The following Fedora 27 Security updates need testing:
Age URL
22
https://bodhi.fedoraproject.org/updates/FEDORA-2017-15efa72a0c
docker-1.13.1-44.git584d391.fc27
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-913288e9a9
mongodb-3.4.10-1.fc27
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7c0748c1b pdns-4.1.0-1.fc27
15
https://bodhi.fedoraproject.org/updates/FEDORA-2017-14f5c6cdac
qpid-cpp-1.37.0-1.fc27
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-874bd165c0
perl-DBD-MySQL-4.043-6.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-677069c484
python26-2.6.9-10.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a95dd74301
shellinabox-2.20-5.fc27
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6be32cb7a
nodejs-8.9.3-2.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e5a17c4cc
python33-3.3.7-2.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-354b9647ba
libextractor-1.6-2.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a9862f4b7
php-symfony4-4.0.1-1.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5945560816 xen-4.9.1-4.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-66e9367f7e
asterisk-14.7.4-1.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2fab3f12c4
sensible-utils-0.0.11-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-129969aa8a
kernel-4.14.6-300.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0e5ad250c
heimdal-7.5.0-1.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-20b18a4ffe
json-c-0.12.1-5.fc27
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b24ef59f94
libexif-0.6.21-14.fc27
The following builds have been pushed to Fedora 27 updates-testing
borgbackup-1.1.3-2.fc27
cmake-3.10.1-1.fc27
debian-keyring-2017.7-1.fc27
gnome-software-3.26.4-1.fc27
golang-github-chzyer-test-0-0.1.20160617gitbea8f08.fc27
golang-github-robertkrimen-otto-0-0.1.20171130git3b44b4d.fc27
golang-gopkg-readline-1.4-1.fc27
gtkd-3.7.3-1.fc27
json-c-0.12.1-5.fc27
kapow-1.5.4-1.fc27
kstars-2.8.9-1.fc27
libexif-0.6.21-14.fc27
mozilla-noscript-10.1.5.8-1.fc27
perl-Crypt-UnixCrypt_XS-0.11-1.fc27
python-catkin_lint-1.4.17-1.fc27
python-catkin_pkg-0.3.9-2.fc27
tilix-1.7.3-1.fc27
translate-shell-0.9.6.6-1.fc27
Details about builds:
================================================================================
borgbackup-1.1.3-2.fc27 (FEDORA-2017-eb80ddb2a1)
A deduplicating backup program with compression and authenticated encryption
--------------------------------------------------------------------------------
Update Information:
fix borg check --repair malfunction (upstream pull #3444)
--------------------------------------------------------------------------------
================================================================================
cmake-3.10.1-1.fc27 (FEDORA-2017-650b63ed19)
Cross-platform make system
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526648 - cmake-3.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1526648
--------------------------------------------------------------------------------
================================================================================
debian-keyring-2017.7-1.fc27 (FEDORA-2017-854004e0d6)
GnuPG archive keys of the Debian archive
--------------------------------------------------------------------------------
Update Information:
Update to 2017.7, see
http://metadata.ftp-master.debian.org/changelogs/main/d
/debian-archive-keyring/debian-archive-keyring_2017.7_changelog for details.
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.26.4-1.fc27 (FEDORA-2017-9e789c5491)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.26.4 release. * Fix crashes in the repos plugin due to
missing locking * Work around Firefox deleting rpm/deb files downloaded to /tmp
when closing * Do not require the user to keep clicking 'More reviews' after
each click * Fix a critical when updating (flatpak) packages live * fwupd:
Prepend the vendor name to the device name if not included * Improve SPDX ID
parsing when working out if it is 'free' * packagekit: Do not crash when
getting an invalid ID from PackageKit * Do not crash when closing the source
dialog while it is loading
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1468417 - [abrt] gnome-software: gtk_stack_set_visible_child_name():
gnome-software killed by signal 11
https://bugzilla.redhat.com/show_bug.cgi?id=1468417
[ 2 ] Bug #1516536 - [abrt] gnome-software: g_hash_table_resize(): gnome-software killed
by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1516536
--------------------------------------------------------------------------------
================================================================================
golang-github-chzyer-test-0-0.1.20160617gitbea8f08.fc27 (FEDORA-2017-f22e366dc2)
Golang test utility
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508066 - Review Request: golang-github-chzyer-test - Golang test utility
https://bugzilla.redhat.com/show_bug.cgi?id=1508066
--------------------------------------------------------------------------------
================================================================================
golang-github-robertkrimen-otto-0-0.1.20171130git3b44b4d.fc27 (FEDORA-2017-11412d8474)
A JavaScript interpreter in Golang
--------------------------------------------------------------------------------
Update Information:
Upstream GIT��revision 3b44b4d
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508075 - Review Request: golang-github-robertkrimen-otto - A JavaScript
interpreter in Golang
https://bugzilla.redhat.com/show_bug.cgi?id=1508075
--------------------------------------------------------------------------------
================================================================================
golang-gopkg-readline-1.4-1.fc27 (FEDORA-2017-2ef86fa104)
Pure golang implementation for GNU-Readline kind library
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508068 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1508068
--------------------------------------------------------------------------------
================================================================================
gtkd-3.7.3-1.fc27 (FEDORA-2017-51fda752b2)
D binding and OO wrapper of GTK+
--------------------------------------------------------------------------------
Update Information:
tilix 1.7.3 release, together with required gtkd 3.7.3 update. For changes
compared to tilix 1.6.4, see: -
https://github.com/gnunn1/tilix/releases/tag/1.7.0 -
https://github.com/gnunn1/tilix/releases/tag/1.7.1 -
https://github.com/gnunn1/tilix/releases/tag/1.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1504454 - tilix-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1504454
--------------------------------------------------------------------------------
================================================================================
json-c-0.12.1-5.fc27 (FEDORA-2017-20b18a4ffe)
JSON implementation in C
--------------------------------------------------------------------------------
Update Information:
- Patch: - Avoid invalid free and crash explicitly instead of silently
enabling the caller to commit undefined behaviour.
--------------------------------------------------------------------------------
================================================================================
kapow-1.5.4-1.fc27 (FEDORA-2017-c0b3fddd72)
A punch clock program
--------------------------------------------------------------------------------
Update Information:
Update to new release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508412 - kapow-1.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1508412
--------------------------------------------------------------------------------
================================================================================
kstars-2.8.9-1.fc27 (FEDORA-2017-34786819c7)
Desktop Planetarium
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.9, containing several fixes and small improvements like local
meridian, for more information check
https://knro.blogspot.de/2017/12/kstars-289
-is-released.html ---- Update to KStars 2.8.8, changes compared to last KDE
Apps 17.08.x release * KStars is no longer part of the KDE Applications but
uses its own release cycle now: *
https://mail.kde.org/pipermail/kstars-
devel/2017-November/006659.html *
https://community.kde.org/Applications/17
.12_Release_Notes#Tarballs_that_we_do_not_ship_anymore * Several improvements
with GPS, Logmanager * Fix comet and asteroid positions * HiPS support
--------------------------------------------------------------------------------
================================================================================
libexif-0.6.21-14.fc27 (FEDORA-2017-b24ef59f94)
Library for extracting extra information from image files
--------------------------------------------------------------------------------
Update Information:
Patch for CVE-2016-6328
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1484032 - CVE-2016-6328 libexif: Integer overflow in parsing MNOTE entry data
of the input file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484032
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-10.1.5.8-1.fc27 (FEDORA-2017-3897f32d27)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
NOTE: all packaged Firefox add-ons are affected by bug fedora#1508827 , please
don't give negative karma here, but add yourself to the bug instead. This
update brings back the SeaMonkey support with version 5.1.8.3, which is still
maintained until June 2018. Changes since 10.1.2: * Fix for linux rendering
performance issues * First "Quantum" release candidate with Android support *
Inverted order of domains vs full sites in popup * Settings import
functionality, backward compatible with NoScript 5 formats * Settings export
functionality * [XSS] The filter now automatically skips embedded documents
which would normally be blocked * Base domain matching now uses a single dot
rule for unknown, private or "fake" TLDs (e.g.
www.acme.corp ��� acme.corp) *
[XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato Kinugava for reporting) *
Better feedback for errors in the policy's debug JSON view (thanks E-Raser for
RFE) * removed yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655) * [XSS] Streamlined
multiple unescaping standards handling * [XSS] Generalized work-around for
browser's URL parsing oddities (thanks Masato Kinugava for reporting) *
"Temporarily set top-level sites to TRUSTED" option * [XSS] Fixed user choices
forgot across browser sessions * [UI] Clicking on the domain label now opens the
"Security and privacy info" webpage (like middle click on "Classic").
* "Reset
to Defaults" button in the options window * Improved content script
initialization logic (thanks Rob Wu for suggestions) * [XSS] Fixed 2nd level
interactive bypass (thanks Masato Kinugava for reporting) * Fixed sites manually
added from the Options textbox don't stick (thanks Just_Golem for reporting) *
[UI] Clicking on the domain label now opens the "Security and privacy info"
webpage (like middle click on "Classic"). * "Reset to Defaults" button
in the
options window * Improved content script initialization logic (thanks Rob Wu for
suggestions) * [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava
for reporting) * Fixed sites manually added from the Options textbox don't stick
(thanks Just_Golem for reporting) * Fixed regression causing NoScript to ask to
reload pages in order to show permissions more than once upon installation *
Removed most animations causing older system to lag when large permissions lists
are displayed in Options * Improved work-around for blank windows on Linux
Firefox bug * Fixed XSS false positives on POST requests without data * Fixed
regression from new "fail fast" XSS filter main loop, causing cross-site
requests to Google to trigger false positives (thanks Steve M for reporting) *
[XSS] Added "Always block requests from ... to ..." in XSS warning prompt *
[XSS] Fixed url decoding bug (thanks Masato Kinugawa for reporting) * Fixed some
blocked items not reported in the UI (thanks Bo Elam for reporting) * Changed
the CSP internal report URI to noscript-csp.invalid (thanks Tom Schuster Mario
Heiderich for RFE) * Removed unused MSE detection code (thanks Rob Wu for
reporting) * Fixed script enablement feedback dependant on page's own CSP
(thanks Rob Wu for reporting) * Fixed MSE detection injection using window.eval
(thanks Rob Wu for reporting) * Fixed window being resized and NoScript UI shown
in a separate popup when triggered on a maximized window * General performance
improvement by removing unnecessary asynchronous webRequest listeners * Hotfix
for wiped TRUSTED permissions * Hotfix for NoScript failing to load if XSS was
disabled in previous session * Fixed immutable permissions for TRUSTED and
UNTRUSTED presets negating all the others (thanks Stefan Scholl for reporting) *
Work-around for Moz Bug #1402110 (thanks David Ross for reporting) * Fixed XSS
whitelist not being cleared from Options * Fixed XSS whitelist trying to using
sync even if disabled (thanks Rob Wu for reporting) * Work-around for Firefox
not displaying NOSCRIPT elements on pages where scripts are blocked by CSP * The
Alt+Shift+N shortcut now opens the NoScript UI also on windows with no toolbars
containing NoScript's icon * "unsafe" (non-HTTPS) matching is now
automatically
selected on non-HTTPS pages (fixes the perception that you set a site to TRUSTED
and it reverted to DEFAULT) * Full addresses are shown again to be choosen in
UI, together with base domains * Better auto-reload logic * Fixed NoScript back-
end to work also if sync storage is disabled (thanks Rob Wu for reporting) *
Fixed potential fingerprinting through placeholder icon (thanks Rob Wu for
reporting) Changes since 5.1.7: * [XSS] Fixed regression (thanks Masato
Kinugava for report) * [ABE] Restored Palemoon compatibility (thanks barbaz for
patch) * [ABE] Fixed ruleset persistence (thanks barbaz for patch) * removed
yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655) * [XSS] Streamlined
multiple unescaping standards handling * [XSS] Fixed 2nd level interactive
bypass (thanks Masato Kinugava for reporting)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1526199 - User experience changed - No longer present for SeaMonkey users
https://bugzilla.redhat.com/show_bug.cgi?id=1526199
[ 2 ] Bug #1524389 - mozilla-noscript-10.1.5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1524389
--------------------------------------------------------------------------------
================================================================================
perl-Crypt-UnixCrypt_XS-0.11-1.fc27 (FEDORA-2017-5963dfc2bd)
Perl xs interface for a portable traditional crypt function
--------------------------------------------------------------------------------
Update Information:
Specfile autogenerated by cpanspec 1.78.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1520569 - Review Request: perl-Crypt-UnixCrypt_XS - Perl xs interface for a
portable traditional crypt function
https://bugzilla.redhat.com/show_bug.cgi?id=1520569
--------------------------------------------------------------------------------
================================================================================
python-catkin_lint-1.4.17-1.fc27 (FEDORA-2017-390be29bb8)
Check catkin packages for common errors
--------------------------------------------------------------------------------
Update Information:
Update to release 1.4.17 (rhbz#1509944)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1509944 - python-catkin_lint-1.4.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1509944
--------------------------------------------------------------------------------
================================================================================
python-catkin_pkg-0.3.9-2.fc27 (FEDORA-2017-348130a458)
Library for retrieving information about catkin packages
--------------------------------------------------------------------------------
Update Information:
Update to latest release 0.3.9 ---- Add patch to remove argparse from the
requirements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508241 - python-catkin_pkg-0.3.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1508241
[ 2 ] Bug #1526466 - The 'argparse' distribution was not found and is required
by catkin-pkg
https://bugzilla.redhat.com/show_bug.cgi?id=1526466
--------------------------------------------------------------------------------
================================================================================
tilix-1.7.3-1.fc27 (FEDORA-2017-51fda752b2)
Tiling terminal emulator
--------------------------------------------------------------------------------
Update Information:
tilix 1.7.3 release, together with required gtkd 3.7.3 update. For changes
compared to tilix 1.6.4, see: -
https://github.com/gnunn1/tilix/releases/tag/1.7.0 -
https://github.com/gnunn1/tilix/releases/tag/1.7.1 -
https://github.com/gnunn1/tilix/releases/tag/1.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1504454 - tilix-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1504454
--------------------------------------------------------------------------------
================================================================================
translate-shell-0.9.6.6-1.fc27 (FEDORA-2017-32bb208fdf)
A command-line online translator
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.6.6.
--------------------------------------------------------------------------------