The following Fedora 29 Security updates need testing: Age URL 115 https://bodhi.fedoraproject.org/updates/FEDORA-2019-49f80a78bc mingw-sqlite-3.26.0.0-1.fc29 96 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1 asterisk-16.2.1-1.fc29 82 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c84f291592 WALinuxAgent-2.2.38-1.fc29 77 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7528388823 chicken-5.0.0-2.fc29 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9839aded3f python-gnupg-0.4.4-1.fc29 33 https://bodhi.fedoraproject.org/updates/FEDORA-2019-35cb5a4785 kubernetes-1.13.5-1.fc29 26 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9454ce61b2 freeradius-3.0.19-3.fc29 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-96badf645f thunderbird-60.7.0-1.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5910c3ef2 libvirt-4.7.0-4.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-697de0501f curl-7.61.1-11.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2ea119f414 buildbot-1.8.2-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c71ff167a mutt-1.12.0-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fbda9f1e49 python-urllib3-1.24.3-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8c4b25b5ec php-7.2.19-2.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f0435555ac cyrus-imapd-3.0.10-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c7187e6dc7 mod_http2-1.15.1-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0ea42f074e poppler-0.67.0-21.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1b61a528dd dovecot-2.3.6-3.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-24217abfdf containernetworking-plugins-0.7.5-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 85 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5329292fc2 fedfind-4.2.2-1.fc29 python-productmd-1.20-1.fc29 77 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f4b2308023 iproute-5.0.0-2.fc29 42 https://bodhi.fedoraproject.org/updates/FEDORA-2019-201c9dce0a libXt-1.1.5-11.20190424gitba4ec9376.fc29 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e6d2bef148 python2-2.7.16-2.fc29 36 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d762a7ad70 kexec-tools-2.0.19-1.fc29 27 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e513e057d5 python-blivet-3.1.2-5.fc29 26 https://bodhi.fedoraproject.org/updates/FEDORA-2019-719c8264ca lorax-29.29-1.fc29 25 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3b38d20c4a alsa-lib-1.1.9-1.fc29 alsa-plugins-1.1.9-1.fc29 alsa-utils-1.1.9-1.fc29 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-28516f8c38 librepo-1.10.2-1.fc29 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d2df59c6df vim-8.1.1359-1.fc29 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-691a70723b fwupd-1.2.9-1.fc29 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9be1aa31d1 dnf-plugins-core-4.0.7-1.fc29 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-96badf645f thunderbird-60.7.0-1.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b1f02f9ed4 p11-kit-0.23.16.1-1.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-697de0501f curl-7.61.1-11.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5910c3ef2 libvirt-4.7.0-4.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8ab4452eca pcre-8.43-2.fc29 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5ecb2e38c3 libidn2-2.2.0-1.fc29 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6edf6c9afc xkeyboard-config-2.24-5.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fbda9f1e49 python-urllib3-1.24.3-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2b6e64e5ca samba-4.9.8-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-358468ed91 gnome-settings-daemon-3.30.2-2.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-06a2d1c7fb anaconda-29.24.7-3.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-534728cfe8 crypto-policies-20190527-1.git0b3add8.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b86c1cf99f pungi-4.1.37-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5f258252a4 openssh-7.9p1-6.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0ea42f074e poppler-0.67.0-21.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cefd3161a nfs-utils-2.3.3-4.rc2.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-04b9c67922 selinux-policy-3.14.2-60.fc29 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-57cd1d7037 btrfs-progs-5.1-1.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2fc3e80abe hwdata-0.324-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2fc5ffc4e2 openssl-1.1.1c-2.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-92bb1b64f6 igt-gpu-tools-1.23-1.20190531git4108c74.fc29 xorg-x11-drv-intel-2.99.917-42.20180618.fc29
The following builds have been pushed to Fedora 29 updates-testing
compose-utils-0.1.31-1.fc29 container-exception-logger-1.0.3-1.fc29 earlyoom-1.3-2.fc29 flat-remix-theme-0.0.20190604-1.fc29 flrig-1.3.45-1.fc29 gnome-chemistry-utils-0.14.17-17.fc29 gnumeric-1.12.45-1.fc29 goffice-0.10.45-1.fc29 js-jquery-file-upload-9.31.0-1.fc29 js-jquery-jstree-3.3.8-1.fc29 kernel-5.1.7-200.fc29 kernel-headers-5.1.7-200.fc29 libntirpc-1.7.4-1.fc29 mozilla-iot-gateway-0.8.1-2.fc29 nfs-ganesha-2.7.4-1.fc29 pam-u2f-1.0.8-1.fc29 perl-PPIx-QuoteLike-0.007-1.fc29 perl-podlators-4.12-1.fc29 php-phpmyadmin-sql-parser-4.3.2-1.fc29 php-twig2-2.11.2-1.fc29 phpMyAdmin-4.9.0.1-1.fc29 python-alembic-1.0.10-1.fc29 python-giacpy-0.6.8-1.fc29 python-metakernel-0.24.2-1.fc29 python38-3.8.0~b1-1.fc29 quilter-1.9.0-1.20190605git076ac9e.fc29
Details about builds:
================================================================================ compose-utils-0.1.31-1.fc29 (FEDORA-2019-e0e0f86a69) Utilities for working with composes -------------------------------------------------------------------------------- Update Information:
New upstream release with module support in `compose_utils.diff`. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Lubom��r Sedl���� lsedlar@redhat.com - 0.1.31-1 - New upstream release * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 0.1.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ container-exception-logger-1.0.3-1.fc29 (FEDORA-2019-9b446c7753) Logging from a container to a host -------------------------------------------------------------------------------- Update Information:
- Use a correct command name in helper (`container-exception-logger`) - Drop the setuid wrapper - license is actually GPLv3+ -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Martin Kutlak mkutlak@redhat.com 1.0.3-1 - Use a correct command name in helper (mkutlak@redhat.com) - Drop the setuid wrapper (mkutlak@redhat.com) - license is actually GPLv3+ (msuchy@redhat.com) --------------------------------------------------------------------------------
================================================================================ earlyoom-1.3-2.fc29 (FEDORA-2019-3082237808) Early OOM Daemon for Linux -------------------------------------------------------------------------------- Update Information:
Forwarded version to compiled binary. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Vitaly Zaitsev vitaly@easycoding.org - 1.3-2 - Forwarded version to compiled binary. --------------------------------------------------------------------------------
================================================================================ flat-remix-theme-0.0.20190604-1.fc29 (FEDORA-2019-dadaa4c756) Pretty simple theme inspired on material design -------------------------------------------------------------------------------- Update Information:
#### Description Flat Remix GTK theme is a pretty simple GTK window theme inspired on material design following a modern design using "flat" colors with high contrasts and sharp borders. Themes: * Flat Remix GTK * Flat Remix GTK Dark * Flat Remix GTK Darker * Flat Remix GTK Darkest Variants: * Solid: Theme without transparency * No Border: Darkest theme without white window border -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1706365 - Review Request: flat-remix-theme - Pretty simple theme inspired on material design https://bugzilla.redhat.com/show_bug.cgi?id=1706365 --------------------------------------------------------------------------------
================================================================================ flrig-1.3.45-1.fc29 (FEDORA-2019-909d49ad06) Transceiver control program -------------------------------------------------------------------------------- Update Information:
Version 1.3.45 * Maintenance release = - FT-891 - update - TT-550 - restore tabs dialog visibility - sliders - add user configuration for sliders - modify Win32 build scripts - combo/listbox controls - remove readonly attribute of input box - RPC::XML methods - expose set/get for volum, mic, rfgain - Add Kenwood TS790 backend -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Richard Shaw hobbes1069@gmail.com - 1.3.45-1 - Update to 1.3.45. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717196 - flrig-1.3.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1717196 --------------------------------------------------------------------------------
================================================================================ gnome-chemistry-utils-0.14.17-17.fc29 (FEDORA-2019-5b2fcc8f10) A set of chemical utilities -------------------------------------------------------------------------------- Update Information:
An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.45.html -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Julian Sikorski belegdol@fedoraproject.org - 0.14.17-17 - Rebuild for gnumeric-1.12.45 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716664 - gnumeric-1.12.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716664 [ 2 ] Bug #1716666 - goffice-0.10.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716666 --------------------------------------------------------------------------------
================================================================================ gnumeric-1.12.45-1.fc29 (FEDORA-2019-5b2fcc8f10) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information:
An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.45.html -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Julian Sikorski belegdol@fedoraproject.org - 1:1.12.45-1 - Update to 1.12.45 - Update python2 patch - Drop obsolete .spec sections - Bytecompile python files properly -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716664 - gnumeric-1.12.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716664 [ 2 ] Bug #1716666 - goffice-0.10.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716666 --------------------------------------------------------------------------------
================================================================================ goffice-0.10.45-1.fc29 (FEDORA-2019-5b2fcc8f10) G Office support libraries -------------------------------------------------------------------------------- Update Information:
An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.45.html -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Julian Sikorski belegdol@fedoraproject.org - 0.10.45-1 - Update to 0.10.45 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716664 - gnumeric-1.12.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716664 [ 2 ] Bug #1716666 - goffice-0.10.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716666 --------------------------------------------------------------------------------
================================================================================ js-jquery-file-upload-9.31.0-1.fc29 (FEDORA-2019-5acf586a26) File Upload widget for jQuery -------------------------------------------------------------------------------- Update Information:
Update to [9.31.0](https://github.com/blueimp/jQuery-File- Upload/compare/v9.22.0...v9.31.0). -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Randy Barlow bowlofeggs@fedoraproject.org - 9.31.0-1 - Update to 9.31.0 (#1700322). - https://github.com/blueimp/jQuery-File-Upload/compare/v9.22.0...v9.31.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1700322 - js-jquery-file-upload-9.31.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1700322 --------------------------------------------------------------------------------
================================================================================ js-jquery-jstree-3.3.8-1.fc29 (FEDORA-2019-a171291a47) A jQuery tree plugin -------------------------------------------------------------------------------- Update Information:
Update to [3.3.8](https://github.com/vakata/jstree/compare/3.3.5...3.3.8). -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Randy Barlow bowlofeggs@fedoraproject.org - 3.3.8-1 - Update to 3.3.8 (#1703862). - https://github.com/vakata/jstree/compare/3.3.5...3.3.8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703862 - js-jquery-jstree-3.3.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1703862 --------------------------------------------------------------------------------
================================================================================ kernel-5.1.7-200.fc29 (FEDORA-2019-492d24f0ef) The Linux kernel -------------------------------------------------------------------------------- Update Information:
Update to v5.1.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Jeremy Cline jcline@redhat.com - 5.1.7-200 - Linux v5.1.7 - Fix CVE-2019-12455 (rhbz 1716990 1717003) - Fix CVE-2019-12454 (rhbz 1716996 1717003) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717003 - CVE-2019-12454 CVE-2019-12455 kernel: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1717003 --------------------------------------------------------------------------------
================================================================================ kernel-headers-5.1.7-200.fc29 (FEDORA-2019-492d24f0ef) Header files for the Linux kernel for use by glibc -------------------------------------------------------------------------------- Update Information:
Update to v5.1.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Jeremy Cline jcline@redhat.com - 5.1.7-200 - Linux v5.1.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717003 - CVE-2019-12454 CVE-2019-12455 kernel: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1717003 --------------------------------------------------------------------------------
================================================================================ libntirpc-1.7.4-1.fc29 (FEDORA-2019-6bc7635438) New Transport Independent RPC Library -------------------------------------------------------------------------------- Update Information:
libntirpc 1.7.4 GA -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Kaleb S. KEITHLEY <kkeithle at redhat.com> 1.7.4-1 - libntirpc 1.7.4 GA --------------------------------------------------------------------------------
================================================================================ mozilla-iot-gateway-0.8.1-2.fc29 (FEDORA-2019-24ba1d4ba0) Mozilla's Web of Things gateway -------------------------------------------------------------------------------- Update Information:
Change home directory location for moz-iot-gateway user Add patch to not run ldconfig in container -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Troy Dawson tdawson@redhat.com - 0.8.1-2 - Change home directory location for moz-iot-gateway user - Add patch to not run ldconfig in container --------------------------------------------------------------------------------
================================================================================ nfs-ganesha-2.7.4-1.fc29 (FEDORA-2019-02cd019281) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information:
nfs-ganesha 2.7.4 GA -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 2.7.4-1 - nfs-ganesha 2.7.4 GA * Fri May 17 2019 Miro Hron��ok mhroncok@redhat.com - 2.7.3-4 - Avoid unversioned Python requires * Thu May 16 2019 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 2.7.3-3 - nfs-ganesha 2.7.3, enable utils w/ python2 on f30 and up * Fri May 10 2019 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 2.7.3-2 - nfs-ganesha 2.7.3, selinux bz#1706462 --------------------------------------------------------------------------------
================================================================================ pam-u2f-1.0.8-1.fc29 (FEDORA-2019-cd8f4b9568) Implements PAM authentication over U2F -------------------------------------------------------------------------------- Update Information:
New upstream release Fixes Debug file descriptor leak CVE-2019-1221 Fixes insecure debug file handling CVE-2019-1220 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Seth Jennings spartacus06@gmail.com - 1.0.8-1 - New upstream release - Fixes Debug file descriptor leak CVE-2019-1221 - Fixes insecure debug file handling CVE-2019-1220 - resolves: #1717326 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717326 - Debug file descriptor leak CVE-2019-1221 and insecure debug file handling CVE-2019-12209 https://bugzilla.redhat.com/show_bug.cgi?id=1717326 --------------------------------------------------------------------------------
================================================================================ perl-PPIx-QuoteLike-0.007-1.fc29 (FEDORA-2019-847fc9fe3d) Parse Perl string literals and string-literal-like things -------------------------------------------------------------------------------- Update Information:
This release prohibits a forbidden interpolation inside \N{���}, it fixes examples, it allows PPIx::QuoteLike::Utils::__variables() method to accept PPI::Element, PPIx::Regexp::Element, PPIx::QuoteLike, and PPIx::QuoteLike::Token objects. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Petr Pisar ppisar@redhat.com - 0.007-1 - 0.007 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1715940 - perl-PPIx-QuoteLike-0.007 is available https://bugzilla.redhat.com/show_bug.cgi?id=1715940 --------------------------------------------------------------------------------
================================================================================ perl-podlators-4.12-1.fc29 (FEDORA-2019-e0b72241c2) Format POD source into various output formats -------------------------------------------------------------------------------- Update Information:
This release fixes tests. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Petr Pisar ppisar@redhat.com - 1:4.12-1 - 4.12 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716020 - perl-podlators-4.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716020 --------------------------------------------------------------------------------
================================================================================ php-phpmyadmin-sql-parser-4.3.2-1.fc29 (FEDORA-2019-33649e2e64) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information:
Upstream announcement: Welcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes important security fixes. This release fixes two security vulnerabilities: * PMASA-2019-3 is an SQL injection flaw in the Designer feature * PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form Upgrading is highly recommended for all users. Using the 'http' auth_type instead of 'cookie' can mitigate the CSRF attack. The solution for the CSRF attack does remove the former functionality to log in directly through URL parameters (as mentioned in FAQ 4.8, such as https://example.com/phpmyadmin/?pma_username=root&password=foo). Such behavior was discouraged and is now removed. Other query parameters work as expected; only pma_username and pma_password have been removed. This release also includes fixes for many bugs, including: - Several issues with SYSTEM VERSIONING tables - Fixed json encode error in export - Fixed JavaScript events not activating on input (sql bookmark issue) - Show Designer combo boxes when adding a constraint - Fix edit view - Fixed invalid default value for bit field - Fix several errors relating to GIS data types - Fixed javascript error PMA_messages is not defined - Fixed import XML data with leading zeros - Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) - Fixed MySQL 8.0.0 issues with GIS display - Fixed "Server charset" in "Database server" tab showing wrong information - Fixed can not copy user on Percona Server 5.7 - Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors. The phpMyAdmin team ---- **phpmyadmin/sql-parser version 4.3.2** * Fix redundant whitespaces in build() outputs (#228) * Fix incorrect error on DEFAULT keyword in ALTER operation (#229) * Fix incorrect outputs from Query::getClause (#233) * Add support for reading an SQL file from stdin * Fix for missing tokenize-query in Composer's vendor/bin/ directory * Fix for PHP warnings with an incomplete CASE expression (#241) * Fix for error message with multiple CALL statements (#223) * Recognize the question mark character as a parameter (#242) -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Remi Collet remi@remirepo.net - 4.3.2-1 - update to 4.3.2 - add php-phpmyadmin-sql-parser-tokenize-query command -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717401 - CVE-2019-11768 phpmyadmin: specially crafted database name in the designer feature can be used to trigger an SQL injection attack https://bugzilla.redhat.com/show_bug.cgi?id=1717401 [ 2 ] Bug #1717402 - CVE-2019-12616 phpmyadmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim https://bugzilla.redhat.com/show_bug.cgi?id=1717402 --------------------------------------------------------------------------------
================================================================================ php-twig2-2.11.2-1.fc29 (FEDORA-2019-6dd7e722b7) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information:
**Version 2.11.2** (2019-06-05) * fixed macro auto-import ---- **Version 2.11.1** (2019-06-04) * added support for "Twig\Markup" instances in the "in" test (again) * allowed string operators as variables names in assignments * fixed support for macros defined in parent templates ---- **Version 2.11.0** (2019-05-31) * added the possibility to register classes/interfaces as being safe for the escaper ("EscaperExtension::addSafeClass()") * deprecated CoreExtension::setEscaper() and CoreExtension::getEscapers() in favor of the same methods on EscaperExtension * macros are now auto-imported in the template they are defined (under the ``_self`` variable) * added support for macros on "is defined" tests * fixed macros "import" when using the same name in the parent and child templates * fixed recursive macros * macros imported "globally" in a template are now available in macros without re-importing them * fixed the "filter" filter when the argument is \Traversable but does not implement \Iterator (\SimpleXmlElement for instance) * fixed a PHP fatal error when calling a macro imported in a block in a nested block * fixed a PHP fatal error when calling a macro imported in the template in another macro * fixed wrong error message on "import" and "from" -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Remi Collet remi@remirepo.net - 2.11.2-1 - update to 2.11.2 * Tue Jun 4 2019 Remi Collet remi@remirepo.net - 2.11.1-1 - update to 2.11.1 * Mon Jun 3 2019 Remi Collet remi@remirepo.net - 2.11.0-1 - update to 2.11.0 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin-4.9.0.1-1.fc29 (FEDORA-2019-33649e2e64) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
Upstream announcement: Welcome to **phpMyAdmin 4.9.0.1**, a bugfix release that includes important security fixes. This release fixes two security vulnerabilities: * PMASA-2019-3 is an SQL injection flaw in the Designer feature * PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form Upgrading is highly recommended for all users. Using the 'http' auth_type instead of 'cookie' can mitigate the CSRF attack. The solution for the CSRF attack does remove the former functionality to log in directly through URL parameters (as mentioned in FAQ 4.8, such as https://example.com/phpmyadmin/?pma_username=root&password=foo). Such behavior was discouraged and is now removed. Other query parameters work as expected; only pma_username and pma_password have been removed. This release also includes fixes for many bugs, including: - Several issues with SYSTEM VERSIONING tables - Fixed json encode error in export - Fixed JavaScript events not activating on input (sql bookmark issue) - Show Designer combo boxes when adding a constraint - Fix edit view - Fixed invalid default value for bit field - Fix several errors relating to GIS data types - Fixed javascript error PMA_messages is not defined - Fixed import XML data with leading zeros - Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) - Fixed MySQL 8.0.0 issues with GIS display - Fixed "Server charset" in "Database server" tab showing wrong information - Fixed can not copy user on Percona Server 5.7 - Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors. The phpMyAdmin team ---- **phpmyadmin/sql-parser version 4.3.2** * Fix redundant whitespaces in build() outputs (#228) * Fix incorrect error on DEFAULT keyword in ALTER operation (#229) * Fix incorrect outputs from Query::getClause (#233) * Add support for reading an SQL file from stdin * Fix for missing tokenize-query in Composer's vendor/bin/ directory * Fix for PHP warnings with an incomplete CASE expression (#241) * Fix for error message with multiple CALL statements (#223) * Recognize the question mark character as a parameter (#242) -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2019 Remi Collet remi@remirepo.net - 4.9.0.1-1 - update to 4.9.0.1 (2019-06-04, important security fixes) - raise dependency on phpmyadmin/sql-parser version 4.3.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717401 - CVE-2019-11768 phpmyadmin: specially crafted database name in the designer feature can be used to trigger an SQL injection attack https://bugzilla.redhat.com/show_bug.cgi?id=1717401 [ 2 ] Bug #1717402 - CVE-2019-12616 phpmyadmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim https://bugzilla.redhat.com/show_bug.cgi?id=1717402 --------------------------------------------------------------------------------
================================================================================ python-alembic-1.0.10-1.fc29 (FEDORA-2019-ef33a4a25e) Database migration tool for SQLAlchemy -------------------------------------------------------------------------------- Update Information:
Update to [1.0.10](https://alembic.sqlalchemy.org/en/latest/changelog.html#change-1.0.10). -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Randy Barlow bowlofeggs@fedoraproject.org - 1.0.10-1 - Update to 1.0.10 (#1700050). - https://alembic.sqlalchemy.org/en/latest/changelog.html#change-1.0.10 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1700050 - python-alembic-1.0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1700050 --------------------------------------------------------------------------------
================================================================================ python-giacpy-0.6.8-1.fc29 (FEDORA-2019-dbe5dc1939) Python binding for Giac -------------------------------------------------------------------------------- Update Information:
- Release 0.6.8 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Antonio Trande <sagitterATfedoraproject.org> - 0.6.8-1 - Release 0.6.8 * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.6.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Oct 10 2018 Antonio Trande <sagitterATfedoraproject.org> - 0.6.7-1 - Release 0.6.7 * Mon Aug 27 2018 Antonio Trande <sagitterATfedoraproject.org> - 0.6.6-5 - Fix Cython requests * Mon Aug 27 2018 Antonio Trande <sagitterATfedoraproject.org> - 0.6.6-4 - Deprecate Python2 on fedora 30+ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717424 - python-giacpy-0.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1717424 --------------------------------------------------------------------------------
================================================================================ python-metakernel-0.24.2-1.fc29 (FEDORA-2019-22afc255f6) Metakernel for Jupyter -------------------------------------------------------------------------------- Update Information:
New version 0.24.2 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Mattias Ellert mattias.ellert@physics.uu.se - 0.24.2-1 - Update to version 0.24.2 - Drop patch python-metakernel-Fix-TypeError.patch (accepted upstream) * Wed Jun 5 2019 Mattias Ellert mattias.ellert@physics.uu.se - 0.24.1-1 - Update to version 0.24.1 - Drop metakernel-bash packages (upstream removed sources) - Tests are now using pytest instead of nose - Fix a TypeError -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716142 - python-metakernel-0.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1716142 [ 2 ] Bug #1717340 - python-metakernel-0.24.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1717340 --------------------------------------------------------------------------------
================================================================================ python38-3.8.0~b1-1.fc29 (FEDORA-2019-e77f7dbb32) Version 3.8 of the Python interpreter -------------------------------------------------------------------------------- Update Information:
###This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, [3.8.0b1](https://www.python.org/downloads/release/python-380b1/) is the first of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. ### Call to action We strongly encourage maintainers of third-party Python projects to **test with 3.8** during the beta phase and report issues found to the Python bug tracker as soon as possible. While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0rc1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase. Please keep in mind that this is a preview release and its use is **only recommended for testing**. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Miro Hron��ok mhroncok@redhat.com - 3.8.0~b1-1 - Update to 3.8.0b1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1716995 - python3.8-config does not understand --embed https://bugzilla.redhat.com/show_bug.cgi?id=1716995 --------------------------------------------------------------------------------
================================================================================ quilter-1.9.0-1.20190605git076ac9e.fc29 (FEDORA-2019-82ce29e885) Focus on your writing -------------------------------------------------------------------------------- Update Information:
Update to 1.9.0-20190605git076ac9e -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 5 2019 Artem Polishchuk ego.cordatus@gmail.com - 1.9.0-1.20190605git076ac9e - Update to 1.9.0-20190605git076ac9e --------------------------------------------------------------------------------