- Fix python subpackage names
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.10.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 3 2018 Petr Pisar <ppisar(a)redhat.com> - 1.10.0-10
- Perl 5.28 rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.10.0-9
- Perl 5.28 rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.10.0-8
- Rebuilt for Python 3.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600711 - lcgdm: dpm-python3 requires both Python 2 and Python 3
https://bugzilla.redhat.com/show_bug.cgi?id=1600711
--------------------------------------------------------------------------------
================================================================================
libjpeg-turbo-1.5.3-7.fc28 (FEDORA-2019-87e2fa8e0f)
A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
--------------------------------------------------------------------------------
Update Information:
Fix for **CVE-2018-14498**
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Nikola Forr�� <nforro(a)redhat.com> - 1.5.3-7
- Fix CVE-2018-14498 (#1687428)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687428 - CVE-2018-14498 libjpeg-turbo: heap-based buffer over-read via
crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service [fedora-28]
https://bugzilla.redhat.com/show_bug.cgi?id=1687428
--------------------------------------------------------------------------------
================================================================================
openwsman-2.6.5-4.fc28 (FEDORA-2019-348166f7fd)
Open source Implementation of WS-Management
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2019-3816 and CVE-2019-3833
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek(a)redhat.com> - 2.6.5-4
- Fix CVE-2019-3816
Resolves: #1687760
- Fix CVE-2019-3833
Resolves: #1687762
* Wed Feb 21 2018 Vitezslav Crhonek <vcrhonek(a)redhat.com> - 2.6.5-3
- Fix wrong SSL_CTX_set_cipher_list() retval check
- Explicitly disable build of java bindings (build fails if java-devel is installed)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1667070 - CVE-2019-3816 openwsman: Arbitrary file disclosure due to root
working directory
https://bugzilla.redhat.com/show_bug.cgi?id=1667070
[ 2 ] Bug #1674478 - CVE-2019-3833 openwsman: Infinite loop in process_connection()
allows denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1674478
--------------------------------------------------------------------------------
================================================================================
optimizer-1.1.0-2.fc28 (FEDORA-2019-f5d2056ef8)
Find out what's eating up your system resources
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
================================================================================
php-twig-1.38.2-2.fc28 (FEDORA-2019-64f6c399c9)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName()
---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version
1.38.0** (2019-03-12) * fixed sandbox security issue (under some
circumstances, calling the __toString() method on an object was possible even
if not allowed by the security policy) * fixed batch filter clobbers array
keys when fill parameter is used * added preserveKeys support for the batch
filter * fixed "embed" support when used from "template_from_string"
* added
the possibility to pass a TemplateWrapper to Twig\Environment::load() *
improved the performance of the sandbox * added a spaceless filter * added max
value to the "random" function * made namespace classes the default classes
(PSR-0 ones are aliases now) * removed duplicated directory separator in
FilesystemLoader * added Twig\Loader\ChainLoader::getLoaders() * changed
internal code to use the namespaced classes as much as possible
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Remi Collet <remi(a)remirepo.net> - 1.38.2-1
- update to 1.38.2
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.37.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-twig2-2.7.2-1.fc28 (FEDORA-2019-e86155be6e)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName()
---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version
2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances,
calling the __toString() method on an object was possible even if not allowed
by the security policy) * fixed batch filter clobbers array keys when fill
parameter is used * added preserveKeys support for the batch filter * fixed
"embed" support when used from "template_from_string" * deprecated
passing a
Twig\Template to Twig\Environment::load()/Twig\Environment::resolveTemplate() *
added the possibility to pass a TemplateWrapper to Twig\Environment::load() *
marked Twig\Environment::getTemplateClass() as internal (implementation detail)
* improved the performance of the sandbox * deprecated the spaceless tag *
added a spaceless filter * added max value to the "random" function *
deprecated Twig\Extension\InitRuntimeInterface * deprecated
Twig\Loader\ExistsLoaderInterface * deprecated PSR-0 classes in favor of
namespaced ones * made namespace classes the default classes (PSR-0 ones are
aliases now) * added Twig\Loader\ChainLoader::getLoaders() * removed
duplicated directory separator in FilesystemLoader * deprecated the
"base_template_class" option on Twig\Environment * deprecated the
Twig\Environment::getBaseTemplateClass() and
Twig\Environment::setBaseTemplateClass() methods * changed internal code to use
the namespaced classes as much as possible * deprecated
Twig_Parser::isReservedMacroName()
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Remi Collet <remi(a)remirepo.net> - 2.7.2-1
- update to 2.7.2
--------------------------------------------------------------------------------
================================================================================
python-passlib-1.7.1-2.fc28 (FEDORA-2019-58bcebba3f)
Comprehensive password hashing framework supporting over 20 schemes
--------------------------------------------------------------------------------
Update Information:
- Use new python macros - Add conditional to turn off python2 packages - Remove
egg(-info) before build - Run testsuite
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 1.7.1-2
- Use new python macros
- Add conditional to turn off python2 packages
- Remove egg(-info) before build
- Run testsuite
--------------------------------------------------------------------------------
================================================================================
rubygem-liquid-4.0.3-1.fc28 (FEDORA-2019-ed6bb848cd)
Secure, non-evaling end user template engine
--------------------------------------------------------------------------------
Update Information:
Update to version 4.0.3. --- Update to version 4.0.2.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2019 Fabio Valentini <decathorpe(a)gmail.com> - 4.0.3-1
- Update to version 4.0.3.
* Sat Mar 9 2019 Fabio Valentini <decathorpe(a)gmail.com> - 4.0.2-1
- Update to version 4.0.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687001 - rubygem-liquid-4.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1687001
[ 2 ] Bug #1687933 - rubygem-liquid-4.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1687933
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.3.2-1.fc28 (FEDORA-2019-a9c08d4b40)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
Patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Bojan Smojver <bojan@rexursive com> - 4.3.2-1
- bump up to 4.3.2
* Wed Mar 13 2019 Bojan Smojver <bojan@rexursive com> - 4.3.1-3
- patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1678245 - CVE-2019-8377 tcpreplay: null pointer dereference in function
get_ipv6_l4proto() in get.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678245
[ 2 ] Bug #1678242 - CVE-2019-8376 tcpreplay: null pointer dereference in function
get_layer4_v6() in get.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678242
[ 3 ] Bug #1678231 - CVE-2019-8381 tcpreplay: invalid memory access in function
do_checksum in checksum.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678231
[ 4 ] Bug #1646408 - CVE-2018-18408 tcpreplay: use-after-free in post_args function in
tcpbridge.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646408
[ 5 ] Bug #1646403 - CVE-2018-18407 tcpreplay: tcpreplay: heap-based buffer over-read
in csum_replace4 function in incremental_checksum.h [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1646403
[ 6 ] Bug #1678244 - CVE-2019-8377 tcpreplay: null pointer dereference in function
get_ipv6_l4proto() in get.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678244
[ 7 ] Bug #1678241 - CVE-2019-8376 tcpreplay: null pointer dereference in function
get_layer4_v6() in get.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678241
[ 8 ] Bug #1678230 - CVE-2019-8381 tcpreplay: invalid memory access in function
do_checksum in checksum.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1678230
--------------------------------------------------------------------------------
================================================================================
wireshark-2.6.7-1.fc28 (FEDORA-2019-dc4baa14e2)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
New version 2.6.7 - last version update before EOL in F28 Fixes CVE-2019-9208
and CVE-2019-9209
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.7-1
- New version 2.6.7
- Contains fixes for CVE-2019-9208 and CVE-2019-9209
--------------------------------------------------------------------------------
================================================================================
wordpress-5.1.1-1.fc28 (FEDORA-2019-8606c6da35)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream announcement: [WordPress 5.1.1 Security and Maintenance
Release](https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-
maintenance-release/)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Remi Collet <remi(a)remirepo.net> - 5.1.1-1
- WordPress 5.1.1 Security and Maintenance Release
--------------------------------------------------------------------------------