The following Fedora 27 Security updates need testing: Age URL 104 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 54 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9395f9bec remctl-3.14-1.fc27 36 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-775d96b54b blktrace-1.2.0-6.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a10c1d234e vim-syntastic-3.9.0-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aec846c0ef xen-4.9.2-4.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d1cfa444d2 wireshark-2.6.1-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bab8cabe2a strongswan-5.6.2-6.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-812b5d5a71 chromium-66.0.3359.181-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-76c82b393e pdns-recursor-4.1.3-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1f651350de thunderbird-enigmail-2.0.6-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f96f72ce8f cobbler-2.8.3-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a459acd54b ruby-2.4.4-89.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-79792e0c64 batik-1.10-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-579ff80ed8 java-1.8.0-openjdk-aarch32-1.8.0.171-1.180511.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e6df7fcf75 jasper-2.0.14-5.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-44c6f91560 libtiff-4.0.9-9.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8f793bbfc kernel-4.16.13-200.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-419559236b ntfs-3g-2017.3.23-6.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f2666b417c pungi-4.1.25-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aec846c0ef xen-4.9.2-4.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6645ced5f8 xdg-utils-1.1.3-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-51102af7af libunistring-0.9.10-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-82213f4d94 sssd-1.16.1-9.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a57dc63c1 selinux-policy-3.13.1-283.35.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb868d383c perl-5.26.2-406.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d59f9ff239 firefox-60.0.1-5.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8f793bbfc kernel-4.16.13-200.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdfc43e671 p11-kit-0.23.12-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3be6573661 quota-4.03-12.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-44c6f91560 libtiff-4.0.9-9.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e6df7fcf75 jasper-2.0.14-5.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-04121c60dd linux-firmware-20180525-85.git7518922b.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f9b6091ae cryptsetup-1.7.5-4.fc27
The following builds have been pushed to Fedora 27 updates-testing
COPASI-4.23.184-7.fc27 darktable-2.4.3-2.fc27 dnsdist-1.3.0-1.fc27 elementary-sound-theme-1.0-1.fc27 fox-1.6.57-1.fc27 golang-github-sasha-s-go-deadlock-0.2.0-2.fc27 liblxi-1.13-1.fc27 lxi-tools-1.20-1.fc27 mame-0.198-1.fc27 nodejs-brace-expansion-1.1.11-1.fc27 osinfo-db-20180531-1.fc27 perl-Net-LibIDN2-1.00-2.fc27 prosody-0.10.2-1.fc27 qt3-3.3.8b-74.fc27 qutebrowser-1.3.1-1.fc27 sqlite-3.20.1-3.fc27 wsjtx-1.9.1-1.fc27
Details about builds:
================================================================================ COPASI-4.23.184-7.fc27 (FEDORA-2018-a8f51a3ff7) Biochemical network simulator -------------------------------------------------------------------------------- Update Information:
- Update to 4.23.184 - Use Qt5 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Antonio Trande <sagitterATfedoraproject.org> - 4.23.184-7 - Use always Qt5 * Fri May 18 2018 Antonio Trande <sagitterATfedoraproject.org> - 4.23.184-6 - Fix Python interpreter * Thu May 17 2018 Antonio Trande <sagitterATfedoraproject.org> - 4.23.184-5 - Rebuild with Qt5 * Wed May 16 2018 Tom Callaway spot@fedoraproject.org - 4.23.184-4 - rebuild for R 3.5.0 * Sat May 5 2018 Antonio Trande <sagitterATfedoraproject.org> - 4.23.184-3 - Now built with Qt5 - Built against libmml --------------------------------------------------------------------------------
================================================================================ darktable-2.4.3-2.fc27 (FEDORA-2018-d9443ea88b) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information:
rebuild due osm library update -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Germano Massullo germano.massullo@gmail.com - 2.4.3-2 - rebuilt due osm-gps-map update --------------------------------------------------------------------------------
================================================================================ dnsdist-1.3.0-1.fc27 (FEDORA-2018-c2dbbeeb12) Highly DNS-, DoS- and abuse-aware loadbalancer -------------------------------------------------------------------------------- Update Information:
Upstream released new version. See https://blog.powerdns.com/2018/03/30/dnsdist-1-3-0-released/ for more details. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Ruben Kerkhof ruben@rubenkerkhof.com - 1.3.0-1 - Upstream released new version - Enable DNS over TLS * Mon Feb 19 2018 Ruben Kerkhof ruben@rubenkerkhof.com - 1.2.1-1 - Upstream released new version - BuildRequires gcc-c++ (https://fedoraproject.org/wiki/Packaging:C_and_C%2B%2B#BuildRequire) - Fix mixed indentation in spec file * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Nov 29 2017 Igor Gnatenko ignatenko@redhat.com - 1.2.0-4 - Rebuild for protobuf 3.5 * Mon Nov 13 2017 Igor Gnatenko ignatenkobrain@fedoraproject.org - 1.2.0-3 - Rebuild for protobuf 3.4 * Mon Oct 2 2017 Remi Collet remi@fedoraproject.org - 1.2.0-2 - rebuild for libsodium -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409154 - dnsdist-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1409154 --------------------------------------------------------------------------------
================================================================================ elementary-sound-theme-1.0-1.fc27 (FEDORA-2018-fc417d2953) Set of system sounds for elementary -------------------------------------------------------------------------------- Update Information:
Initial package for fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1582866 - Review Request: elementary-sound-theme - Set of system sounds for elementary https://bugzilla.redhat.com/show_bug.cgi?id=1582866 --------------------------------------------------------------------------------
================================================================================ fox-1.6.57-1.fc27 (FEDORA-2018-d08258c1b9) C++ based Toolkit for developing Graphical User Interfaces -------------------------------------------------------------------------------- Update Information:
New version 1.6.57 is released. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 1 2018 Mamoru TASAKA mtasaka@fedoraproject.org - 1.6.57-1 - 1.6.57 --------------------------------------------------------------------------------
================================================================================ golang-github-sasha-s-go-deadlock-0.2.0-2.fc27 (FEDORA-2018-ebeab70190) Online deadlock detection in go -------------------------------------------------------------------------------- Update Information:
Add upstream patch to fix a potential deadlock. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 1 2018 Fabio Valentini decathorpe@gmail.com - 0.2.0-2 - Add upstream patch to fix a potential race condition. --------------------------------------------------------------------------------
================================================================================ liblxi-1.13-1.fc27 (FEDORA-2018-dd3f1dd983) Library with simple API for communication with LXI devices -------------------------------------------------------------------------------- Update Information:
liblxi v1.13 ============ * Fix Sun RPC headers configure check The Sun RPC headers have been moved out of glibc into a separate library, libtirpc. Hence, check for glibc headers first and in case that fails search for headers in libtirpc via pkg-config. * Add const qualifier Because it is the right thing to do. * Update Travis * Use libtirpc for Sun RPC headers * Move test directory liblxi v1.12 ============ * Add send/receive sanity checks * Strip CR from ID response string Fixes corrupted output from 'lxi discover'. liblxi v1.11 ============ * Fix mDNS/DNS-SD discover feature liblxi v1.10 ============ * Update Travis * Cleanup * Add --disable-avahi configure option Makes avahi mandatory unless --disable-avahi is provided. liblxi v1.9 =========== * Update AUTHORS * Convert tabs to spaces * Make API usable in C++ As suggested by Dima Kogan, lets wrap the API so that it is usable in C++. * Only export lxi API specific functions Hide visibility of internal functions so that only the lxi API specific ones are exported/visible to applications linking with liblxi. These changes are applied on behalf of Dima Kogan. * Add discover fallback to request ID via HTTP/XML If retrieving the instrument ID fails via VXI-11 during discovery then try to retrieve the ID via the /lxi/identification XML file hosted by some instruments via HTTP. Adds dependency on libxml2. * Dmitri Goutnik: Make code clang friendly, fix warnings liblxi v1.8 =========== * Fix lxi_connect() so it does not apply lock Some instruments fail to lock for exclusive access when creating a VXI-11 connection. So, to play it safe, we will simply not try to lock when setting up the connection. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 1 2018 Robert Scheck robert@fedoraproject.org 1.13-1 - Upgrade to 1.13 (#1556050) * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1556050 - liblxi: FTBFS in F28 https://bugzilla.redhat.com/show_bug.cgi?id=1556050 --------------------------------------------------------------------------------
================================================================================ lxi-tools-1.20-1.fc27 (FEDORA-2018-e4a08597ed) Tools collection to control LXI enabled instruments -------------------------------------------------------------------------------- Update Information:
lxi-tools v1.20 =============== * Add bash completion for snap * Update README Add tested instrument Keysight AWG 33612A as tested by Timur Aydin. * Add const qualifier * Update AUTHORS * Require Lua 5.1 or newer * Include test dir in distribution * Update Travis * Fix bash completion for run command * Update basic-tests.lua * Move test directory * Add basic Lua tests lxi-tools v1.19 =============== * Downgrade to Lua 5.2 * Update Travis configuration * Add Lua scripting feature to support automation Add run command which makes it possible to run Lua scripts to support advanced instrument automation. To run a Lua script simply do: $ lxi run test.lua The following LXI specific Lua functions are added and made available for use in the Lua scripts: device = connect(ip) scpi(device, command) scpi_raw(device, command) msleep(miliseconds) sleep(seconds) disconnect(device) See src/test/test.lua for a simple Lua script example. * Update README * Update AUTHORS * Improve regex of rs-hmo-rtb screenshot plugin Include instruments made with "HAMEG" identifier. * README: Add sponsors section * lxi-gui: Fix snap build * configure: use pkg-config to check for Qt5 * lxi-gui: Cleanup Qt5 configuration * Reconfigure R&S screenshot plugin to BMP * Add RTB2004 to list of tested instruments * Dmitri Goutnik: Use QT_SELECT value instead of hardcoded QT version lxi-tools v1.18 =============== * lxi-gui: Add X-axis title to data recorder chart * lxi-gui: Fix data recorder chart colors and csv export * lxi-gui: Add SCPI 1999.0 commands * lxi-gui: Add data recorder save data feauture Add a save button which allows to save recorded data to file in CSV format. * lxi: Increase default discover mDNS timeout * lxi-gui: Optimize data recorder plotting * lxi-gui: Fix arm snap build * lxi-gui: Print machine type during qmake build * lxi-gui: Remove *OPT? SCPI command * lxi-gui: Use elapsed real time in data recorder * lxi-gui: Print SCPI command requests * Add screenshot support for RTB 2000 * Cleanup timeout handling, etc. * lxi-gui: Reduce minimum window size * Add support for adding custom Qt qmake arguments Add QMAKE_ARGUMENTS flag which allows to pass on arguments to qmake when building lxi-gui. * lxi-gui: Make sure to call QT5 qmake lxi-tools v1.17 =============== * lxi-gui: Add input dialog for *ESE and *SRE commands * lxi-gui: Fix qmake compile flags * lxi-gui: Start with SCPI page * Add configure check for Qt5Charts * lxi-gui: Cleanup Name UI elements accordingly * lxi-gui: Add screenshot live view * Update README screenshot * lxi-gui: Add ID/IP instrument table header * lxi-gui: Tag as BETA * Update README Introduce lxi-gui and include screenshot. * Link QT5 Charts manually To avoid build issue with snap. * lxi-gui: Add data recorder feature * lxi-gui: Add settings * lxi-gui: Add QT5 source files * lxi-gui: Introduce responsive layout The lxi-gui application can now automatically resize to fit any window size. * lxi-gui: Add 'Open in browser' right-click feature * lxi-gui: Add IEEE 488.2 Common Commands * lxi-gui: Add about details * lxi-gui: Add screenshot feature * lxi-gui: Add benchmark feature * Split features into separate files * Update README * Update lxi-gui * Add keysight-dmm screenshot plugin This plugin supports Keysight Truevolt digital multimeters. * Set default discover timeout to 1 s * Add experimental QT5 GUI Can be enabled using configure option --enable-lxi-gui Requires QT 5.0.0 or newer. * Cleanup * Update Travis lxi-tools v1.16 =============== * Update AUTHORS * Convert tabs to spaces * Remove experimental label from keysight-ivx plugin Tested with MSO-X 3024T by ralphrmartin from EEVBlog forum. * Fix keysight-iv2000x plugin Fix header strip and change image format to BMP. Improve regex. * Fix image format for rigol-dg4000 plugin * Update completion script * Cleanup * Dmitri Goutnik: Make code clang friendly lxi-tools v1.15 =============== * Update man page * Add support for using raw/TCP in benchmark mode Add the option to run benchmark using raw/TCP. For example: $ lxi benchmark --address 10.0.0.42 --port 5555 --raw Also, cleanup all port handling code and update documentation accordingly. * Decrease timeout for discover to 2 s lxi-tools v1.14 =============== * Make screenshot plugin only support Rigol DM3068 Rigol DM3068 is the only DM3000 series digital multimeter that seems to have screenshot support. * Fix entering interactive mode Regardless of using --interactive a SCPI command was still required to be provided to enter interactive mode. * Update AUTHORS * Remove experimental label from Siglent plugins Thanks to Siglent who helped fix and test all the screenshot plugins for their instruments. * Cleanup screenshot plugins * Consolidate Rigol DSA plugins into one * Update README and man page * Support writing screenshot image to stdout To write screenshot image to stdout simply use '-' as the output filename. This allows to pipe the screenshot image directly to other tools for image processing. For example, using imagemagick to automatically convert captured screenshot image to JPG: $ lxi screenshot -a 10.0.0.42 - | convert - screenshot.jpg * Cleanup Siglent screenshot plugins * Update siglent-ssa3000x plugin * Add siglent-sdg plugin * Add siglent-sdm3000 plugin * Move siglent-sds out of experimental * Extend Siglent plugin to include SDS2000X lxi-tools v1.13 =============== * Update README * Update SSA3000X capture command * Add completion for benchmark command * Update AUTHORS * Fix get_device_id() This function was missing a call to lxi_disconnect() which resulted in some instruments being left hanging when capturing screenshots. Instruments that presumable only allow one active connection. * Add benchmark feature This benchmark feature is useful if you want to compare the VXI-11 request/response performance of your instruments. By default the benchmark sends 100 SCPI ID requests ("*IDN?" commands) to the instrument. For each request it waits for and reads the response. When done the resulting request rate is printed. * Fix screenshot command when using plugin autodetection The wrong timeout value was passed when trying to autodetect which screenshot plugin to use. * Cleanup * Fix Rohde & Schwarz HMO 1000 screenshot plugin Fix plugin so that it does not strip off the PNG header of the PNG image stream. Also, the source files and functions of the plugin is now named more explicitly according to the name of the instrument series (HMO 1000). * Fix Siglent SSA3000 screenshot plugin -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 1 2018 Robert Scheck robert@fedoraproject.org 1.20-1 - Upgrade to 1.20 * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ mame-0.198-1.fc27 (FEDORA-2018-77286226aa) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest mame release: * http://mamedev.org/?p=457 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 30 2018 Julian Sikorski belegdol@fedoraproject.org - 0.198-1 - Updated to 0.198 - Ensured python3 is called explicitly as per https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build - Updated BuildRequires to python3-sphinx --------------------------------------------------------------------------------
================================================================================ nodejs-brace-expansion-1.1.11-1.fc27 (FEDORA-2018-3b33f65b01) Brace expansion as known from sh/bash -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2017-18077 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Jared K. Smith jsmith@fedoraproject.org - 1.1.11-1 - Update to upstream 1.1.11 release * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Sep 28 2017 Jared Smith jsmith@fedoraproject.org - 1.1.8-1 - Update to upstream 1.1.8 release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1448380 - CVE-2017-18077 nodejs-brace-expansion: Regular expression denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1448380 --------------------------------------------------------------------------------
================================================================================ osinfo-db-20180531-1.fc27 (FEDORA-2018-03e49e01c0) osinfo database files -------------------------------------------------------------------------------- Update Information:
Update to new release -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Fabiano Fid��ncio fabiano@fidencio.org - 20180531-1 - Update to new release --------------------------------------------------------------------------------
================================================================================ perl-Net-LibIDN2-1.00-2.fc27 (FEDORA-2018-021e17f0e9) Perl binding for GNU Libidn2 -------------------------------------------------------------------------------- Update Information:
This release adapts to changes in libidn-2.0.5. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Petr Pisar ppisar@redhat.com - 1.00-2 - Adapt to changes in libidn-2.0.5 (bug #1584611) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1584611 - perl-Net-LibIDN2-1.00-3.fc29 FTBFS: Failed test at t/001_basic.t https://bugzilla.redhat.com/show_bug.cgi?id=1584611 --------------------------------------------------------------------------------
================================================================================ prosody-0.10.2-1.fc27 (FEDORA-2018-455803056d) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information:
Prosody 0.10.2 ============== See upstream's blog post at https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of the release changes. Prosody 0.10.2 fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple virtual hosts (including anonymous authenticated hosts). All versions of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is available at https://prosody.im/security/advisory_20180531 Security -------- * mod_c2s: Do not allow the stream ���to��� to change across stream restarts (fixes #1147) Minor changes ------------- * mod_websocket: Store the request object on the session for use by other modules (fixes #1153) * mod_c2s: Avoid concatenating potential nil value (fixes #753) * core.certmanager: Allow all non-whitespace in service name (fixes #1019) * mod_disco: Skip code specific to disco on user accounts (avoids invoking usermanager, fixes #1150) * mod_bosh: Store the normalized hostname on session (fixes #1151) * MUC: Fix error logged when no persistent rooms present (fixes #1154) Dowstream ---------- * Changed log rotation from weekly/52 to local system defaults -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Robert Scheck robert@fedoraproject.org 0.10.2-1 - Upgrade to 0.10.2 (#1584801) - Changed log rotation from weekly/52 to local system defaults -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1584801 - CVE-2018-10847 prosody: cross-host authentication vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1584801 --------------------------------------------------------------------------------
================================================================================ qt3-3.3.8b-74.fc27 (FEDORA-2018-0a0da2f3b7) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information:
This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.) It also fixes the QMySql driver to work with the version of MariaDB in Fedora 27. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Kevin Kofler Kevin@tigcc.ticalc.org - 3.3.8b-74 - Fix CVE-2016-10040 (stack overflow in QXmlSimpleReader due to a too high entityCharacterLimit in the CVE-2013-4549 patch) (#1409603) * Fri Feb 9 2018 Igor Gnatenko ignatenkobrain@fedoraproject.org - 3.3.8b-73 - Escape macros in %changelog * Mon Nov 13 2017 Than Ngo than@redhat.com - 3.3.8b-72 - backport mysql driver mariadb fix - BR: mariadb-connector-c-devel (f28+, #1494085) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409597 - CVE-2016-10040 qt: stack overflow in QXmlSimpleReader https://bugzilla.redhat.com/show_bug.cgi?id=1409597 --------------------------------------------------------------------------------
================================================================================ qutebrowser-1.3.1-1.fc27 (FEDORA-2018-945a9e1458) A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine -------------------------------------------------------------------------------- Update Information:
A few bug fixes, especially with Qt 5.11 which is not yet in Fedora. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 29 2018 Timoth��e Floure fnux@fedoraproject.org - 1.3.1-1 - Rebase to 1.3.1 * Fri May 4 2018 Timoth��e Floure fnux@fedoraproject.org - 1.3.0-1 - Rebase to 1.3.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1583650 - qutebrowser-v1.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1583650 --------------------------------------------------------------------------------
================================================================================ sqlite-3.20.1-3.fc27 (FEDORA-2018-8d8f0e1643) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2017-13685 CVE-2017-15286 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Petr Kubat pkubat@redhat.com - 3.20.1-3 - Fixed CVE-2017-13685 CVE-2017-15286 (#1488884) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1488884 - CVE-2017-13685 CVE-2017-15286 sqlite: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1488884 --------------------------------------------------------------------------------
================================================================================ wsjtx-1.9.1-1.fc27 (FEDORA-2018-3a1707ce8b) Weak Signal communication by K1JT -------------------------------------------------------------------------------- Update Information:
This version corrects a flaw in Version 1.9.0 that unintentionally restricted the full use of FT8 DXpedition Mode by "Fox" stations. ---- Update to 1.9.0 release. See https://physics.princeton.edu/pulsar/k1jt/Release_Notes_1.9.0.txt for details. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 31 2018 Richard Shaw hobbes1069@gmail.com - 1.9.1-1 - Update to 1.9.1. - Update compile patch to deal with qt5_use_modules no longer being available in rawhide/f29. * Tue May 29 2018 Jaroslav ��karvada jskarvad@redhat.com - 1.9.0-1 - New version - Dropped gcc-8.0.1-compile-fix patch (not needed) * Wed May 2 2018 Jaroslav ��karvada jskarvad@redhat.com - 1.9.0-0.3.rc4 - New version - De-fuzzified patches * Wed Mar 21 2018 Jaroslav ��karvada jskarvad@redhat.com - 1.9.0-0.2.rc3 - New version - Updated gcc-8.0.1-compile-fix patch * Fri Mar 16 2018 Jaroslav ��karvada jskarvad@redhat.com - 1.9.0-0.1.rc2 - New version - Fixed compilation with gcc-8.0.1 Resolves: rhbz#1556544 - De-fuzzified compile-fix patch * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 1.8.0-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jan 31 2018 Jaroslav ��karvada jskarvad@redhat.com - 1.8.0-3 - Rebuilt for new fortran --------------------------------------------------------------------------------