The following Fedora 28 Security updates need testing:
Age URL
65
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
37
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c75a37ae9b
blktrace-1.2.0-6.fc28
25
https://bodhi.fedoraproject.org/updates/FEDORA-2018-202c536f70
gifsicle-1.91-1.fc28
19
https://bodhi.fedoraproject.org/updates/FEDORA-2018-52ee188215
cobbler-2.8.3-2.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-57a9f93beb
sox-14.4.2.0-22.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ceced55c5e
bouncycastle-1.59-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4e088b6d7c
perl-Archive-Tar-2.28-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f30937bed nikto-2.1.6-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-049dee041d
mupdf-1.13.0-8.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3dc16842e2 gnupg2-2.2.8-1.fc28
libgpg-error-1.31-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86e5bc77
mingw-libtiff-4.0.9-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aed26fc705 ppp-2.4.7-22.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c2e288c5f
timidity++-2.14.0-16.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a5940771ff
cri-o-1.10.2-1.git1ffcbb6.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-31f5fe58f7
redis-4.0.10-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d87dc56e0
libgxps-0.3.0-5.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-866bd0e3c2
dcraw-9.28.0-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f972c1b36e
python-XStatic-jquery-ui-1.12.0.1-2.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a4bb79ea75
thunderbird-enigmail-2.0.7-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3f61c5cf7c
rubygem-sinatra-2.0.0-4.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e759af8fb
matrix-synapse-0.31.2-1.fc28 python-prometheus_client-0.2.0-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ea5beb4cf
libgcrypt-1.8.3-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a89844963c pass-1.7.2-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0e72ef852a
libjpeg-turbo-1.5.3-5.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-80b606cb29
seabios-1.11.1-1.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-94ac0eace1
iproute-4.16.0-1.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e9e11463bd brltty-5.6-19.fc28
9
https://bodhi.fedoraproject.org/updates/FEDORA-2018-38d2c74097 nss-3.37.3-1.1.fc28
nss-softokn-3.37.3-1.1.fc28 nss-util-3.37.3-1.0.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3dc16842e2 gnupg2-2.2.8-1.fc28
libgpg-error-1.31-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aed26fc705 ppp-2.4.7-22.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4b709ebc5e lorax-28.15-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-940ac53cb8 sssd-1.16.2-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6a92e4f47a
glusterfs-4.1.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2013948e52
osinfo-db-20180612-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8683c6de9b
totem-pl-parser-3.26.1-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0075e05ecb
perl-Time-Local-1.280-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d87dc56e0
libgxps-0.3.0-5.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9d3adb3c1f
libgweather-3.28.2-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0e72ef852a
libjpeg-turbo-1.5.3-5.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ea5beb4cf
libgcrypt-1.8.3-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ca326f3c1 vim-8.1.055-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-972fa3841b git-2.17.1-3.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5665d0448d krb5-1.16.1-6.fc28
The following builds have been pushed to Fedora 28 updates-testing
NetworkManager-1.10.10-1.fc28
R-globals-0.12.0-1.fc28
R-later-0.7.3-1.fc28
R-munsell-0.5.0-1.fc28
R-polyclip-1.9.0-1.fc28
R-stringi-1.2.3-1.fc28
ansible-2.5.5-2.fc28
eclipse-anyedit-2.7.1-1.fc28
egl-wayland-1.0.4-0.1.20180602git4ab0873.fc28
elementary-xfce-icon-theme-0.12-1.fc28
ethtool-4.17-1.fc28
fityk-1.3.1-13.fc28
flatpak-0.11.8.3-1.fc28
fleet-commander-admin-0.10.8-3.fc28
fprintd-0.8.1-1.fc28
gap-pkg-lpres-0.4.3-1.fc28
gnome-shell-extension-openweather-1-0.33.20180616git401d68e.fc28
gnome-shell-extension-panel-osd-1-0.25.20180616giteb0d3c2.fc28
gnupg-1.4.23-1.fc28
gnushogi-1.5-0.5.git5bb0b5b.fc28
krb5-1.16.1-7.fc28
mariadb-10.2.15-2.fc28
mate-media-1.20.1-1.fc28
mate-menus-1.20.1-1.fc28
mate-notification-daemon-1.20.1-1.fc28
mesa-18.0.5-1.fc28
mingw-podofo-0.9.5-6.fc28
mint-y-icons-1.2.6-1.fc28
mlt-6.8.0-2.fc28
nodejs-8.11.3-1.fc28
opensips-2.3.4-1.fc28
podofo-0.9.5-9.fc28
python-autobahn-18.6.1-1.fc28
python-netdisco-1.5.0-1.fc28
python-openpyxl-2.5.4-1.fc28
python-pytoml-0.1.16-1.fc28
python-pyvo-0.8-1.fc28
rabbitmq-server-3.6.16-1.fc28
rubygem-mono_logger-1.1.0-9.fc28
rubygem-redis-namespace-1.6.0-1.fc28
runc-1.0.0-36.gitad0f525.fc28
shairport-sync-3.1.7-6.fc28
totem-3.26.1-1.fc28
transifex-client-0.13.3-3.fc28
vim-fugitive-2.3-1.fc28
vulkan-1.1.73.0-3.fc28
xen-4.10.1-4.fc28
Details about builds:
================================================================================
NetworkManager-1.10.10-1.fc28 (FEDORA-2018-25028bbbc8)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.10 release - device: fix crash during reapply of connection
settings
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Thomas Haller <thaller(a)redhat.com> - 1:1.10.10-1
- Update to 1.10.10 release
* Sat Jun 16 2018 Thomas Haller <thaller(a)redhat.com> - 1:1.10.8-2
- device: fix crash during reapply of connection settings
--------------------------------------------------------------------------------
================================================================================
R-globals-0.12.0-1.fc28 (FEDORA-2018-c91ea4f9f0)
Identify Global Objects in R Expressions
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
R-later-0.7.3-1.fc28 (FEDORA-2018-118e7d97fe)
Utilities for Delaying Function Execution
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.7.3-1
- Update to latest version
- Enable documentation
--------------------------------------------------------------------------------
================================================================================
R-munsell-0.5.0-1.fc28 (FEDORA-2018-a012263215)
Utilities for Using Munsell Colours
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
R-polyclip-1.9.0-1.fc28 (FEDORA-2018-1f9aeb9a5a)
Polygon Clipping
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.9.0-1
- Update to latest version
--------------------------------------------------------------------------------
================================================================================
R-stringi-1.2.3-1.fc28 (FEDORA-2018-d708118a8b)
Character String Processing Facilities
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.2.3-1
- Update to latest version
--------------------------------------------------------------------------------
================================================================================
ansible-2.5.5-2.fc28 (FEDORA-2018-1a6e6196b9)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.5 bugfix/security release See
https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v...
for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes.
https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v...
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.5.5-2
- Stop building docs on F27 as python-jinja2 is too old there.
* Thu Jun 14 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.5.5-1
- Update to 2.5.5. Fixes bug #1580530 and #1584927
- Fixes 1588855,1590200 (fedora) and 1588855,1590199 (epel)
CVE-2018-10855 (security bug with no_log handling)
* Thu May 31 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.5.4-1
- Update to 2.5.4. Fixes bug #1584927
* Thu May 17 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.5.3-1
- Update to 2.5.3. Fixes bug #1579577 and #1574221
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1580530 - ansible-2.5.3-1.fc28 broke "synchronize" task
https://bugzilla.redhat.com/show_bug.cgi?id=1580530
[ 2 ] Bug #1584927 - ansible-2.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1584927
[ 3 ] Bug #1590199 - CVE-2018-10855 ansible: Failed tasks do not honour no_log option
allowing for secrets to be disclosed in logs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1590199
[ 4 ] Bug #1590200 - CVE-2018-10855 ansible: Failed tasks do not honour no_log option
allowing for secrets to be disclosed in logs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1590200
[ 5 ] Bug #1574221 - firewalld module fails with "global name 'fw_offline'
is not defined" error
https://bugzilla.redhat.com/show_bug.cgi?id=1574221
[ 6 ] Bug #1579577 - ansible-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1579577
--------------------------------------------------------------------------------
================================================================================
eclipse-anyedit-2.7.1-1.fc28 (FEDORA-2018-833768de4d)
AnyEdit plugin for eclipse
--------------------------------------------------------------------------------
Update Information:
Updates to latest released version of Eclipse AnyEdit.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Mat Booth <mat.booth(a)redhat.com> - 2.7.1-1
- Update to latest release
--------------------------------------------------------------------------------
================================================================================
egl-wayland-1.0.4-0.1.20180602git4ab0873.fc28 (FEDORA-2018-7d8c180693)
Wayland EGL External Platform library
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.4 snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Leigh Scott <leigh123linux(a)googlemail.com> -
1.0.4-0.1.20180602git4ab0873
- Update to 1.0.4 snapshot
--------------------------------------------------------------------------------
================================================================================
elementary-xfce-icon-theme-0.12-1.fc28 (FEDORA-2018-1151f1ba4d)
Icons for Xfce based on the elementary Project Icon Theme
--------------------------------------------------------------------------------
Update Information:
- update to 0.12 -
https://github.com/shimmerproject/elementary-xfce/releases
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Johannes Lips <hannes(a)fedoraproject.org> - 0.12-1
- update to latest upstream version 0.12
* Wed May 9 2018 Johannes Lips <hannes(a)fedoraproject.org> - 0.11-1
- update to latest upstream version 0.11
--------------------------------------------------------------------------------
================================================================================
ethtool-4.17-1.fc28 (FEDORA-2018-9cf7798bfb)
Settings tool for Ethernet NICs
--------------------------------------------------------------------------------
Update Information:
ethtool 4.17 ============ * Fix: In ethtool.8, remove superfluous and
incorrect \c. * Fix: fix uninitialized return value * Fix: fix RING_VF
assignment * Fix: remove unused global variable * Fix: several fixes in
do_gregs() * Fix: correctly free hkey when get_stringset() fails * Fix:
remove unreachable code * Fix: fix stack clash in do_get_phy_tunable and
do_set_phy_tunable * Feature: Add register dump support for MICROCHIP LAN78xx
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Robert Scheck <robert(a)fedoraproject.org> - 2:4.17-1
- Update to 4.17 (#1591987)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1591987 - ethtool-4.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1591987
--------------------------------------------------------------------------------
================================================================================
fityk-1.3.1-13.fc28 (FEDORA-2018-5d7d5ec7a7)
Non-linear curve fitting and data analysis
--------------------------------------------------------------------------------
Update Information:
* Change source URL due to missing files in the "release" tarball * Remove
certain sample files that require SWIG bindings * Add AppData file and check *
Spec file clean-up
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Alexander Ploumistos <alexpl(a)fedoraproject.org> - 1.3.1-13
- Change source URL due to missing files in the "release" tarball
- Remove certain sample files that require SWIG bindings
- Add AppData file and check
- Spec file clean-up
--------------------------------------------------------------------------------
================================================================================
flatpak-0.11.8.3-1.fc28 (FEDORA-2018-e990e2860d)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Update to 0.11.8.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 13 2018 David King <amigadave(a)amigadave.com> - 0.11.8.3-1
- Update to 0.11.8.3 (#1590808)
--------------------------------------------------------------------------------
================================================================================
fleet-commander-admin-0.10.8-3.fc28 (FEDORA-2018-8d97244be9)
Fleet Commander
--------------------------------------------------------------------------------
Update Information:
Fixed python3 dependency for EPEL7 ---- Updated to version 0.10.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Oliver Gutierrez <ogutierrez(a)redhat.com> - 0.10.8-3
- Fixed python3 dependency for EPEL7
* Thu Jun 14 2018 Oliver Gutierrez <ogutierrez(a)redhat.com> - 0.10.8-2
- Fixed dependency for EPEL7
* Thu Jun 7 2018 Oliver Gutierrez <ogutierrez(a)redhat.com> - 0.10.8-1
- Updated to release 0.10.8
- Migrated logger to python3
--------------------------------------------------------------------------------
================================================================================
fprintd-0.8.1-1.fc28 (FEDORA-2018-31ec70b8b3)
D-Bus service for Fingerprint reader access
--------------------------------------------------------------------------------
Update Information:
This update fixes a possible crash on exit. ---- This update makes the fprintd
installation scripts use authselect instead of the obsolete authconfig.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Bastien Nocera <bnocera(a)redhat.com> - 0.8.1-1
+ fprintd-0.8.1-1
- Update to 0.8.1
- Fixes a possible crash on exit (#1515720)
* Wed May 30 2018 Bastien Nocera <bnocera(a)redhat.com> - 0.8.0-4
+ fprintd-0.8.0-4
- Rebuild for F28
* Tue Feb 20 2018 Pavel B��ezina <pbrezina(a)redhat.com> - 0.8.0-3
+ fprintd-0.8.0-3
- Switch from authconfig to authselect
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1515720 - [abrt] fprintd: fp_async_dev_close(): fprintd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1515720
[ 2 ] Bug #1577171 - fprintd-pam calls authconfig in postuninstall, but authconfig is
depredicated in Fedora 28
https://bugzilla.redhat.com/show_bug.cgi?id=1577171
--------------------------------------------------------------------------------
================================================================================
gap-pkg-lpres-0.4.3-1.fc28 (FEDORA-2018-f6b210a56c)
Nilpotent quotients of L-presented groups
--------------------------------------------------------------------------------
Update Information:
A couple of calls to NaturalHomomorphism have been corrected to calls to
NaturalHomomorphismByNormalSubgroup.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Jerry James <loganjerry(a)gmail.com> - 0.4.3-1
- New upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1591260 - gap-pkg-lpres-v0.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1591260
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-openweather-1-0.33.20180616git401d68e.fc28
(FEDORA-2018-c36aba339c)
Display weather information from many locations in the world
--------------------------------------------------------------------------------
Update Information:
Moved upstream to gitlab, updated urls accordingly. Update some language-files.
Make max location-length configurable.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Jens Lody <fedora(a)jenslody.de> - 1-0.33.20180616git401d68e
- Moved the upstream repo to gitlab.
- Fixed some locale-files.
- Added option to cinfigure the max location-length.
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-panel-osd-1-0.25.20180616giteb0d3c2.fc28 (FEDORA-2018-89fa9f5eca)
Configure the place where notifications are shown
--------------------------------------------------------------------------------
Update Information:
Moved upstream to gitlab, updated urls accordingly. Use primary monitor to
calculate position.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Jens Lody <fedora(a)jenslody.de> - 1-0.25.20180616giteb0d3c2
- Moved the upstream repo to gitlab.
- Use coordinates from primary monitor.
--------------------------------------------------------------------------------
================================================================================
gnupg-1.4.23-1.fc28 (FEDORA-2018-a4e13742b4)
A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:
- New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches
included in upstream release - Note that this includes the fix
for [CVE-2018-12020]
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Brian C. Lane <bcl(a)redhat.com> - 1.4.23-1
- New upstream v1.4.23 (#1589802,#1589620,#1589624)
- Remove patches included in upstream release
- Note that this includes the fix for [CVE-2018-12020]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1589624 - CVE-2018-12020 gnupg: gnupg2: Improper sanitization of filenames
allows for the display of fake status messages and the bypass of signature verification
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1589624
[ 2 ] Bug #1589802 - gnupg-1.4.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1589802
--------------------------------------------------------------------------------
================================================================================
gnushogi-1.5-0.5.git5bb0b5b.fc28 (FEDORA-2018-3a53385ee0)
Shogi, the Japanese version of chess
--------------------------------------------------------------------------------
Update Information:
Wrap install-info in if block as #packaging-committee/issue/773
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Chen Chen <aflyhorse(a)hotmail.com> 1.5-0.5.git5bb0b5b
- Wrap install-info in if block as #packaging-committee/issue/773
--------------------------------------------------------------------------------
================================================================================
krb5-1.16.1-7.fc28 (FEDORA-2018-62c6d427d4)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
- Add client option to disable encrypted timestamp preauth.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 14 2018 Robbie Harwood <rharwood(a)redhat.com> - 1.16.1-7
- Add flag to disable encrypted timestamp on client
* Thu Jun 14 2018 Robbie Harwood <rharwood(a)redhat.com> - 1.16.1-6
- Switch to python3-sphinx for docs
- Resolves: #1590928
* Thu Jun 14 2018 Robbie Harwood <rharwood(a)redhat.com> - 1.16.1-5
- Make docs build python3-compatible
- Resolves: #1590928
--------------------------------------------------------------------------------
================================================================================
mariadb-10.2.15-2.fc28 (FEDORA-2018-2513b888a4)
A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.2.15** Release notes:
https://mariadb.com/kb/en/library/mariadb-10215-release-notes/ CVEs fixed:
CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810 New
features: * Now builds with lz4 support Enhacements: * mysqladmin is now used
to check the socket when the daemon is starting issues: * Please note, that
TokuDB storage engine is being build in a unsupported way - without jemalloc. it
will remain this way, until TokuDB is fixed to be able to build and run with
jemalloc 5 or witout jemalloc at all.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 5 2018 Honza Horak <hhorak(a)redhat.com> - 3:10.2.15-2
- Use mysqladmin for checking the socket
- Jemalloc dependency moved to the TokuDB subpackage.
CMake jemalloc option removed, not used anymore.
The server doesn't need jemalloc since 10.2:
https://jira.mariadb.org/browse/MDEV-11059
- Build MariaDB with TokuDB without Jemalloc.
* Wed May 23 2018 Michal Schorm <mschorm(a)redhat.com> - 3:10.2.15-1
- Rebase to 10.2.15
- CVEs fixed: #1568962
CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584466 - mariadb update fails blocked by mariadb-tokudb-engine
https://bugzilla.redhat.com/show_bug.cgi?id=1584466
[ 2 ] Bug #1568962 - CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771
CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813
CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-27]
https://bugzilla.redhat.com/show_bug.cgi?id=1568962
[ 3 ] Bug #1568935 - MariaDB bundles rocksdb
https://bugzilla.redhat.com/show_bug.cgi?id=1568935
--------------------------------------------------------------------------------
================================================================================
mate-media-1.20.1-1.fc28 (FEDORA-2018-5a0a66791e)
MATE media programs
--------------------------------------------------------------------------------
Update Information:
- update to 1.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.20.1-1
- update to 1.20.1 release
--------------------------------------------------------------------------------
================================================================================
mate-menus-1.20.1-1.fc28 (FEDORA-2018-52bc628d11)
Displays menus for MATE Desktop
--------------------------------------------------------------------------------
Update Information:
- update to 1.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.20.1-1
- update to 1.20.1 release
--------------------------------------------------------------------------------
================================================================================
mate-notification-daemon-1.20.1-1.fc28 (FEDORA-2018-17fc91bd08)
Notification daemon for MATE Desktop
--------------------------------------------------------------------------------
Update Information:
- update to 1.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.20.1-1
- update to 1.20.1
--------------------------------------------------------------------------------
================================================================================
mesa-18.0.5-1.fc28 (FEDORA-2018-bdfc438d3a)
Mesa graphics libraries
--------------------------------------------------------------------------------
Update Information:
Mesa 18.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Adam Jackson <ajax(a)redhat.com> - 18.0.5-1
- Mesa 18.0.5
* Thu Jun 14 2018 Adam Jackson <ajax(a)redhat.com> - 18.0.3-2
- Change the name of the fallback GLX library
* Sat May 12 2018 Peter Robinson <pbrobinson(a)fedoraproject.org> 18.0.3-1
- Mesa 18.0.3
--------------------------------------------------------------------------------
================================================================================
mingw-podofo-0.9.5-6.fc28 (FEDORA-2018-578fa05659)
MinGW Windows podofo library
--------------------------------------------------------------------------------
Update Information:
Backport security fixes for: CVE-2017-7380, CVE-2017-7381, CVE-2017-7382,
CVE-2017-7383, CVE-2017-5852, CVE-2017-5853, CVE-2017-6844, CVE-2017-5854,
CVE-2017-5855, CVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842,
CVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378,
CVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787,
CVE-2018-5295, CVE-2018-5308
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Sandro Mani <manisandro(a)gmail.com> - 0.9.5-6
- Backport security fixes (taken from debian package):
CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852,
CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886,
CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845,
CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994,
CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mint-y-icons-1.2.6-1.fc28 (FEDORA-2018-85ad330799)
The Mint-Y icon theme
--------------------------------------------------------------------------------
Update Information:
Update.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 1.2.6-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
mlt-6.8.0-2.fc28 (FEDORA-2018-6f5fa370cf)
Toolkit for broadcasters, video editors, media players, transcoders
--------------------------------------------------------------------------------
Update Information:
- Add Revert-Prefer-qimage-over-pixbuf.patch to prevent flowblade segfault
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 6.8.0-2
- Add Revert-Prefer-qimage-over-pixbuf.patch to prevent flowblade segfault
--------------------------------------------------------------------------------
================================================================================
nodejs-8.11.3-1.fc28 (FEDORA-2018-f59d961d7b)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update for security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 14 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1:8.11.3-1
- Update to 8.11.3 for security fixes
-
https://nodejs.org/en/blog/release/v8.11.3/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1591019 - CVE-2018-7162 nodejs: denial of service (DoS) by causing a node
process which provides an http server supporting TLS server to crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591019
[ 2 ] Bug #1591014 - CVE-2018-7161 nodejs: denial of service (DoS) by causing a node
server providing an http2 server to crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591014
[ 3 ] Bug #1591009 - CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or
Buffer.alloc() with specially crafted parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1591009
--------------------------------------------------------------------------------
================================================================================
opensips-2.3.4-1.fc28 (FEDORA-2018-0664de6320)
Open Source SIP Server
--------------------------------------------------------------------------------
Update Information:
* OpenSIPS ver. 2.3.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Peter Lemenkov <lemenkov(a)gmail.com> - 2.3.4-1
- Ver. 2.3.4
--------------------------------------------------------------------------------
================================================================================
podofo-0.9.5-9.fc28 (FEDORA-2018-5bd16d6143)
Tools and libraries to work with the PDF file format
--------------------------------------------------------------------------------
Update Information:
This update fixes multiple security vulnerabilities: CVE-2017-7380,
CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853,
CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2018-8000,
CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845, CVE-2017-6847,
CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054,
CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Sandro Mani <manisandro(a)gmail.com> - 0.9.5-9
- Backport security fixes (taken from debian package):
CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852,
CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886,
CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845,
CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994,
CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308
* Wed May 16 2018 Kevin Fenzi <kevin(a)scrye.com> - 0.9.5-8
- Rebuild for new libidn
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1418584 - CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2015-8981
CVE-2017-5855 CVE-2017-5886 podofo: Multiple security vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1418584
[ 2 ] Bug #1445362 - CVE-2017-8378 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054
CVE-2017-8787 CVE-2018-5295 CVE-2018-5296 podofo: Multiple security vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1445362
[ 3 ] Bug #1438417 - CVE-2017-7383 CVE-2017-7382 CVE-2017-7381 CVE-2017-7380
CVE-2017-7379 CVE-2017-7378 podofo: Multiple security issues found in 0.9.5 version
https://bugzilla.redhat.com/show_bug.cgi?id=1438417
[ 4 ] Bug #1533649 - CVE-2018-5308 podofo: Out-of-bounds write in
dfMemoryOutputStream::Write function in base/PdfOutputStream.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1533649
--------------------------------------------------------------------------------
================================================================================
python-autobahn-18.6.1-1.fc28 (FEDORA-2018-74cb7924aa)
Python networking library for WebSocket and WAMP
--------------------------------------------------------------------------------
Update Information:
Update to 18.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Julien Enselme <jujens(a)jujens.eu> - 18.6.1-1
- Update to 18.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1582800 - python-autobahn-18.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1582800
--------------------------------------------------------------------------------
================================================================================
python-netdisco-1.5.0-1.fc28 (FEDORA-2018-db83e89d85)
Python library to scan local network for services and devices
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 1.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.0-1
- Update to latest upstream release 1.5.0
* Sun Jun 10 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.4.1-1
- Update to latest upstream release 1.4.1
--------------------------------------------------------------------------------
================================================================================
python-openpyxl-2.5.4-1.fc28 (FEDORA-2018-422ea93c57)
Python library to read/write Excel 2010 xlsx/xlsm files
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Julien Enselme <jujens(a)jujens.eu> - 2.5.4-1
- Update to 2.5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1569282 - python-openpyxl-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1569282
--------------------------------------------------------------------------------
================================================================================
python-pytoml-0.1.16-1.fc28 (FEDORA-2018-6b0bf4d6c1)
Parser for TOML
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.16
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Julien Enselme <jujens(a)jujens.eu> - 0.1.16-1
- Update to 0.1.16
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1581006 - python-pytoml-v0.1.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1581006
--------------------------------------------------------------------------------
================================================================================
python-pyvo-0.8-1.fc28 (FEDORA-2018-06b4757baf)
Access to remote data and services of the Virtual observatory (VO) using Python
--------------------------------------------------------------------------------
Update Information:
Update to PyVO 0.8, changed compared to 0.6.1: * Rework VOSI parsing using
astropy xml handling * Describe service object bases on vosi capabilities * Add
SODA functionallity * Make XML handling more generic * Fixes and Improvements
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 8 2018 Christian Dersch <lupinix.fedora(a)gmail.com> - 0.8-1
- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1546595 - python-pyvo-0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1546595
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-3.6.16-1.fc28 (FEDORA-2018-5c02f40371)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
RabbitMQ ver. 3.6.16
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 14 2018 Peter Lemenkov <lemenkov(a)gmail.com> - 3.6.16-1
- Ver. 3.6.16
--------------------------------------------------------------------------------
================================================================================
rubygem-mono_logger-1.1.0-9.fc28 (FEDORA-2018-59609c9a1a)
A lock-free logger compatible with Ruby 2.0
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS aligning a result of gem2rpm.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Jun Aruga <jaruga(a)redhat.com> - 1.1.0-9
- Fix FTBFS aligning a result of gem2rpm.
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1556380 - rubygem-mono_logger: FTBFS in F28
https://bugzilla.redhat.com/show_bug.cgi?id=1556380
--------------------------------------------------------------------------------
================================================================================
rubygem-redis-namespace-1.6.0-1.fc28 (FEDORA-2018-d055cd2d7c)
Namespaces Redis commands
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Jun Aruga <jaruga(a)redhat.com> - 1.6.0-1
- Update to 1.6.0.
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1556394 - rubygem-redis-namespace: FTBFS in F28
https://bugzilla.redhat.com/show_bug.cgi?id=1556394
--------------------------------------------------------------------------------
================================================================================
runc-1.0.0-36.gitad0f525.fc28 (FEDORA-2018-afddf09bfb)
CLI for running Open Containers
--------------------------------------------------------------------------------
Update Information:
Latest version with fixes for User Namespace.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-36.gitad0f525
- autobuilt ad0f525
* Tue Jun 5 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-35.gitdd56ece
- autobuilt dd56ece
* Sun Jun 3 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-34.git2e91544
- autobuilt 2e91544
* Thu May 31 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-33.gitecd55a4
- autobuilt ecd55a4
* Fri May 25 2018 Lokesh Mandvekar (Bot) <lsm5+bot(a)fedoraproject.org> -
2:1.0.0-32.gitdd67ab1
- autobuilt dd67ab1
--------------------------------------------------------------------------------
================================================================================
shairport-sync-3.1.7-6.fc28 (FEDORA-2018-497c4019a3)
AirTunes emulator. Multi-Room with Audio Synchronisation
--------------------------------------------------------------------------------
Update Information:
Include pulseaudio support
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Bill Peck <bpeck(a)redhat.com> 3.1.7-6
- Include pulseaudio support
* Mon Feb 19 2018 Bill Peck <bpeck(a)redhat.com> 3.1.7-5
- Include gcc and gcc-c++ as BuildRequires now
--------------------------------------------------------------------------------
================================================================================
totem-3.26.1-1.fc28 (FEDORA-2018-9cd42cafa9)
Movie player for GNOME
--------------------------------------------------------------------------------
Update Information:
This update fixes a number of possible crashes as well as some small memory
leaks.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Bastien Nocera <bnocera(a)redhat.com> - 3.26.1-1
+ totem-3.26.1-1
- Update to 3.26.1
--------------------------------------------------------------------------------
================================================================================
transifex-client-0.13.3-3.fc28 (FEDORA-2018-aac899bf31)
Command line tool for Transifex translation management
--------------------------------------------------------------------------------
Update Information:
backport ssl create BZ 1592062 need rebuild in F28 ---- Fix dependency
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 0.13.3-3
- fix dependency backportssl BZ #1592062
* Sat Jun 16 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 0.13.3-2
- fix dependency backportssl
--------------------------------------------------------------------------------
================================================================================
vim-fugitive-2.3-1.fc28 (FEDORA-2018-dd96240020)
A Git wrapper so awesome, it should be illegal
--------------------------------------------------------------------------------
Update Information:
- Latest upstream - Mark documentation file as %%doc
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Carl George <carl(a)george.computer> - 2.3-1
- Latest upstream
- Mark documentation file as %doc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1585397 - vim-fugitive-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1585397
--------------------------------------------------------------------------------
================================================================================
vulkan-1.1.73.0-3.fc28 (FEDORA-2018-84b7615480)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
Make vulkan x86 only to match available drivers.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 16 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 1.1.73.0-3
- Make vulkan x86 only to match vulkan drivers
* Wed Jun 13 2018 Adam Jackson <ajax(a)redhat.com> - 1.1.73.0-2
- Change to Requires: mesa-vulkan-drivers. Too many things still don't agree
what Recommends means, and they're even lighter-weight than the GL drivers
which are already hard Requires.
--------------------------------------------------------------------------------
================================================================================
xen-4.10.1-4.fc28 (FEDORA-2018-d3cb6f113c)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Speculative register leakage from lazy FPU context switching [XSA-267,
CVE-2018-3665] fix for change in iasl output
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2018 Michael Young <m.a.young(a)durham.ac.uk> - 4.10.1-4
- Speculative register leakage from lazy FPU context switching
[XSA-267, CVE-2018-3665]
- fix for change in iasl output
--------------------------------------------------------------------------------