The following Fedora 26 Security updates need testing: Age URL 138 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 77 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-brace-expansion-1.1.7-1.fc26 40 https://bodhi.fedoraproject.org/updates/FEDORA-2017-690a2548ba openvswitch-2.7.1-2.fc26 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325 memcached-1.4.39-1.fc26 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-721314e3b3 java-1.8.0-openjdk-aarch32-1.8.0.141-2.170721.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346 botan-1.10.16-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f03b04acbb mercurial-4.2.3-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9 cvs-1.11.23-42.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5177f3a16 exim-4.89-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab0def38cd tomcat-8.0.46-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-487fae29b4 dnsdist-1.2.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d74f1c135 taglib-1.11.1-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0fbd57c134 drupal8-8.3.7-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9899aba20e groovy18-1.8.9-30.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dfa70ae35 thunderbird-52.3.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5617ab3b38 mingw-libzip-1.2.0-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8fa8e1a13 xen-4.8.1-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1f3de4eb ImageMagick-7.0.6-9.2.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c510774d90 libpsl-0.18.0-1.fc26 publicsuffix-list-20170809-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9 cvs-1.11.23-42.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2b5c43e67 p11-kit-0.23.8-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d119cd8c3f sddm-0.14.0-13.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-595b08352c pango-1.40.11-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-31aabe2be0 sqlite-3.20.0-2.fc26 tracker-1.12.3-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8fa8e1a13 xen-4.8.1-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cbd104b9f4 rpm-4.13.0.1-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b1e7b5a7e librepo-1.8.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d143918a network-manager-applet-1.8.2-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dfa70ae35 thunderbird-52.3.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-50e1f02ccb libglvnd-0.2.999-24.20170818git8d4d03f.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-24dcbfa22d pungi-4.1.17-4.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1cf3a2313 gtk3-3.22.19-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d74f1c135 taglib-1.11.1-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ecffc8e60c libappstream-glib-0.7.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d086635b3 gdk-pixbuf2-2.36.9-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68611800c4 gnutls-3.5.15-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-75b1d4b623 bind99-9.9.10-2.P3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a6ab88955c expat-2.2.4-1.fc26 The following builds have been pushed to Fedora 26 updates-testing ImageMagick-7.0.6-9.2.fc26 eclipse-testng-6.12.0-0.1.gitf991e16.fc26 fpaste-0.3.9.0-1.fc26 freecad-0.16-10.fc26 greenwave-0.1.1-1.02795e8.fc26 metamath-0.149-1.fc26 mingw-libzip-1.2.0-3.fc26 sqlite-3.20.0-2.fc26 testng-6.9.12-5.fc26 tracker-1.12.3-1.fc26 xen-4.8.1-7.fc26 Details about builds: ================================================================================ ImageMagick-7.0.6-9.2.fc26 (FEDORA-2017-0a1f3de4eb) Use ImageMagick to convert, edit, or compose bitmap images in a variety of formats. In addition resize, rotate, shear, distort and transform images. -------------------------------------------------------------------------------- Update Information: Tagging this update now as it is an urgent fix. This update includes a soname bump so affected packages will need to be rebuilt by the package maintainer or someone with proven packager privs. This update fixes ImageTragick in Fedora as well as numerous other security issues such as: - Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485 - Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470 - Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463 - Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845 - Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391 - Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847 - Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824 - Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801 - Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798 - Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796 - Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774 - Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757 - Fix CVE-2017-10928 ImageMagick: heap- based buffer over-read in the GetNextToken function - bug #1473717 - Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835 - Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121 - Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669 - Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253 - Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584 - Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898 - Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444 - Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446 - Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445 - Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510 - Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442 - Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478 - Fix CVE-2016-10071 ImageMagick: Out- of-bounds read in mat.c - bug #1410513 - Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469 - Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466 - Fix CVE-2016-10052 ImageMagick: Out-of- bounds write in exif (jpeg) reader - bug #1410459 - Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454 - Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452 - Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448 - Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698 - Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141 - Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138 - ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428 - Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,137873 9,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,137875 6,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,137876 7,1378768,1378772,1378773,1378775,1378776,1378777,1378790 - Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file - bug #1354500,1361578 -------------------------------------------------------------------------------- ================================================================================ eclipse-testng-6.12.0-0.1.gitf991e16.fc26 (FEDORA-2017-a646e146b7) TestNG plug-in for Eclipse -------------------------------------------------------------------------------- Update Information: Updates to latest snapshot of the Eclipse TestNG plugin. See upstream [release notes](https://github.com/cbeust/testng- eclipse/blob/f991e16da06363a42676938f5c140b93d35593d2/CHANGES.md). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1465818 - Update eclipse-testng to at least 6.11.0 https://bugzilla.redhat.com/show_bug.cgi?id=1465818 -------------------------------------------------------------------------------- ================================================================================ fpaste-0.3.9.0-1.fc26 (FEDORA-2017-8216a1d052) A simple tool for pasting info onto sticky notes instances -------------------------------------------------------------------------------- Update Information: New release for modernpaste -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408266 - fpaste --sysinfo hangs forever https://bugzilla.redhat.com/show_bug.cgi?id=1408266 [ 2 ] Bug #1426322 - Can't paste anymore with newer fpaste server https://bugzilla.redhat.com/show_bug.cgi?id=1426322 [ 3 ] Bug #1475225 - fpaste --rawurl is broken https://bugzilla.redhat.com/show_bug.cgi?id=1475225 [ 4 ] Bug #1390390 - fpaste Error With -d -P options && fpaste --sysinfo is stuck Without Root Permissions. https://bugzilla.redhat.com/show_bug.cgi?id=1390390 -------------------------------------------------------------------------------- ================================================================================ freecad-0.16-10.fc26 (FEDORA-2017-44d5f8498c) A general purpose 3D CAD modeler -------------------------------------------------------------------------------- Update Information: Add qt-assistant as install requirement, fixes RHBZ#1484186. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484186 - Packaging: Freecad required package qt-assistant to display Help file https://bugzilla.redhat.com/show_bug.cgi?id=1484186 -------------------------------------------------------------------------------- ================================================================================ greenwave-0.1.1-1.02795e8.fc26 (FEDORA-2017-2aed05b3c7) Service for gating on automated tests -------------------------------------------------------------------------------- Update Information: Upstream pre-release. ---- initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481477 - Review Request: greenwave - Service for gating on automated tests by querying ResultsDB and WaiverDB https://bugzilla.redhat.com/show_bug.cgi?id=1481477 -------------------------------------------------------------------------------- ================================================================================ metamath-0.149-1.fc26 (FEDORA-2017-5daed69f7d) Construct mathematics from basic axioms -------------------------------------------------------------------------------- Update Information: Changes in version 0.148: - Many changes to set.mm - Add "Dummy variable x is distinct from all other variables." to proof web page - Hyperlink "Dummy variable(s)" Changes in version 0.149: - add a subsubsection "tiny" header with separator "-.-." to table of contents and theorem list; see HELP WRITE THEOREM_LIST - remove bug check 255 - change mmset.html links to ../mpeuni/mmset.html so they will work in NF Explorer etc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482724 - metamath-0.148 is available https://bugzilla.redhat.com/show_bug.cgi?id=1482724 [ 2 ] Bug #1484389 - metamath-0.149 is available https://bugzilla.redhat.com/show_bug.cgi?id=1484389 -------------------------------------------------------------------------------- ================================================================================ mingw-libzip-1.2.0-3.fc26 (FEDORA-2017-5617ab3b38) C library for reading, creating, and modifying zip archives -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2017-12858. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484514 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c https://bugzilla.redhat.com/show_bug.cgi?id=1484514 -------------------------------------------------------------------------------- ================================================================================ sqlite-3.20.0-2.fc26 (FEDORA-2017-31aabe2be0) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: tracker 1.12.3 release, combined together with an sqlite update enabling the FTS5 extension that tracker needs. This fixes search in the gtk3 file chooser, which regressed in sqlite 3.20.0 / tracker 1.12.2. For details, see https://mail.gnome.org/archives/ftp-release-list/2017-August/msg00146.html -------------------------------------------------------------------------------- ================================================================================ testng-6.9.12-5.fc26 (FEDORA-2017-a646e146b7) Java-based testing framework -------------------------------------------------------------------------------- Update Information: Updates to latest snapshot of the Eclipse TestNG plugin. See upstream [release notes](https://github.com/cbeust/testng- eclipse/blob/f991e16da06363a42676938f5c140b93d35593d2/CHANGES.md). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1465818 - Update eclipse-testng to at least 6.11.0 https://bugzilla.redhat.com/show_bug.cgi?id=1465818 -------------------------------------------------------------------------------- ================================================================================ tracker-1.12.3-1.fc26 (FEDORA-2017-31aabe2be0) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: tracker 1.12.3 release, combined together with an sqlite update enabling the FTS5 extension that tracker needs. This fixes search in the gtk3 file chooser, which regressed in sqlite 3.20.0 / tracker 1.12.2. For details, see https://mail.gnome.org/archives/ftp-release-list/2017-August/msg00146.html -------------------------------------------------------------------------------- ================================================================================ xen-4.8.1-7.fc26 (FEDORA-2017-b8fa8e1a13) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484476 - xsa235 xen: add-to-physmap error paths fail to release lock on ARM https://bugzilla.redhat.com/show_bug.cgi?id=1484476 [ 2 ] Bug #1446517 - CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer https://bugzilla.redhat.com/show_bug.cgi?id=1446517 [ 3 ] Bug #1446547 - CVE-2017-8379 Qemu: input: host memory lekage via keyboard events https://bugzilla.redhat.com/show_bug.cgi?id=1446547 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org
