The following Fedora 28 Security updates need testing: Age URL 384 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 333 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 332 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 208 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 160 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 139 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 66 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5 bind-9.11.5-4.P4.fc28 54 https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692 libu2f-host-1.1.8-1.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 32 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59 chromium-73.0.3683.86-2.fc28 26 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a4ed7400f4 httpd-2.4.39-1.fc28 18 https://bodhi.fedoraproject.org/updates/FEDORA-2019-902786bc1e gradle-4.3.1-9.fc28 17 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9f867cb65 jetty-9.4.11-3.v20180605.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a975e52e95 php-horde-horde-5.2.21-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-146df522df php-horde-turba-4.2.24-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c701e6605a java-1.8.0-openjdk-1.8.0.212.b04-0.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca4ee3510d java-11-openjdk-11.0.3.7-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e71f6f36ac pacemaker-1.1.18-3.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-feac6674b7 ruby-2.5.5-108.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9dfd44e1e9 python-gnupg-0.4.4-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a3edd7e8a drupal8-8.6.15-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86e0db6dbb kernel-5.0.10-100.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 139 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 103 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 95 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 87 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 70 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 49 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28 41 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4 python-productmd-1.21-1.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0ae4e93b9 sssd-1.16.4-2.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 25 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58 libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7e1c3c9d19 python-mako-1.0.9-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9308674cab pcre2-10.33-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b042a87a74 libiptcdata-1.0.5-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e libblockdev-2.18-2.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dddd3b8418 ceph-12.2.12-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209 pungi-4.1.36-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ab59df83 ethtool-5.0-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86e0db6dbb kernel-5.0.10-100.fc28
The following builds have been pushed to Fedora 28 updates-testing
dhcp-4.3.6-23.fc28 drupal7-7.66-1.fc28 filezilla-3.41.2-1.fc28 fpart-1.1.0-2.fc28 libfilezilla-0.15.1-1.fc28 m17n-lib-1.8.0-2.fc28 mellowplayer-3.5.3-2.20190310git4ac4b13.fc28 perl-Crypt-SSLeay-0.72-19.fc28 python-configargparse-0.14.0-1.fc28 python-operator-courier-2.0.2-1.fc28 toolbox-0.0.9-1.fc28 wxMaxima-19.04.3-1.fc28
Details about builds:
================================================================================ dhcp-4.3.6-23.fc28 (FEDORA-2019-c82d274716) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information:
Resolves: #1641246 - Do not rely on isc_heap_delete bug -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Pavel Zhukov pzhukov@redhat.com - 12:4.3.6-23 - Resolves: #1641246 - Do not rely on isc_heap_delete bug * Tue Nov 6 2018 Petr Men����k pemensik@redhat.com - 12:4.3.6-22 - Compile on BIND 9.11.5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1641246 - dhcpd(6) dies at irregular intervals with stacktrace https://bugzilla.redhat.com/show_bug.cgi?id=1641246 --------------------------------------------------------------------------------
================================================================================ drupal7-7.66-1.fc28 (FEDORA-2019-f563e66380) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
* https://www.drupal.org/project/drupal/releases/7.66 * https://www.drupal.org/SA-CORE-2019-006 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Shawn Iwinski shawn.iwinski@gmail.com - 7.66-1 - Update to 7.66 (RHBZ #1701036, #1702424, #1702425, #1702620, #1702619) - https://www.drupal.org/SA-CORE-2019-006 (CVE-2019-11358) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection https://bugzilla.redhat.com/show_bug.cgi?id=1701972 --------------------------------------------------------------------------------
================================================================================ filezilla-3.41.2-1.fc28 (FEDORA-2019-d109db9c8a) FTP, FTPS and SFTP client -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2019-5429 -------------------------------------------------------------------------------- ChangeLog:
* Mon Mar 18 2019 Gwyn Ciesla gwync@protonmail.com - 3.41.2-1 - 3.41.2 * Wed Mar 6 2019 Gwyn Ciesla gwync@protonmail.com - 3.41.1-1 - 3.41.1 * Wed Mar 6 2019 Gwyn Ciesla gwync@protonmail.com - 3.41.0-1 - 3.41.0 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 3.40.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jan 25 2019 Gwyn Ciesla limburgher@gmail.com - 3.40.0-1 - 3.40.0 final. * Tue Jan 22 2019 Gwyn Ciesla limburgher@gmail.com - 3.40.0-0.rc2 - 3.40.0 rc2 * Fri Nov 30 2018 Gwyn Ciesla limburgher@gmail.com - 3.39.0-1 - 3.39.0 final. * Mon Nov 26 2018 Gwyn Ciesla limburgher@gmail.com - 3.39.0-0.rc1 - 3.39.0-rc1 * Sun Oct 28 2018 Gwyn Ciesla limburgher@gmail.com - 3.38.1-1 - 3.38.1 * Fri Oct 26 2018 Gwyn Ciesla limburgher@gmail.com - 3.38.0-1 - 3.38.0 * Fri Oct 19 2018 Gwyn Ciesla limburgher@gmail.com - 3.38.0-0.rc1 - 3.38.0-rc1 * Fri Oct 5 2018 Gwyn Ciesla limburgher@gmail.com - 3.37.4-1 - 3.37.4 * Fri Sep 21 2018 Gwyn Ciesla limburgher@gmail.com - 3.37.1-1 - 3.37.1 * Mon Sep 17 2018 Gwyn Ciesla limburgher@gmail.com - 3.37.0-1 - 3.37.0 final * Tue Sep 11 2018 Gwyn Ciesla limburgher@gmail.com - 3.37.0-0.rc1 - 3.37.0 rc1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704603 - CVE-2019-5429 filezilla: Privileges escalation via malicious 'fzsftp' binary in home directory. [fedora-28] https://bugzilla.redhat.com/show_bug.cgi?id=1704603 --------------------------------------------------------------------------------
================================================================================ fpart-1.1.0-2.fc28 (FEDORA-2019-7548e56540) a tool that sorts files and packs them into bags -------------------------------------------------------------------------------- Update Information:
Initial import -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1650621 - Review Request: fpart - a tool that helps you sort file trees and pack them into bags https://bugzilla.redhat.com/show_bug.cgi?id=1650621 --------------------------------------------------------------------------------
================================================================================ libfilezilla-0.15.1-1.fc28 (FEDORA-2019-d109db9c8a) C++ Library for FileZilla -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2019-5429 -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 26 2018 Gwyn Ciesla limburgher@gmail.com - 0.15.1-1 - 0.15.1 * Fri Oct 19 2018 Gwyn Ciesla limburgher@gmail.com - 0.15.0-1 - 0.15.0 * Fri Oct 5 2018 Gwyn Ciesla limburgher@gmail.com - 0.14.0-1 - 0.14.0 * Fri Sep 21 2018 Gwyn Ciesla limburgher@gmail.com - 0.13.2-1 - 0.13.2. * Tue Sep 11 2018 Gwyn Ciesla limburgher@gmail.com - 0.13.1-1 - Latest upstream. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704603 - CVE-2019-5429 filezilla: Privileges escalation via malicious 'fzsftp' binary in home directory. [fedora-28] https://bugzilla.redhat.com/show_bug.cgi?id=1704603 --------------------------------------------------------------------------------
================================================================================ m17n-lib-1.8.0-2.fc28 (FEDORA-2019-15acb7c928) Multilingual text library -------------------------------------------------------------------------------- Update Information:
Fix segmentation fault when using ibus-m17n with vi-telex in gedit in Gnome Wayland -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Mike FABIAN mfabian@redhat.com - 1.8.0-2 - Fix segmentation fault when using ibus-m17n with vi-telex in gedit in Gnome Wayland - Resolves: rhbz#1704156 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704156 - [abrt] ibus-m17n: m17n_object_unref(): ibus-engine-m17n killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1704156 --------------------------------------------------------------------------------
================================================================================ mellowplayer-3.5.3-2.20190310git4ac4b13.fc28 (FEDORA-2019-77d7427842) Cloud music integration for your desktop -------------------------------------------------------------------------------- Update Information:
- Switch to python3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Martin Gansser martinkg@fedoraproject.org - 3.5.3-2.20190310git4ac4b13 - Switch to python3 --------------------------------------------------------------------------------
================================================================================ perl-Crypt-SSLeay-0.72-19.fc28 (FEDORA-2019-2ed4a1f802) OpenSSL glue that provides LWP with HTTPS support -------------------------------------------------------------------------------- Update Information:
This release removes a useless dependency on zlib. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Petr Pisar ppisar@redhat.com - 0.72-19 - Use pkgconfig for linking to OpenSSL --------------------------------------------------------------------------------
================================================================================ python-configargparse-0.14.0-1.fc28 (FEDORA-2019-790a326f3d) A Python module with support for argparse, config files, and env variables -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 0.14.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 28 2019 Fabian Affolter mail@fabian-affolter.ch - 0.14.0-1 - Update to new upstream version 0.14.0 * Wed Apr 10 2019 Fabian Affolter mail@fabian-affolter.ch - 0.13.0-1 - Update to new upstream version 0.13.0 (rhbz#1643700) * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.12.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Jan 9 2019 Miro Hron��ok mhroncok@redhat.com - 0.12.0-6 - Subpackage python2-configargparse has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.12.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 0.12.0-4 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1643700 - python-configargparse-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1643700 --------------------------------------------------------------------------------
================================================================================ python-operator-courier-2.0.2-1.fc28 (FEDORA-2019-e8a8fbca59) Library and CLI tool to build, verify and push operator metadata -------------------------------------------------------------------------------- Update Information:
Latest upstream. ---- Latest upstream. ---- Latest upstream. ---- Latest upstream. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Ralph Bean rbean@redhat.com - 2.0.2-1 - new version * Fri Apr 26 2019 Ralph Bean rbean@redhat.com - 2.0.1-1 - new version * Mon Apr 1 2019 Ralph Bean rbean@redhat.com - 1.3.0-1 - new version * Wed Mar 27 2019 Ralph Bean rbean@redhat.com - 1.2.1-1 - new version * Tue Mar 12 2019 Ralph Bean rbean@redhat.com - 1.2.0-1 - new version * Mon Mar 11 2019 Ralph Bean rbean@redhat.com - 1.1.0-1 - new version * Wed Feb 27 2019 Ralph Bean rbean@redhat.com - 1.0.2-1 - new version --------------------------------------------------------------------------------
================================================================================ toolbox-0.0.9-1.fc28 (FEDORA-2019-87d376c1dc) Unprivileged development environment -------------------------------------------------------------------------------- Update Information:
* Add Bash completion * Allow connecting to Wayland displays other than "wayland-0" * Ask for confirmation before downloading the base image * Improve the onboarding experience * Make it available inside the toolbox container * Make 'toolbox enter' create or fall back to a container when possible * Set TOOLBOX_CONTAINER in the environment to identify as a toolbox * Set default release to 29 when running on non-fedora hosts * Show welcome texts on interactive shells -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Debarshi Ray rishi@fedoraproject.org - 0.0.9-1 - Update to 0.0.9 --------------------------------------------------------------------------------
================================================================================ wxMaxima-19.04.3-1.fc28 (FEDORA-2019-88bbb132f0) Graphical user interface for Maxima -------------------------------------------------------------------------------- Update Information:
Update to the latest stable release. The main changes since the last version are: * Corrected the size of error messages; * A "Copy to octave/matlab"-feature; * wxMaxima now delays interpreting the data from maxima until it encounters a newline or a Timer expires; * EMF output no no more causes crashes and strange behaviour; * RTF output should now work again; * entermatrix() now works again. -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 28 2019 Jos�� Matos jamatos@fedoraproject.org - 19.04.3-1 - 19.04.3 - add upstream patch to fix bad xml appdata file --------------------------------------------------------------------------------