The following Fedora 28 Security updates need testing: Age URL 381 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 330 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 329 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 205 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 157 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 136 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 63 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5 bind-9.11.5-4.P4.fc28 51 https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692 libu2f-host-1.1.8-1.fc28 31 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 29 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8b8c774b84 aria2-1.34.0-4.fc28 29 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59 chromium-73.0.3683.86-2.fc28 23 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a4ed7400f4 httpd-2.4.39-1.fc28 17 https://bodhi.fedoraproject.org/updates/FEDORA-2019-019c5314a0 samba-4.8.11-0.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-902786bc1e gradle-4.3.1-9.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9f867cb65 jetty-9.4.11-3.v20180605.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a756fe3a5 libX11-1.6.7-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8560719e80 python-urllib3-1.24.2-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-79cb2bb18e libmediainfo-18.12-3.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a975e52e95 php-horde-horde-5.2.21-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-146df522df php-horde-turba-4.2.24-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c701e6605a java-1.8.0-openjdk-1.8.0.212.b04-0.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca4ee3510d java-11-openjdk-11.0.3.7-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e71f6f36ac pacemaker-1.1.18-3.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 136 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 100 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 92 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 84 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 67 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 46 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28 38 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4 python-productmd-1.21-1.fc28 38 https://bodhi.fedoraproject.org/updates/FEDORA-2019-457ab67a6c psmisc-23.1-3.1.fc28 31 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0ae4e93b9 sssd-1.16.4-2.fc28 31 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 22 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58 libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28 17 https://bodhi.fedoraproject.org/updates/FEDORA-2019-019c5314a0 samba-4.8.11-0.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-787f9bf22f opus-1.3.1-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a756fe3a5 libX11-1.6.7-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8b830d65da firefox-66.0.3-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4abd64aaaf libseccomp-2.4.1-0.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8560719e80 python-urllib3-1.24.2-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7e1c3c9d19 python-mako-1.0.9-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d90cbcfd9 libbluray-1.1.1-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-49e971b7fb linux-firmware-20190416-95.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9308674cab pcre2-10.33-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b042a87a74 libiptcdata-1.0.5-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e libblockdev-2.18-2.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4b9de6ad55 http-parser-2.9.2-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dddd3b8418 ceph-12.2.12-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209 pungi-4.1.36-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
PySolFC-2.6.4-1.fc28 espresso-4.0.2-1.fc28 golang-github-marcinbor85-gohex-0-0.1.20190426git7a43cd8.fc28 java-latest-openjdk-12.0.1.12-1.rolling.fc28 java-openjdk-12.0.0.33-4.rolling.fc28 libqb-1.0.5-1.fc28 mbuffer-20190127-1.fc28 mozilla-https-everywhere-2019.1.31-2.fc28 pcp-4.3.2-1.fc28 perl-Net-BGP-0.16-2.fc28 perl-Sereal-Encoder-4.007-2.fc28 python-geopandas-0.5.0-1.fc28 python-json2table-1.1.5-2.fc28 python-operator-courier-2.0.1-1.fc28 python-pystemd-0.6.0-1.fc28 virtualbox-guest-additions-6.0.6-1.fc28
Details about builds:
================================================================================ PySolFC-2.6.4-1.fc28 (FEDORA-2019-f100df2695) A collection of solitare card games -------------------------------------------------------------------------------- Update Information:
New upstream Release Moved to Python3 -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 S��rgio Basto sergio@serjux.com - 2.6.4-1 - Upgrade to 2.6.4 and python3 by Shlomi Fish - Modernize spec - Add Requires: python3-random2 - Reenable defaults of debug package and automagic Python byte compilation * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1603304 - PySolFC: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1603304 [ 2 ] Bug #1517866 - update 2.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=1517866 [ 3 ] Bug #1674595 - PySolFC: FTBFS in Fedora rawhide/f30 https://bugzilla.redhat.com/show_bug.cgi?id=1674595 --------------------------------------------------------------------------------
================================================================================ espresso-4.0.2-1.fc28 (FEDORA-2019-8f1e8007f4) Extensible Simulation Package for Research on Soft matter -------------------------------------------------------------------------------- Update Information:
Version bump to v4.0.2 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 24 2019 Christoph Junghans junghans@votca.org - 4.0.2-1 - Version bump to 4.0.2 * Thu Feb 14 2019 Orion Poplawski orion@nwra.com - 4.0.1-3 - Rebuild for openmpi 3.1.3 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 4.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ golang-github-marcinbor85-gohex-0-0.1.20190426git7a43cd8.fc28 (FEDORA-2019-a03860e3b4) Go library for parsing Intel HEX files -------------------------------------------------------------------------------- Update Information:
Initial package of marcinbor85/gohex for Golang -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1702127 - Review Request: golang-github-marcinbor85-gohex - Go library for parsing Intel HEX files https://bugzilla.redhat.com/show_bug.cgi?id=1702127 --------------------------------------------------------------------------------
================================================================================ java-latest-openjdk-12.0.1.12-1.rolling.fc28 (FEDORA-2019-c984c56cbd) OpenJDK Runtime Environment 12 -------------------------------------------------------------------------------- Update Information:
This update is a rename of current java-openjdk package to java-latest-openjdk package. The java-openjdk packages are now empty and only require java-latest- openjdk. However, the java-openjdk will be retired and users should be using java-latest-openjdk only. java-latest-openjdk package contains the newest security update of STS OpenJDK (12) from 2019-04 CPU. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1693987 - Review Request: java-latest-openjdk - rolling release for short term support OpenJDK https://bugzilla.redhat.com/show_bug.cgi?id=1693987 --------------------------------------------------------------------------------
================================================================================ java-openjdk-12.0.0.33-4.rolling.fc28 (FEDORA-2019-c984c56cbd) Renamed to java-latest-openjdk -------------------------------------------------------------------------------- Update Information:
This update is a rename of current java-openjdk package to java-latest-openjdk package. The java-openjdk packages are now empty and only require java-latest- openjdk. However, the java-openjdk will be retired and users should be using java-latest-openjdk only. java-latest-openjdk package contains the newest security update of STS OpenJDK (12) from 2019-04 CPU. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Petra Mikova pmikova@redhat.com - 1:12.0.0.33-4.rolling - the package is now completely emptied, only requires java-latest-openjdk - this has to happen due to the conflict of this package with other java packages - the package is being renamed to java-latest-openjdk - https://bugzilla.redhat.com/show_bug.cgi?id=1693987 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1693987 - Review Request: java-latest-openjdk - rolling release for short term support OpenJDK https://bugzilla.redhat.com/show_bug.cgi?id=1693987 --------------------------------------------------------------------------------
================================================================================ libqb-1.0.5-1.fc28 (FEDORA-2019-e2d5de3342) An IPC library for high performance servers -------------------------------------------------------------------------------- Update Information:
Security fix for "Insecure treatment of IPC (temporary) files" (CVE pending) -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Jan Pokorn�� jpokorny+rpm-libqb@redhat.com - 1.0.5-1 - Update to libqb-1.0.5, for list of changes see: https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4 https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5 (note that 1.0.4 is botched from pacemaker/corosync cluster stack perspective so that is intentionally skipped) - Includes an important fix for a security issue (CVE-2019-XXXX/TBD, https://github.com/ClusterLabs/libqb/issues/338) * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1695948 - libqb: Insecure treatment of IPC (temporary) files https://bugzilla.redhat.com/show_bug.cgi?id=1695948 --------------------------------------------------------------------------------
================================================================================ mbuffer-20190127-1.fc28 (FEDORA-2019-9c00703831) Measuring Buffer is an enhanced version of buffer -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 20190127 -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 27 2019 Fabian Affolter mail@fabian-affolter.ch - 20190127-1 - Update to new upstream version 20190127 --------------------------------------------------------------------------------
================================================================================ mozilla-https-everywhere-2019.1.31-2.fc28 (FEDORA-2019-0bf7559b65) HTTPS enforcement extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information:
- Change "Block all unencrypted requests" language to "Encrypt all sites eligible" - EASE mode patches for interstitial page and reload to trigger for EASE mode - ES Lint clean up - Disable test for Chrome (will work in patch while disabled) (included because chrome and firefox versions use a single codebase) - Deprecate I.P.s in rulesets (Special case for DNS I.P.s) - Amend check_rules.py fetch test to disable rules only if all rules are problematic, and comment rules out if other rules are functional in the set - HSTS Prune and updates - Bundled ruleset updates -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Russell Golden niveusluna@fedoraproject.org - 2019.1.31-1 - Change "Block all unencrypted requests" language to "Encrypt all sites eligible" - EASE mode patches for interstitial page and reload to trigger for EASE mode - ES Lint clean up - Disable test for Chrome (will work in patch while disabled) -- (packager note: Included because both versions use the same codebase) - Deprecate I.P.s in rulesets (Special case for DNS I.P.s) - Amend check_rules.py fetch test to disable rules only if all rules are problematic, -- and comment rules out if other rules are functional in the set - HSTS Prune and updates - Bundled ruleset updates * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 2018.10.31-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ pcp-4.3.2-1.fc28 (FEDORA-2019-2f04e77d53) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information:
Resolve selinux policy issues for pmie daemon mode (BZ 1702589) Resolve selinux policy issues for BPF permissions (BZ 1693332) Further improvements to daily archive processing (BZ 1647390) See CHANGELOG for other changes and further details. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Mark Goodwin mgoodwin@redhat.com 4.3.2-1 - Resolve selinux policy issues for pmie daemon mode (BZ 1702589) - Resolve selinux policy issues for BPF permissions (BZ 1693332) - Further improvements to daily archive processing (BZ 1647390) - Update to latest PCP sources. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1702589 - pmie does not start due to selinux https://bugzilla.redhat.com/show_bug.cgi?id=1702589 [ 2 ] Bug #1693332 - PCP SELinux AVCs https://bugzilla.redhat.com/show_bug.cgi?id=1693332 [ 3 ] Bug #1647390 - pcp consuming too much log space causing /var to fill https://bugzilla.redhat.com/show_bug.cgi?id=1647390 --------------------------------------------------------------------------------
================================================================================ perl-Net-BGP-0.16-2.fc28 (FEDORA-2019-bc11f71f51) Perl module for object-oriented API to the BGP protocol -------------------------------------------------------------------------------- Update Information:
An implementation of the BGP-4 inter-domain routing protocol as Perl module. It encapsulates all of the functionality needed to establish and maintain a BGP peering session and exchange routing update information with the peer. It aims to provide a simple API to the BGP protocol for the purposes of automation, logging, monitoring, testing, and similar tasks using the power and flexibility of Perl. The module does not implement the functionality of a RIB (Routing Information Base) nor does it modify the kernel routing table of the host system. However, such operations could be implemented using the API provided by the module. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701810 - Review Request: perl-Net-BGP - Perl module for object-oriented API to the BGP protocol https://bugzilla.redhat.com/show_bug.cgi?id=1701810 --------------------------------------------------------------------------------
================================================================================ perl-Sereal-Encoder-4.007-2.fc28 (FEDORA-2019-cea20b75e9) Perl serialization into Sereal format -------------------------------------------------------------------------------- Update Information:
This release correct a misspeling in the package summary. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Petr Pisar ppisar@redhat.com - 4.007-2 - Correct a summary (bug #1703269) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703269 - serious typo in Summary https://bugzilla.redhat.com/show_bug.cgi?id=1703269 --------------------------------------------------------------------------------
================================================================================ python-geopandas-0.5.0-1.fc28 (FEDORA-2019-036308aaac) Geographic Pandas extensions -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 27 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.5.0-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703037 - python-geopandas-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1703037 --------------------------------------------------------------------------------
================================================================================ python-json2table-1.1.5-2.fc28 (FEDORA-2019-8a1842070a) Python module to convert JSOn to a HTML table -------------------------------------------------------------------------------- Update Information:
Add missing license file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701738 - Review Request: python-json2table - Python module to convert JSOn to a HTML table https://bugzilla.redhat.com/show_bug.cgi?id=1701738 --------------------------------------------------------------------------------
================================================================================ python-operator-courier-2.0.1-1.fc28 (FEDORA-2019-16bb0c6440) Library and CLI tool to build, verify and push operator metadata -------------------------------------------------------------------------------- Update Information:
Latest upstream. ---- Latest upstream. ---- Latest upstream. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Ralph Bean rbean@redhat.com - 2.0.1-1 - new version * Mon Apr 1 2019 Ralph Bean rbean@redhat.com - 1.3.0-1 - new version * Wed Mar 27 2019 Ralph Bean rbean@redhat.com - 1.2.1-1 - new version * Tue Mar 12 2019 Ralph Bean rbean@redhat.com - 1.2.0-1 - new version * Mon Mar 11 2019 Ralph Bean rbean@redhat.com - 1.1.0-1 - new version * Wed Feb 27 2019 Ralph Bean rbean@redhat.com - 1.0.2-1 - new version --------------------------------------------------------------------------------
================================================================================ python-pystemd-0.6.0-1.fc28 (FEDORA-2019-a249c86855) A thin Cython-based wrapper on top of libsystemd -------------------------------------------------------------------------------- Update Information:
Initial packaging for Fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1692070 - Review Request: python-pystemd - A thin Cython-based wrapper on top of libsystemd https://bugzilla.redhat.com/show_bug.cgi?id=1692070 --------------------------------------------------------------------------------
================================================================================ virtualbox-guest-additions-6.0.6-1.fc28 (FEDORA-2019-f13734b7c0) VirtualBox Guest Additions -------------------------------------------------------------------------------- Update Information:
Update Virtualbox Guest Additions to 6.0.6 -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 S��rgio Basto sergio@serjux.com - 6.0.6-1 - Update Virtualbox Guest Additions to 6.0.6 --------------------------------------------------------------------------------