The following Fedora 27 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b444c3b9c5
libwmf-0.2.8.4-53.fc27
10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15819d2c37
jasper-2.0.14-1.fc27
5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7af44272e2
ImageMagick-6.9.9.13-1.fc27 rubygem-rmagick-2.16.0-6.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-23dba9fb5d
kernel-4.13.3-300.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d270e932a3
nagios-4.3.4-3.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fdd3a98e8f
httpd-2.4.27-8.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0348398d64
LibRaw-0.18.5-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3cd18fb03
mingw-LibRaw-0.18.5-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-109f8db088
chromium-61.0.3163.100-1.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d6a38c4ff
MySQL-zrm-3.0-17.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d79b43fcc
poppler-0.57.0-2.fc27
0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67ba559502
perl-5.26.1-400.fc27
The following builds have been pushed to Fedora 27 updates-testing
LuxRender-1.6-23.fc27
MySQL-zrm-3.0-17.fc27
WoeUSB-2.1.3-1.fc27
astrometry-0.72-2.fc27
astrometry-tycho2-1.1.1-1.fc27
chromium-61.0.3163.100-1.fc27
dnf-2.6.3-12.fc27
embree-2.17.0-1.fc27
evemu-2.7.0-1.fc27
golang-github-AudriusButkevicius-kcp-go-0-0.1.20170902.gitd17218b.fc27
gpick-0.2.6-0.rc1.fc27
gscan2pdf-1.8.7-1.fc27
gtkwave-3.3.85-1.fc27
hunspell-en-0.20140811.1-9.fc27
i3-4.14.1-1.fc27
lucene3-3.6.2-11.fc27
magic-8.2.28-1.fc27
nss-3.32.1-1.0.fc27
perl-5.26.1-400.fc27
perl-CPAN-Perl-Releases-3.38-1.fc27
perl-DBD-Pg-3.7.0-1.fc27
perl-File-Fetch-0.54-1.fc27
perl-Module-CoreList-5.20170923-1.fc27
perl-Safe-Isa-1.000007-1.fc27
perl-System-Info-0.056-1.fc27
perl-XML-LibXML-2.0129-8.fc27
php-alcaeus-mongo-php-adapter-1.1.3-1.fc27
php-behat-mink-1.7.1-5.fc27
php-goutte-3.2.0-4.fc27
php-guzzle-Guzzle-3.9.3-13.fc27
php-jms-serializer-1.8.1-1.fc27
php-phpunit-PHPUnit-5.7.22-1.fc27
phpunit6-6.3.1-1.fc27
poppler-0.57.0-2.fc27
solr3-3.6.2-15.fc27
stellarium-0.16.1-1.fc27
syncthing-0.14.38-1.fc27
Details about builds:
================================================================================
LuxRender-1.6-23.fc27 (FEDORA-2017-7bdd2e7ffb)
Lux Renderer, an unbiased rendering system
--------------------------------------------------------------------------------
Update Information:
Rebuild from embree 2.17.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494058 - embree-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494058
--------------------------------------------------------------------------------
================================================================================
MySQL-zrm-3.0-17.fc27 (FEDORA-2017-2d6a38c4ff)
MySQL backup manager
--------------------------------------------------------------------------------
Update Information:
Fix command logging
--------------------------------------------------------------------------------
================================================================================
WoeUSB-2.1.3-1.fc27 (FEDORA-2017-69b1f9cb32)
Windows USB installation media creator
--------------------------------------------------------------------------------
Update Information:
Initial release for F25 and F27.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494089 - Review Request: WoeUSB - Windows USB installation media
creator
https://bugzilla.redhat.com/show_bug.cgi?id=1494089
--------------------------------------------------------------------------------
================================================================================
astrometry-0.72-2.fc27 (FEDORA-2017-37cbeee31d)
Blind astrometric calibration of arbitrary astronomical images
--------------------------------------------------------------------------------
Update Information:
New packages for astrometry and the astrometry index files for Tycho-2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470470 - Review Request: astrometry-tycho2 - Tycho-2 catalogue
for astrometry.net
https://bugzilla.redhat.com/show_bug.cgi?id=1470470
[ 2 ] Bug #1470436 - Review Request: astrometry - Blind astrometric
calibration of arbitrary astronomical images
https://bugzilla.redhat.com/show_bug.cgi?id=1470436
--------------------------------------------------------------------------------
================================================================================
astrometry-tycho2-1.1.1-1.fc27 (FEDORA-2017-37cbeee31d)
Tycho-2 catalogue for astrometry.net
--------------------------------------------------------------------------------
Update Information:
New packages for astrometry and the astrometry index files for Tycho-2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470470 - Review Request: astrometry-tycho2 - Tycho-2 catalogue
for astrometry.net
https://bugzilla.redhat.com/show_bug.cgi?id=1470470
[ 2 ] Bug #1470436 - Review Request: astrometry - Blind astrometric
calibration of arbitrary astronomical images
https://bugzilla.redhat.com/show_bug.cgi?id=1470436
--------------------------------------------------------------------------------
================================================================================
chromium-61.0.3163.100-1.fc27 (FEDORA-2017-109f8db088)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112,
CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117,
CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1488782 - CVE-2017-5120 chromium-browser: potential https
downgrade during redirect navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1488782
[ 2 ] Bug #1488781 - CVE-2017-5119 chromium-browser: use of uninitialized
value in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488781
[ 3 ] Bug #1488779 - CVE-2017-5118 chromium-browser: bypass of content
security policy in blink
https://bugzilla.redhat.com/show_bug.cgi?id=1488779
[ 4 ] Bug #1488778 - CVE-2017-5117 chromium-browser: use of uninitialized
value in skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488778
[ 5 ] Bug #1488777 - CVE-2017-5116 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1488777
[ 6 ] Bug #1488776 - CVE-2017-5115 chromium-browser: type confusion in v8
https://bugzilla.redhat.com/show_bug.cgi?id=1488776
[ 7 ] Bug #1488775 - CVE-2017-5114 chromium-browser: memory lifecycle issue
in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1488775
[ 8 ] Bug #1488774 - CVE-2017-5113 chromium-browser: heap buffer overflow in
skia
https://bugzilla.redhat.com/show_bug.cgi?id=1488774
[ 9 ] Bug #1488773 - CVE-2017-5112 chromium-browser: heap buffer overflow in
webgl
https://bugzilla.redhat.com/show_bug.cgi?id=1488773
[ 10 ] Bug #1488772 - CVE-2017-5111 chromium-browser: use after free in pdfium
https://bugzilla.redhat.com/show_bug.cgi?id=1488772
[ 11 ] Bug #1494392 - CVE-2017-5122 chromium-browser: out-of-bounds access in
v8
https://bugzilla.redhat.com/show_bug.cgi?id=1494392
[ 12 ] Bug #1494391 - CVE-2017-5121 chromium-browser: out-of-bounds access in
v8
https://bugzilla.redhat.com/show_bug.cgi?id=1494391
--------------------------------------------------------------------------------
================================================================================
dnf-2.6.3-12.fc27 (FEDORA-2017-4cdd5194e2)
Package manager forked from Yum, using libsolv as a dependency resolver
--------------------------------------------------------------------------------
Update Information:
** DNF ** - Add pre_configure() for commands
--------------------------------------------------------------------------------
================================================================================
embree-2.17.0-1.fc27 (FEDORA-2017-7bdd2e7ffb)
Collection of high-performance ray tracing kernels developed at Intel
--------------------------------------------------------------------------------
Update Information:
Rebuild from embree 2.17.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494058 - embree-2.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494058
--------------------------------------------------------------------------------
================================================================================
evemu-2.7.0-1.fc27 (FEDORA-2017-8a4705ecfc)
Event Device Query and Emulation Program
--------------------------------------------------------------------------------
Update Information:
Evemu 2.7.0
--------------------------------------------------------------------------------
================================================================================
golang-github-AudriusButkevicius-kcp-go-0-0.1.20170902.gitd17218b.fc27
(FEDORA-2017-a969ce651a)
Full-featured reliable UDP communication library
--------------------------------------------------------------------------------
Update Information:
Initial package for fedora (new dependency of syncthing 0.14.38).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494869 - Review Request: golang-github-AudriusButkevicius-kcp-go
- Full-featured reliable UDP communication library
https://bugzilla.redhat.com/show_bug.cgi?id=1494869
--------------------------------------------------------------------------------
================================================================================
gpick-0.2.6-0.rc1.fc27 (FEDORA-2017-a62a87dcb8)
Advanced color picker
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.6rc1 with GTK3 support enabled
--------------------------------------------------------------------------------
================================================================================
gscan2pdf-1.8.7-1.fc27 (FEDORA-2017-9a17934dcb)
GUI for producing a multipage PDF from a scan
--------------------------------------------------------------------------------
Update Information:
This releae fixes frontend selection, Poppler PostScript backend, setting a
recursion limit in Preferences, a crach in scanimage frontend, ghosting buttons
in save dialogue, and selecting range of pages. It also updates Hungarian
translation and it adds units to scan adn edit paper dialogues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494759 - gscan2pdf-1.8.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494759
--------------------------------------------------------------------------------
================================================================================
gtkwave-3.3.85-1.fc27 (FEDORA-2017-9d94bfa292)
Waveform Viewer
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
================================================================================
hunspell-en-0.20140811.1-9.fc27 (FEDORA-2017-d4a388a428)
English hunspell dictionaries
--------------------------------------------------------------------------------
Update Information:
- perl regex rules changed so rebuilds of hunspell-en were truncated ---- *
Treat etc/etc. the same in en_GB/AU/... as en_US
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494698 - Hunspell spell checking is broken and highlights most
words as if they are misspelled.
https://bugzilla.redhat.com/show_bug.cgi?id=1494698
[ 2 ] Bug #1492306 - English (Australia) marks "etc etc." as misspelled
https://bugzilla.redhat.com/show_bug.cgi?id=1492306
--------------------------------------------------------------------------------
================================================================================
i3-4.14.1-1.fc27 (FEDORA-2017-9b8c122baf)
Improved tiling window manager
--------------------------------------------------------------------------------
Update Information:
Bugfix update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1495029 - i3-4.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1495029
--------------------------------------------------------------------------------
================================================================================
lucene3-3.6.2-11.fc27 (FEDORA-2017-f76e7f3f89)
High-performance, full-featured text search engine
--------------------------------------------------------------------------------
Update Information:
Fixes a packaging problem causing failure to build from source.
--------------------------------------------------------------------------------
================================================================================
magic-8.2.28-1.fc27 (FEDORA-2017-5e830ff674)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.2.28 is released.
--------------------------------------------------------------------------------
================================================================================
nss-3.32.1-1.0.fc27 (FEDORA-2017-96ce22f1fd)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
Updates the nss family of packages to upstream NSS 3.32.1. Note that, only the
nss package has changed since the previous upstream release 3.32.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1490652 - nss-3.32.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1490652
--------------------------------------------------------------------------------
================================================================================
perl-5.26.1-400.fc27 (FEDORA-2017-67ba559502)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-12837 CVE-2017-12883 (see
<http://search.cpan.org/dist/perl-5.26.1/pod/perldelta.pod>)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1492091 - CVE-2017-12837 perl: Heap buffer overflow in regular
expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091
[ 2 ] Bug #1492093 - CVE-2017-12883 perl: Buffer over-read in regular
expression parser
https://bugzilla.redhat.com/show_bug.cgi?id=1492093
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.38-1.fc27 (FEDORA-2017-897060f8ec)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494820 - perl-CPAN-Perl-Releases-3.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494820
--------------------------------------------------------------------------------
================================================================================
perl-DBD-Pg-3.7.0-1.fc27 (FEDORA-2017-d75d92d779)
A PostgreSQL interface for perl
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1495028 - perl-DBD-Pg-3.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1495028
--------------------------------------------------------------------------------
================================================================================
perl-File-Fetch-0.54-1.fc27 (FEDORA-2017-81015ac4d0)
Generic file fetching mechanism
--------------------------------------------------------------------------------
Update Information:
This release updates tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1495026 - perl-File-Fetch-0.54 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1495026
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20170923-1.fc27 (FEDORA-2017-e1d01bc380)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release brings data about Perl 5.26.1 and 5.24.3.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494826 - perl-Module-CoreList-5.20170923 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494826
--------------------------------------------------------------------------------
================================================================================
perl-Safe-Isa-1.000007-1.fc27 (FEDORA-2017-d921cb4c57)
Call isa, can, does and DOES safely on things that may not be objects
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
================================================================================
perl-System-Info-0.056-1.fc27 (FEDORA-2017-03727382be)
Factory for system specific information objects
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494774 - perl-System-Info-0.056 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494774
--------------------------------------------------------------------------------
================================================================================
perl-XML-LibXML-2.0129-8.fc27 (FEDORA-2017-eb3fae70d6)
Perl interface to the libxml2 library
--------------------------------------------------------------------------------
Update Information:
This release adjusts tests to libxml2-2.9.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1489529 - perl-XML-LibXML-2.0129-7.fc28 FTBFS: tests fail with
libxml2-2.9.5
https://bugzilla.redhat.com/show_bug.cgi?id=1489529
--------------------------------------------------------------------------------
================================================================================
php-alcaeus-mongo-php-adapter-1.1.3-1.fc27 (FEDORA-2017-037809899f)
Mongo PHP Adapter
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.3** (2017-09-24) All issues and pull requests under this release
may be found under the [1.1.3](https://github.com/alcaeus/mongo-php-
adapter/issues?q=milestone%3A1.1.3) milestone. *
[#203](https://github.com/alcaeus/mongo-php-adapter/pull/203) fixes the
detection of empty keys in update queries which were sometimes not properly
handled. * [#187](https://github.com/alcaeus/mongo-php-adapter/pull/187) forces
a primary read preference to certain commands that need to write data. *
[#195](https://github.com/alcaeus/mongo-php-adapter/pull/195) fixes a wrong
calculation leading to a wrong `updatedExisting` field in the result of an
`update` query. * [#193](https://github.com/alcaeus/mongo-php-adapter/pull/193)
fixes leaking new driver exceptions when calling `MongoClient::getHosts`. *
[#191](https://github.com/alcaeus/mongo-php-adapter/pull/191) fixes cursor
iteration when calling `hasNext` before resetting the cursor. *
[#189](https://github.com/alcaeus/mongo-php-adapter/pull/189) fixes type
conversion for a `query` passed to the `explain` command. *
[#186](https://github.com/alcaeus/mongo-php-adapter/pull/186) fixes errors when
using the 1.3 version of `ext-mongodb`. It also fixes an issue where new fields
in `MongoDB::listCollections` were not properly reported.
--------------------------------------------------------------------------------
================================================================================
php-behat-mink-1.7.1-5.fc27 (FEDORA-2017-4e43ace41a)
Browser controller/emulator abstraction for PHP
--------------------------------------------------------------------------------
Update Information:
RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 -
Modify tests
--------------------------------------------------------------------------------
================================================================================
php-goutte-3.2.0-4.fc27 (FEDORA-2017-4e43ace41a)
A simple PHP web scraper
--------------------------------------------------------------------------------
Update Information:
RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 -
Modify tests
--------------------------------------------------------------------------------
================================================================================
php-guzzle-Guzzle-3.9.3-13.fc27 (FEDORA-2017-4e43ace41a)
PHP HTTP client library and framework for building RESTful web service clients
--------------------------------------------------------------------------------
Update Information:
RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 -
Modify tests
--------------------------------------------------------------------------------
================================================================================
php-jms-serializer-1.8.1-1.fc27 (FEDORA-2017-6aea60dd2a)
Library for (de-)serializing data of any complexity
--------------------------------------------------------------------------------
Update Information:
This library allows you to (de-)serialize data of any complexity. Currently, it
supports XML, JSON, and YAML. It also provides you with a rich tool-set to
adapt the output to your specific needs. Built-in features include: *
(De-)serialize data of any complexity; circular references are handled
gracefully. * Supports many built-in PHP types (such as dates) * Integrates with
Doctrine ORM, et. al. * Supports versioning, e.g. for APIs * Configurable via
PHP, XML, YAML, or Doctrine Annotations Autoloader:
`/usr/share/php/JMS/Serializer/autoload.php`
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1470358 - Review Request: php-jms-serializer - Library for
(de-)serializing data of any complexity
https://bugzilla.redhat.com/show_bug.cgi?id=1470358
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-5.7.22-1.fc27 (FEDORA-2017-a8782452d7)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 5.7.22** - 2017-09-24 * Fixed
[#2769](https://github.com/sebastianbergmann/phpunit/issues/2769): Usage of
`setUseErrorHandler()` produces `Undefined variable` error
--------------------------------------------------------------------------------
================================================================================
phpunit6-6.3.1-1.fc27 (FEDORA-2017-fdbb6189cb)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 6.3.1** - 2017-09-24 * Fixed
[#2769](https://github.com/sebastianbergmann/phpunit/issues/2769): Usage of
`setUseErrorHandler()` produces `Undefined variable` error
--------------------------------------------------------------------------------
================================================================================
poppler-0.57.0-2.fc27 (FEDORA-2017-5d79b43fcc)
PDF rendering library
--------------------------------------------------------------------------------
Update Information:
- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494583 - CVE-2017-14520 poppler: Floating point exception in
Splash::scaleImageYuXd() function in Splash.cc [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1494583
--------------------------------------------------------------------------------
================================================================================
solr3-3.6.2-15.fc27 (FEDORA-2017-f76e7f3f89)
Apache Solr
--------------------------------------------------------------------------------
Update Information:
Fixes a packaging problem causing failure to build from source.
--------------------------------------------------------------------------------
================================================================================
stellarium-0.16.1-1.fc27 (FEDORA-2017-63577628a7)
Photo-realistic nightsky renderer
--------------------------------------------------------------------------------
Update Information:
0.16.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1494772 - stellarium-0.16.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1494772
--------------------------------------------------------------------------------
================================================================================
syncthing-0.14.38-1.fc27 (FEDORA-2017-a390fc7eb3)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 0.14.38.
--------------------------------------------------------------------------------
_______________________________________________
test mailing list -- test@lists.fedoraproject.org
To unsubscribe send an email to test-le...@lists.fedoraproject.org
