The following Fedora 29 Security updates need testing: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320 xerces-c27-2.7.0-28.fc29 29 https://bodhi.fedoraproject.org/updates/FEDORA-2018-42555731d2 nagios-4.4.2-3.fc29 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-36115ae788 mysql-selinux-1.0.0-5.fc29 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb66bc33e6 haproxy-1.8.15-1.fc29 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b89746cb9b tomcat-9.0.13-1.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1bd545ef39 terminology-1.3.2-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f91054677 tcpreplay-4.3.1-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6682778e13 pungi-4.1.31-1.fc29 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d43e7dd21 SLOF-0.1.git20180702-2.fc29 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5bbed405f garcon-0.6.2-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d576aa333 lldb-7.0.1-1.fc29 lld-7.0.1-2.fc29 compiler-rt-7.0.1-1.fc29 libomp-7.0.1-1.fc29 clang-7.0.1-1.fc29 llvm-7.0.1-1.fc29 python-lit-0.7.1-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-332d9716ff xfce4-settings-4.13.5-2.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b21c629fd4 gdm-3.30.2-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6bcd108af2 libfm-1.3.1-1.fc29 pcmanfm-1.3.1-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ced2065bea mesa-18.2.8-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-69c68f1385 libappstream-glib-0.7.14-4.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-64a4d60839 kernel-4.19.12-301.fc29 kernel-headers-4.19.12-301.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5250b47ed7 analitza-18.04.3-3.fc29 appmenu-qt5-0.3.0+16.10.20160628.1-11.fc29 calibre-3.34.0-2.fc29 deepin-qt5integration-0.3.4-2.fc29 deepin-tool-kit-0.3.3-11.fc29 dnscrypt-proxy-gui-1.21.16-2.fc29 dtkwidget-2.0.9.9-3.fc29 fcitx-qt5-1.2.3-4.fc29 gammaray-2.9.0-5.fc29 hedgewars-0.9.25-2.fc29 kate-18.12.0-1.fc29 kf5-akonadi-server-18.08.3-2.fc29 kf5-frameworkintegration-5.53.0-3.fc29 kf5-kdeclarative-5.53.0-3.fc29 kf5-kwayland-5.53.0-3.fc29 kf5-kxmlgui-5.53.0-3.fc29 kmymoney-5.0.2-2.fc29 kwin-5.14.4-2.fc29 libfm-qt-0.13.1-2.fc29 libqtxdg-3.2.0-2.fc29 lxqt-qtplugin-0.13.0-2.fc29 mscore-2.2.1-6.fc29 plasma-integration-5.14.4-2.fc29 pyotherside-1.5.3-14.fc29 pythonqt-3.2-14.fc29 python-qt5-5.11.3-1.fc29 qgnomeplatform-0.5-6.fc29 qstardict-1.3-7.fc29 qt5-5.11.3-1.fc29 qt5ct-0.35-5.fc29 qt5-qt3d-5.11.3-1.fc29 qt5-qtbase-5.11.3-1.fc29 qt5-qtcanvas3d-5.11.3-1.fc29 qt5-qtcharts-5.11.3-1.fc29 qt5-qtconnectivity-5.11.3-1.fc29 qt5-qtdat avis3d-5.11.3-1.fc29 qt5-qtdeclarative-5.11.3-1.fc29 qt5-qtdoc-5.11.3-1.fc29 qt5-qtenginio-1.6.2-20.fc29 qt5-qtgamepad-5.11.3-1.fc29 qt5-qtgraphicaleffects-5.11.3-1.fc29 qt5-qtimageformats-5.11.3-1.fc29 qt5-qtlocation-5.11.3-1.fc29 qt5-qtmultimedia-5.11.3-1.fc29 qt5-qtquickcontrols2-5.11.3-1.fc29 qt5-qtquickcontrols-5.11.3-1.fc29 qt5-qtremoteobjects-5.11.3-1.fc29 qt5-qtscript-5.11.3-1.fc29 qt5-qtscxml-5.11.3-1.fc29 qt5-qtsensors-5.11.3-1.fc29 qt5-qtserialbus-5.11.3-1.fc29 qt5-qtserialport-5.11.3-1.fc29 qt5-qtspeech-5.11.3-1.fc29 qt5-qtstyleplugins-5.0.0-29.fc29 qt5-qtsvg-5.11.3-1.fc29 qt5-qttools-5.11.3-1.fc29 qt5-qttranslations-5.11.3-1.fc29 qt5-qtvirtualkeyboard-5.11.3-1.fc29 qt5-qtwayland-5.11.3-1.fc29 qt5-qtwebchannel-5.11.3-1.fc29 qt5-qtwebengine-5.11.3-2.fc29 qt5-qtwebkit-5.212.0-0.31.alpha2.fc29 qt5-qtwebsockets-5.11.3-1.fc29 qt5-qtwebview-5.11.3-1.fc29 qt5-qtx11extras-5.11.3-1.fc29 qt5-qtxmlpatterns-5.11.3-1.fc29 qtcurve-1.9.1-2.fc29 sip-4.19.13-3.fc29 skrooge-2.14.0-3.fc29 texmaker-5.0.2-9.fc29 ugene-1.31.0-4.fc29 xdg-desktop-portal-kde-5.14.4-2.fc29 yarock-1.3.1-5.fc29
The following builds have been pushed to Fedora 29 updates-testing
beep-1.3-26.fc29 bitlbee-discord-0.4.2-1.fc29 borgbackup-1.1.8-1.fc29 cinnamon-4.0.8-1.fc29 did-0.12-1.fc29 electron-cash-3.3.4-1.fc29 gsequencer-2.1.21-0.fc29 jhead-3.02-1.fc29 konqueror-18.12.0-2.fc29 libcdr-0.1.5-1.fc29 libcerf-1.11-1.fc29 libetonyek-0.1.9-1.fc29 libqxp-0.0.2-1.fc29 librsvg2-2.44.11-1.fc29 libsecret-0.18.7-1.fc29 libwpd-0.10.3-1.fc29 mame-0.205-1.fc29 ompl-1.3.2-5.fc29 wxMaxima-18.12.0-1.fc29
Details about builds:
================================================================================ beep-1.3-26.fc29 (FEDORA-2018-92eff16e03) Beep the PC speaker any number of ways -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-1000532, new non-root permissions and a few smaller fixes. Fix a directory traversal issue introduced with the fix for CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 and a few smaller fixes -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Hans Ulrich Niedermann hun@n-dimensional.de - 1.3-26 - Stop shipping old sudo related config files - Refuse to run when run via sudo - Set up group 'beep' for write access to evdev device with new udev rule - Update README.fedora to reflect new group permission setup on evdev device * Fri Dec 28 2018 Hans Ulrich Niedermann hun@n-dimensional.de - 1.3-25 - guard against directory traversal in /dev/input/ check - refuse to run if setuid or setgid root - make the evdev device the first device to look for (does not require root) * Fri Dec 28 2018 Hans Ulrich Niedermann hun@n-dimensional.de - 1.3-24 - Actually apply the patches - Update COPYING with new FSF address - Fix Patch9 to work as non-git patch (do the rest with shell) - Proper naming of Patch14 - Exit beep when error accessing API * Fri Dec 28 2018 Hans Ulrich Niedermann hun@n-dimensional.de - 1.3-23 - Fix CVE-2018-1000532 and mitigate against related issues (#1595592) - Fix a number of potential integer overflows -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1595591 - CVE-2018-1000532 beep: External control of file name or path via --device option https://bugzilla.redhat.com/show_bug.cgi?id=1595591 --------------------------------------------------------------------------------
================================================================================ bitlbee-discord-0.4.2-1.fc29 (FEDORA-2018-f09c518b7a) Bitlbee plugin for Discord -------------------------------------------------------------------------------- Update Information:
Updated to 0.4.2, latest upstream release. -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 11 2018 Ben Rosser rosser.bjr@gmail.com - 0.4.2-1 - Updated to 0.4.2, latest upstream release. --------------------------------------------------------------------------------
================================================================================ borgbackup-1.1.8-1.fc29 (FEDORA-2018-443b5e5eda) A deduplicating backup program with compression and authenticated encryption -------------------------------------------------------------------------------- Update Information:
Upstream Release 1.1.8 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Benjamin Pereto bpereto@fedoraproject.org - 1.1.8-1 - Upstream Release 1.1.8 --------------------------------------------------------------------------------
================================================================================ cinnamon-4.0.8-1.fc29 (FEDORA-2018-244e6747d5) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information:
- Update to 4.0.8 and patch to fix https://github.com/linuxmint/Cinnamon/issues/8225 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Leigh Scott leigh123linux@googlemail.com - 4.0.8-1 - Update to 4.0.8 release --------------------------------------------------------------------------------
================================================================================ did-0.12-1.fc29 (FEDORA-2018-d8ab605b88) What did you do last week, month, year? -------------------------------------------------------------------------------- Update Information:
Trello comments, Google tasks, SSL, bugs... -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 20 2018 Petr ��pl��chal psplicha@redhat.com 0.12-1 - Add missing redmine dependency [fix #177] - Fix GitLab plugin's ssl_verify option [fix #168] - Document GitLab access token scope - Merge ssl_verify support for Jira [#169] - Merge support for Trello commented cards [#170] - Fix commented cards title, improve the test suite - Add a simple test for completed tasks, update auth - Merge support for completed Google tasks [#173] - Merge fix for the Google dependencies [#166] - Document additional google dependencies - Adding support for Google tasks - Add commentCard to trello DEFAULT_FILTERS - Allow to set 'ssl_verify' config for jira plugin - Support 'creator' in bugzilla plugin [fix #167] - Give a nice error when user not found [fix #159] - Fix jira basic authentication [fix #163] - Fix long_description in setup.py - Update pip installation instructions - Update the example config with recent plugins - Describe in more detail how the tool works - Silently ignore non-git directories [fix #143] - Separate arguments preparation, add test coverage - New option --test to run a simple smoke test - Remove python2-gssapi from Requires - Make REQUESTS_CA_BUNDLE example copy-paste-able - Merge fix for the gitlab --since issue [fix #156] - Remove gssapi dependency from the main cli module - Quick start section, update install instructions - Simplify setup.py, update requires - Fix --since issue in gitlab plugin -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1660215 - Backport Jira basic auth fix https://bugzilla.redhat.com/show_bug.cgi?id=1660215 [ 2 ] Bug #1657656 - traceback when getting bugzilla info https://bugzilla.redhat.com/show_bug.cgi?id=1657656 --------------------------------------------------------------------------------
================================================================================ electron-cash-3.3.4-1.fc29 (FEDORA-2018-7d6590724e) A lightweight Bitcoin Cash client -------------------------------------------------------------------------------- Update Information:
Updated to 3.3.4. Security fix by upstream: Anti-Phishing protection.. Server-provided text will not appear in user-facing GUI windows anymore. Server error messages are instead parsed and mapped to predefined strings. -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Jonny Heggheim hegjon@gmail.com - 3.3.4-1 - Updated to version 3.3.4 --------------------------------------------------------------------------------
================================================================================ gsequencer-2.1.21-0.fc29 (FEDORA-2018-68a7984295) Audio processing engine -------------------------------------------------------------------------------- Update Information:
updated Source to point to new minor version directory -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ jhead-3.02-1.fc29 (FEDORA-2018-cb65b1b40b) Tool for displaying EXIF data embedded in JPEG images -------------------------------------------------------------------------------- Update Information:
updated to 3.02 (#1661744) -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Adrian Reber adrian@lisas.de - 3.02-1 - updated to 3.02 (#1661744) - dropped upstreamed patches * Wed Sep 19 2018 Adrian Reber adrian@lisas.de - 3.00-12 - Added more buffer overflow Debian patches (should also fix CVE-2018-16554, CVE-2016-3822) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1661744 - jhead-3.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=1661744 --------------------------------------------------------------------------------
================================================================================ konqueror-18.12.0-2.fc29 (FEDORA-2018-c7e6196529) KDE File Manager and Browser -------------------------------------------------------------------------------- Update Information:
New upstream release, switch to kwebkitpart backend by default to workaround kwebenginepart issue of failing to unload on quit. -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Rex Dieter rdieter@fedoraproject.org - 18.12.0-2 - default to kwebkitpart until kwebenginepart works properly (#1523082,kde#401976) * Sat Dec 8 2018 Rex Dieter rdieter@fedoraproject.org - 18.12.0-1 - 18.12.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1523082 - konqueror does not start a second time https://bugzilla.redhat.com/show_bug.cgi?id=1523082 --------------------------------------------------------------------------------
================================================================================ libcdr-0.1.5-1.fc29 (FEDORA-2018-e14d4811b0) A library for import of CorelDRAW drawings -------------------------------------------------------------------------------- Update Information:
new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 David Tardon dtardon@redhat.com - 0.1.5-1 - new upstream release --------------------------------------------------------------------------------
================================================================================ libcerf-1.11-1.fc29 (FEDORA-2018-cb974b5d2a) A library that provides complex error functions -------------------------------------------------------------------------------- Update Information:
Update to the latest stable release: fixes a bug introduced in v1.8 that had broken the normalization of the Voigt function. Other significant changes: * Restore libcerf.pc * Add INSTALL instructions, and other minor adjustments for use of libcerf in C++ projects * Support 'ctest', which runs the numeric accuracy tests from test1.c. * Rename type cmplx into _cerf_cmplx to avoid name clash with Gnuplot pre 5.3. -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Jos�� Matos jamatos@fedoraproject.org - 1.11-1 - update to 1.11 - adds html documentation to the devel subpackage - adds a pkgconfig .pc file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1639186 - Review Request: libcerf - a library that provides complex error functions https://bugzilla.redhat.com/show_bug.cgi?id=1639186 [ 2 ] Bug #1476616 - enable libcerf in gnuplot. https://bugzilla.redhat.com/show_bug.cgi?id=1476616 --------------------------------------------------------------------------------
================================================================================ libetonyek-0.1.9-1.fc29 (FEDORA-2018-3388099b53) A library for import of Apple iWork documents -------------------------------------------------------------------------------- Update Information:
new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 David Tardon dtardon@redhat.com - 0.1.9-1 - new upstream release --------------------------------------------------------------------------------
================================================================================ libqxp-0.0.2-1.fc29 (FEDORA-2018-fd4a32d0b9) Library for import of QuarkXPress documents -------------------------------------------------------------------------------- Update Information:
new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 David Tardon dtardon@redhat.com - 0.0.2-1 - new upstream release --------------------------------------------------------------------------------
================================================================================ librsvg2-2.44.11-1.fc29 (FEDORA-2018-6cb0431cce) An SVG library based on cairo -------------------------------------------------------------------------------- Update Information:
librsvg 2.44.11 release. - Fix crash when a linear RGB filter is followed by an SRGB filter (Ivan Molodetskikh). - Fix #393 - Stack overflow when freeing thousands of sibling elements. - Fix #395 - feMorphology was crashing with a negative scaling transformation. - Fix positioning of adjacent <tspan> elements. -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Kalev Lember klember@redhat.com - 2.44.11-1 - Update to 2.44.11 --------------------------------------------------------------------------------
================================================================================ libsecret-0.18.7-1.fc29 (FEDORA-2018-3e13bb18c6) Library for storing and retrieving passwords and other secrets -------------------------------------------------------------------------------- Update Information:
libsecret 0.18.7 release. * Migrate from intltool to gettext * Fix uninitialized memory returned by secret_item_get_schema_name() * secret- session: Avoid double-free in service_encode_plain_secret() * Port tap script to Python 3 * Build and test fixes * Updated translations -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Kalev Lember klember@redhat.com - 0.18.7-1 - Update to 0.18.7 - Fix unowned gir and vala directories - Tighten soname glob to avoid unnoticed soname bumps --------------------------------------------------------------------------------
================================================================================ libwpd-0.10.3-1.fc29 (FEDORA-2018-4ef3593fd8) A library for import of WordPerfect documents -------------------------------------------------------------------------------- Update Information:
new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 David Tardon dtardon@redhat.com - 0.10.3-1 - new upstream release --------------------------------------------------------------------------------
================================================================================ mame-0.205-1.fc29 (FEDORA-2018-520dfd6cd0) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest mame release: * https://www.mamedev.org/?p=464 -------------------------------------------------------------------------------- ChangeLog:
* Fri Dec 28 2018 Julian Sikorski belegdol@fedoraproject.org - 0.205-1 - Update to 0.205 - Add jack-audio-connection-kit to BuildRequires --------------------------------------------------------------------------------
================================================================================ ompl-1.3.2-5.fc29 (FEDORA-2018-66c18df007) The Open Motion Planning Library -------------------------------------------------------------------------------- Update Information:
Fixed bug that caused build failures, built for f29. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.3.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed May 2 2018 Iryna Shcherbina shcherbina.iryna@gmail.com - 1.3.2-4 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1605302 - ompl: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1605302 --------------------------------------------------------------------------------
================================================================================ wxMaxima-18.12.0-1.fc29 (FEDORA-2018-f1463d3af2) Graphical user interface for Maxima -------------------------------------------------------------------------------- Update Information:
A bug fix release that addresses: * Corrected the line break algorithm for printing and displaying maths and text; * Better GTK3 compatibility for Linux. -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 29 2018 Jos�� Matos jamatos@fedoraproject.org - 18.12.0-1 - 18.12.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1643722 - wxmaxima (18.02.10) does not properly render text after scrooling the page https://bugzilla.redhat.com/show_bug.cgi?id=1643722 [ 2 ] Bug #1574901 - [abrt] wxMaxima: wxTrap(): wxmaxima killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1574901 --------------------------------------------------------------------------------