#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Friday 16th March 2018 ===

==== Fedora Project ====

 * Updated `python-paramiko` to 2.4.1 in F-28 and Rawhide, to 2.3.2 in F-27, and to 2.2.3 in F-26:
  * [[CVE:2018-7750|CVE-2018-7750]]: A flaw was found in the implementation of `transport.py` in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step. This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.

==== Local Packages ====

 * Updated `curl` (7.59.0) to run the test suite using Python 3 from Fedora 28 onwards
 * Updated `moin` (1.9.9) to handle properly the upgrade from the Fedora `moin` package with a bundled `passlib`, which requires some `lua` trickery to deal with a directory to symlink transition
 * Updated `python-passlib` (1.7.1) to fix FTBFS in Fedora 28 and Rawhide due to `crypt()` via `libxcrypt` having `bsdi_crypt` and `sha1_crypt` support in Linux, which `glibc` `crypt()` did not have, and to add support for a Python 3.4 build for EL-7

----