The following Fedora 37 Security updates need testing:
Age URL
20
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
cutter-re-2.2.1-1.fc37 rizin-0.5.2-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb65439ec0
matrix-synapse-1.63.1-3.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-419ca55dd3
sympa-6.2.72-2.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c0762a0e57
ntp-refclock-0.6-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e5859237ff
firefox-114.0-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-71442d7613 less-633-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-51593ce398 dbus-1.14.8-1.fc37
The following Fedora 37 Critical Path updates have yet to be approved:
Age URL
36
https://bodhi.fedoraproject.org/updates/FEDORA-2023-22c8575b95 glibc-2.36-10.fc37
13
https://bodhi.fedoraproject.org/updates/FEDORA-2023-32b75f824a
thunderbird-102.11.1-1.fc37
13
https://bodhi.fedoraproject.org/updates/FEDORA-2023-84965ba750 mesa-23.0.3-2.fc37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-aaafb156ac lorax-37.10-3.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-5a7658328a
pyproject-rpm-macros-1.9.0-1.fc37
3
https://bodhi.fedoraproject.org/updates/FEDORA-2023-74719f1dbe
gnome-control-center-43.6-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-51593ce398 dbus-1.14.8-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-fdaa5819a5
libxcrypt-4.4.35-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-70b0935c41
kernel-6.3.6-100.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-71442d7613 less-633-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e5859237ff
firefox-114.0-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c896d979d5 cockpit-293-1.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-08c1845d51
ncurses-6.4-3.20230114.fc37
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-87eefea607 ytnef-2.1.1-1.fc37
The following builds have been pushed to Fedora 37 updates-testing
awf-gtk2-2.7.0-1.fc37
awf-gtk3-2.7.0-1.fc37
awf-gtk4-2.7.0-1.fc37
cups-2.4.4-1.fc37
erlang-25.3.2.2-1.fc37
guacamole-server-1.5.2-2.fc37
hplip-3.23.5-1.fc37
linux-system-roles-1.41.0-1.fc37
mariadb-10.5.20-1.fc37
mingw-glib2-2.74.7-1.fc37
mongo-c-driver-1.23.5-1.fc37
nss-3.90.0-1.fc37
osbuild-87-1.fc37
perl-Graphics-TIFF-20-1.fc37
perl-HTML-StripScripts-1.06-22.fc37
php-8.1.20-1.fc37
pungi-4.4.0-1.fc37
python-ogr-0.45.0-1.fc37
python-radexreader-1.2.2-1.fc37
python-rpm-generators-13-3.fc37
python3.7-3.7.16-2.fc37
remmina-1.4.31-1.fc37
rust-aho-corasick-1.0.2-1.fc37
rust-getrandom-0.2.10-1.fc37
rust-iana-time-zone-0.1.57-1.fc37
rust-libcryptsetup-rs-0.8.0-1.fc37
rust-lock_api-0.4.10-1.fc37
rust-mio-0.8.8-1.fc37
rust-once_cell-1.18.0-1.fc37
rust-parking_lot_core-0.9.8-1.fc37
rust-platform-info-2.0.1-1.fc37
rust-regex-1.8.4-1.fc37
rust-tempfile-3.6.0-1.fc37
rust-xcb-1.2.1-1.fc37
salt-3005.1-5.fc37
stratis-cli-3.5.3-1.fc37
stratisd-3.5.7-1.fc37
syncthing-1.23.5-1.fc37
urlscan-1.0.0-1.fc37
Details about builds:
================================================================================
awf-gtk2-2.7.0-1.fc37 (FEDORA-2023-90a6a04aa5)
Theme preview application for GTK
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Fabrice Creuzot <code(a)luigifab.fr> - 2.7.0-1
- New upstream release
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
awf-gtk3-2.7.0-1.fc37 (FEDORA-2023-4f246801db)
Theme preview application for GTK
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Fabrice Creuzot <code(a)luigifab.fr> - 2.7.0-1
- New upstream release
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
awf-gtk4-2.7.0-1.fc37 (FEDORA-2023-3cb616f952)
Theme preview application for GTK
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Fabrice Creuzot <code(a)luigifab.fr> - 2.7.0-1
- New upstream release
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cups-2.4.4-1.fc37 (FEDORA-2023-d212cc5f13)
CUPS printing system
--------------------------------------------------------------------------------
Update Information:
fixes CVE-2023-32324 2211834 - cups-2.4.4 is available 1985917 - Cups ignores
black and white setting 2094530 - After upgrade 35 to 36 process rastertokpsl
(Kyocera cups-filter driver) segfaulted
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Zdenek Dohnal <zdohnal(a)redhat.com> - 1:2.4.4-1
- fixes CVE-2023-32324
- 2211834 - cups-2.4.4 is available
- 1985917 - Cups ignores black and white setting
- 2094530 - After upgrade 35 to 36 process rastertokpsl (Kyocera cups-filter driver)
segfaulted
* Thu Mar 23 2023 Siddhesh Poyarekar <siddhesh(a)redhat.com> - 1:2.4.2-11
- Drop unnecessary LDFLAGS addition.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1985917 - Cups ignores black and white setting
https://bugzilla.redhat.com/show_bug.cgi?id=1985917
[ 2 ] Bug #2094530 - After upgrade 35 to 36 process rastertokpsl (Kyocera cups-filter
driver) segfaulted
https://bugzilla.redhat.com/show_bug.cgi?id=2094530
[ 3 ] Bug #2211834 - cups-2.4.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2211834
--------------------------------------------------------------------------------
================================================================================
erlang-25.3.2.2-1.fc37 (FEDORA-2023-0f36596cef)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
Erlang ver. 25.3.2.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Peter Lemenkov <lemenkov(a)gmail.com> - 25.3.2.2-1
- Ver. 25.3.2.2
--------------------------------------------------------------------------------
================================================================================
guacamole-server-1.5.2-2.fc37 (FEDORA-2023-58b0e80dc6)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix RDP related segfault ([GUACAMOLE-
1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-...)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Robert Scheck <robert(a)fedoraproject.org> - 1.5.2-2
- Added upstream patch to fix RDP related segfault (GUACAMOLE-1802)
--------------------------------------------------------------------------------
================================================================================
hplip-3.23.5-1.fc37 (FEDORA-2023-a136478ade)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
2184067 - hplip-3.23.5 is available
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.23.5-1
- 2184067 - hplip-3.23.5 is available
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.22.10-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2184067 - hplip-3.23.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2184067
--------------------------------------------------------------------------------
================================================================================
linux-system-roles-1.41.0-1.fc37 (FEDORA-2023-1c51fb7dcf)
Set of interfaces for unified system management
--------------------------------------------------------------------------------
Update Information:
Automatic update for linux-system-roles-1.41.0-1.fc37. ##### **Changelog for
linux-system-roles** ``` * Wed Jun 07 2023 Packit <hello(a)packit.dev> - 1.41.0-1
- Update to upstream version 1.41.0 * Wed May 31 2023 Packit <hello(a)packit.dev>
- 1.40.0-1 - Update to upstream version 1.40.0 * Sun May 28 2023 Packit
<hello(a)packit.dev> - 1.39.0-1 - Update to upstream version 1.39.0 * Sat May 27
2023 Packit <hello(a)packit.dev> - 1.38.3-1 - Update to upstream version 1.38.3 *
Wed May 24 2023 Packit <hello(a)packit.dev> - 1.38.2-1 - Update to upstream
version 1.38.2 * Tue May 16 2023 Rich Megginson <rmeggins(a)redhat.com> -
1.38.0-5 - remove upstream only docs from README.md files * Tue May 16 2023
Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-4 - python3-setuptools is now
required for release_collection.py - fix ruamel issue described at
https://github.com/linux-system-roles/auto-maintenance/pull/272 * Tue May 02
2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-3 - move vendoring code into
included files * Tue May 02 2023 Rich Megginson <rmeggins(a)redhat.com> -
1.38.0-2 - ha_cluster - vendor in modprobe module ``` ---- Automatic update
for linux-system-roles-1.40.0-1.fc37. ---- Automatic update for linux-system-
roles-1.39.0-1.fc37. ##### **Changelog for linux-system-roles** ``` * Sun May
28 2023 Packit <hello(a)packit.dev> - 1.39.0-1 - Update to upstream version 1.39.0
* Sat May 27 2023 Packit <hello(a)packit.dev> - 1.38.3-1 - Update to upstream
version 1.38.3 * Wed May 24 2023 Packit <hello(a)packit.dev> - 1.38.2-1 - Update
to upstream version 1.38.2 * Tue May 16 2023 Rich Megginson
<rmeggins(a)redhat.com> - 1.38.0-5 - remove upstream only docs from README.md
files * Tue May 16 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-4 -
python3-setuptools is now required for release_collection.py - fix ruamel issue
described at
https://github.com/linux-system-roles/auto-maintenance/pull/272 *
Tue May 02 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-3 - move vendoring
code into included files * Tue May 02 2023 Rich Megginson <rmeggins(a)redhat.com>
- 1.38.0-2 - ha_cluster - vendor in modprobe module ``` ---- Automatic update
for linux-system-roles-1.38.3-1.fc37. ---- Automatic update for linux-system-
roles-1.38.2-1.fc37. ##### **Changelog for linux-system-roles** ``` * Wed May
24 2023 Packit <hello(a)packit.dev> - 1.38.2-1 - Update to upstream version 1.38.2
* Tue May 16 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-5 - remove
upstream only docs from README.md files * Tue May 16 2023 Rich Megginson
<rmeggins(a)redhat.com> - 1.38.0-4 - python3-setuptools is now required for
release_collection.py - fix ruamel issue described at
https://github.com/linux-
system-roles/auto-maintenance/pull/272 * Tue May 02 2023 Rich Megginson
<rmeggins(a)redhat.com> - 1.38.0-3 - move vendoring code into included files *
Tue May 02 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-2 - ha_cluster -
vendor in modprobe module ```
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Packit <hello(a)packit.dev> - 1.41.0-1
- Update to upstream version 1.41.0
* Wed May 31 2023 Packit <hello(a)packit.dev> - 1.40.0-1
- Update to upstream version 1.40.0
* Sun May 28 2023 Packit <hello(a)packit.dev> - 1.39.0-1
- Update to upstream version 1.39.0
* Sat May 27 2023 Packit <hello(a)packit.dev> - 1.38.3-1
- Update to upstream version 1.38.3
* Wed May 24 2023 Packit <hello(a)packit.dev> - 1.38.2-1
- Update to upstream version 1.38.2
* Tue May 16 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-5
- remove upstream only docs from README.md files
* Tue May 16 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-4
- python3-setuptools is now required for release_collection.py
- fix ruamel issue described at
https://github.com/linux-system-roles/auto-maintenance/pull/272
* Tue May 2 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-3
- move vendoring code into included files
* Tue May 2 2023 Rich Megginson <rmeggins(a)redhat.com> - 1.38.0-2
- ha_cluster - vendor in modprobe module
--------------------------------------------------------------------------------
================================================================================
mariadb-10.5.20-1.fc37 (FEDORA-2023-b4ff407364)
A very fast and robust SQL database server
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.5.20** Release notes:
https://mariadb.com/kb/en/mariadb-10-5-20-release-notes/
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 30 2023 Lukas Javorsky <ljavorsk(a)redhat.com> - 3:10.5.20-1
- Rebase to version 10.5.20
- Patches 11 and 13 were upstreamed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164948 - CVE-2022-47015 mariadb: NULL pointer dereference in
spider_db_mbase::print_warnings() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2164948
--------------------------------------------------------------------------------
================================================================================
mingw-glib2-2.74.7-1.fc37 (FEDORA-2023-1a7e2b3dda)
MinGW Windows GLib2 library
--------------------------------------------------------------------------------
Update Information:
Update to glib2-2.74.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Sandro Mani <manisandro(a)gmail.com> - 2.74.7-1
- Update to 2.74.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212693 - CVE-2023-32665 mingw-glib2: glib: GVariant deserialisation does not
match spec for non-normal data [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212693
[ 2 ] Bug #2212697 - CVE-2023-32665 mingw-glib2: glib: GVariant deserialisation does not
match spec for non-normal data [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212697
[ 3 ] Bug #2212701 - CVE-2023-29499 mingw-glib2: glib: GVariant offset table entry size
is not checked in is_normal() [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212701
[ 4 ] Bug #2212707 - CVE-2023-29499 mingw-glib2: glib: GVariant offset table entry size
is not checked in is_normal() [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212707
[ 5 ] Bug #2212710 - CVE-2023-32611 mingw-glib2: glib: g_variant_byteswap() can take a
long time with some non-normal inputs [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212710
[ 6 ] Bug #2212712 - CVE-2023-32611 mingw-glib2: glib: g_variant_byteswap() can take a
long time with some non-normal inputs [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212712
[ 7 ] Bug #2212718 - CVE-2023-32643 mingw-glib2: glib: fuzz_variant_binary_byteswap:
Heap-buffer-overflow in g_variant_serialised_get_child [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2212718
[ 8 ] Bug #2212723 - CVE-2023-32636 mingw-glib2: glib: fuzz_variant_text: Timeout in
fuzz_variant_text [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2212723
[ 9 ] Bug #2212728 - CVE-2023-32636 mingw-glib2: glib: fuzz_variant_text: Timeout in
fuzz_variant_text [fedora-38]
https://bugzilla.redhat.com/show_bug.cgi?id=2212728
--------------------------------------------------------------------------------
================================================================================
mongo-c-driver-1.23.5-1.fc37 (FEDORA-2023-184aa371a0)
Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
**libmongoc 1.23.5** Fixes: * Fix potential crash due to insufficient
memory when allocating performance counters. * Fix compilation error on
Android platforms due to missing aligned_alloc. * Return an error if
RewrapManyDataKey is invoked without a provider when a masterKey is given.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Remi Collet <remi(a)remirepo.net> - 1.23.5-1
- update to 1.23.5
--------------------------------------------------------------------------------
================================================================================
nss-3.90.0-1.fc37 (FEDORA-2023-864e9f7227)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
update for nss-3.90.0-1.fc39
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.90.0-1
- Add patch for
https://bugzilla.mozilla.org/show_bug.cgi?id=1836781 &
https://bugzilla.mozilla.org/show_bug.cgi?id=1836925
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.90.0-1
- Update %patch syntax
* Mon Jun 5 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.90.0-1
- Update NSS to 3.90.0
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.89.0-1
- combine nss and nspr source togeather
* Fri May 5 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.89.0-1
- replace 4.35.0 with 3.90.0 as it version can be overiden.
--------------------------------------------------------------------------------
================================================================================
osbuild-87-1.fc37 (FEDORA-2023-f45a9be68c)
A build system for OS images
--------------------------------------------------------------------------------
Update Information:
Automatic update for osbuild-87-1.fc37. ##### **Changelog for osbuild** ``` *
Wed Jun 07 2023 Packit <hello(a)packit.dev> - 87-1 Changes with 87
---------------- * Spec: use `%forgeautosetup` macro in `%prep` phase (#1318)
* Support GPT partition attribute bits when creating images (#1296) * Test:
make partitioning tools stage tests pass on RHEL-8 + add unit test for `sfdisk`
stage (#1317) * add livesys stage (#1311) * mockbuild.sh: retry dnf install
up to 5 times (#1319) * readme: mention matrix, redo headings (#1305) *
schutzfile: update manifest-db ref 2023-06-05 (#1323) * stages/sgdisk: option
to not quote partition names passed to sgdisk (#1316) Contributions from: Eric
Chanudet, SchutzBot, Simon de Vlieger, Tom���� Hozza ��� Somewhere on the Internet,
2023-06-07 ```
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Packit <hello(a)packit.dev> - 87-1
Changes with 87
----------------
* Spec: use `%forgeautosetup` macro in `%prep` phase (#1318)
* Support GPT partition attribute bits when creating images (#1296)
* Test: make partitioning tools stage tests pass on RHEL-8 + add unit test for `sfdisk`
stage (#1317)
* add livesys stage (#1311)
* mockbuild.sh: retry dnf install up to 5 times (#1319)
* readme: mention matrix, redo headings (#1305)
* schutzfile: update manifest-db ref 2023-06-05 (#1323)
* stages/sgdisk: option to not quote partition names passed to sgdisk (#1316)
Contributions from: Eric Chanudet, SchutzBot, Simon de Vlieger, Tom���� Hozza
��� Somewhere on the Internet, 2023-06-07
--------------------------------------------------------------------------------
================================================================================
perl-Graphics-TIFF-20-1.fc37 (FEDORA-2023-27e30392f6)
Perl extension for the LibTIFF library
--------------------------------------------------------------------------------
Update Information:
This release adds a support for position tags. It also adapts tests to Perl
5.37.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Petr Pisar <ppisar(a)redhat.com> - 20-1
- 20 version bump
* Thu May 18 2023 Petr Pisar <ppisar(a)redhat.com> - 19-4
- Handle position tags and adapt tests to changes in ImageMagick-7.1.1.8
(bug #2208278)
* Wed Jan 4 2023 Petr Pisar <ppisar(a)redhat.com> - 19-3
- Convert a License tag to SPDX format
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212972 - perl-Graphics-TIFF-20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2212972
--------------------------------------------------------------------------------
================================================================================
perl-HTML-StripScripts-1.06-22.fc37 (FEDORA-2023-6f16e3bcee)
Strip scripting constructs out of HTML
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2023-24038
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Xavier Bachelot <xavier(a)bachelot.org> 1.06-22
- Add patch for CVE-2023-24038
- Convert License: to SPDX
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-21
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164148 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute
is vulnerable to ReDoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2164148
--------------------------------------------------------------------------------
================================================================================
php-8.1.20-1.fc37 (FEDORA-2023-2b7eeaaee5)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
**PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug
[
GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move
depends on uninitialised value(s)). (nielsdos) * Fixed bug
[
GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit
in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug
[
GH-11222](https://github.com/php/php-src/issues/11222) (foreach by-ref may jump
over keys during a rehash). (Bob) **Date:** * Fixed bug
[
GH-11281](https://github.com/php/php-src/issues/11281) (DateTimeZone::getName()
does not include seconds in offset). (nielsdos) **Exif:** * Fixed bug
[
GH-10834](https://github.com/php/php-src/issues/10834) (exif_read_data() cannot
read smaller stream wrapper chunk sizes). (nielsdos) **FPM:** * Fixed bug
[
GH-10461](https://github.com/php/php-src/issues/10461) (PHP-FPM segfault due to
after free usage of child->ev_std(out|err)). (Jakub Zelenka) * Fixed bug
php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub
Zelenka) * Fixed memory leak for invalid primary script file handle. (Jakub
Zelenka) **Hash:** * Fixed bug [
GH-11180](https://github.com/php/php-
src/issues/11180) (hash_file() appears to be restricted to 3 arguments).
(nielsdos) **LibXML:** * Fixed bug [
GH-11160](https://github.com/php/php-
src/issues/11160) (Few tests failed building with new libxml 2.11.0). (nielsdos)
**Opcache:** * Fixed bug [
GH-11134](https://github.com/php/php-
src/issues/11134) (Incorrect match default branch optimization). (ilutov) *
Fixed too wide OR and AND range inference. (nielsdos) * Fixed bug
[
GH-11245](https://github.com/php/php-src/issues/11245) (In some specific cases
SWITCH with one default statement will cause segfault). (nielsdos) **PGSQL:**
* Fixed parameter parsing of pg_lo_export(). (kocsismate) **Phar:** * Fixed
bug [
GH-11099](https://github.com/php/php-src/issues/11099) (Generating phar.php
during cross-compile can't be done). (peter279k) **Soap:** * Fixed bug
[
GHSA-76gg-c692-v2mw](https://github.com/php/php-
src/security/advisories/GHSA-76gg-c692-v2mw) (Missing error check and
insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos,
timwolla) * Fixed bug [
GH-8426](https://github.com/php/php-src/issues/8426)
(make test fail while soap extension build). (nielsdos) **SPL:** * Fixed bug
[
GH-11178](https://github.com/php/php-src/issues/11178) (Segmentation fault in
spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) **Standard:** * Fixed
bug [
GH-11138](https://github.com/php/php-src/issues/11138)
(move_uploaded_file() emits open_basedir warning for source file). (ilutov) *
Fixed bug [
GH-11274](https://github.com/php/php-src/issues/11274) (POST/PATCH
request switches to GET after a HTTP 308 redirect). (nielsdos) **Streams:** *
Fixed bug [
GH-10031](https://github.com/php/php-src/issues/10031) ([Stream]
STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data).
(nielsdos) * Fixed bug [
GH-11175](https://github.com/php/php-src/issues/11175)
(Stream Socket Timeout). (nielsdos) * Fixed bug
[
GH-11177](https://github.com/php/php-src/issues/11177) (ASAN
UndefinedBehaviorSanitizer when timeout = -1 passed to
stream_socket_accept/stream_socket_client). (nielsdos)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Remi Collet <remi(a)remirepo.net> - 8.1.20-1
- Update to 8.1.20 -
http://www.php.net/releases/8_1_20.php
--------------------------------------------------------------------------------
================================================================================
pungi-4.4.0-1.fc37 (FEDORA-2023-1f8ef08eb7)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
New upstream release - gather-dnf: Run latest() later - this fixes a problem if
layered product wants to ship an older version of a package than what base
product ships. - iso: Support joliet long names - Drop pungi-orchestrator code -
isos: Ensure proper file ownership and permissions - gather: Always get latest
packages - Add back compatibility with jsonschema <3.0.0 - Remove useless debug
message - gather: Support dotarch in DNF backend - Fix compatibility with
createrepo_c 0.21.1 - comps: Apply arch filtering to environment/optionlist -
Add config file for cleaning up cache files
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.4.0-1
- gather-dnf: Run latest() later (lsedlar)
- iso: Support joliet long names (lsedlar)
- Drop pungi-orchestrator code (lsedlar)
- isos: Ensure proper file ownership and permissions (lsedlar)
- gather: Always get latest packages (lsedlar)
- Add back compatibility with jsonschema <3.0.0 (lsedlar)
- Remove useless debug message (lsedlar)
- Remove fedmsg from requirements (lsedlar)
- gather: Support dotarch in DNF backend (lsedlar)
- Fix compatibility with createrepo_c 0.21.1 (lsedlar)
- comps: Apply arch filtering to environment/optionlist (lsedlar)
- Add config file for cleaning up cache files (hlin)
* Wed May 17 2023 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.3.8-3
- Rebuild without fedmsg dependency
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.45.0-1.fc37 (FEDORA-2023-3875b2c819)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.45.0-1.fc37. ##### **Changelog for python-
ogr** ``` * Tue Jun 06 2023 Packit <hello(a)packit.dev> - 0.45.0-1 - OGR now
supports PyGithub >= 1.58. ```
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Packit <hello(a)packit.dev> - 0.45.0-1
- OGR now supports PyGithub >= 1.58.
--------------------------------------------------------------------------------
================================================================================
python-radexreader-1.2.2-1.fc37 (FEDORA-2023-ea2273887f)
Reader for the RADEX RD1212 and ONE Geiger counters
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Fabrice Creuzot <code(a)luigifab.fr> - 1.2.2-1
- New upstream release
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-rpm-generators-13-3.fc37 (FEDORA-2023-a507f076ee)
Dependency generators for Python RPMs
--------------------------------------------------------------------------------
Update Information:
Avoid needless pkg_resources import in pythonbundles.py
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 7 2023 Miro Hron��ok <mhroncok(a)redhat.com> - 13-3
- Avoid needless pkg_resources import in pythonbundles.py
--------------------------------------------------------------------------------
================================================================================
python3.7-3.7.16-2.fc37 (FEDORA-2023-dd526ed2e4)
Version 3.7 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2023-24329
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Charalampos Stratakis <cstratak(a)redhat.com> - 3.7.16-2
- Fix for CVE-2023-24329
Resolves: rhbz#2174014
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2174014 - CVE-2023-24329 python3.7: python: urllib.parse url blocklisting
bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2174014
[ 2 ] Bug #2211429 - python3.7's test_gdb fails on rawhide with the latest gdb on
i686
https://bugzilla.redhat.com/show_bug.cgi?id=2211429
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.31-1.fc37 (FEDORA-2023-f1913d4698)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.4.31. Remove no longer needed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.31-1
- New upstream version 1.4.31.
- Remove no longer needed patches.
* Tue Jun 6 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.30-3
- Remove some old workarounds from spec file.
--------------------------------------------------------------------------------
================================================================================
rust-aho-corasick-1.0.2-1.fc37 (FEDORA-2023-fb9164d257)
Fast multiple substring searching
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.2-1
- Update to version 1.0.2; Fixes RHBZ#2212163
--------------------------------------------------------------------------------
================================================================================
rust-getrandom-0.2.10-1.fc37 (FEDORA-2023-f39442b078)
Small cross-platform library for retrieving random data from system source
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.10-1
- Update to version 0.2.10; Fixes RHBZ#2212935
--------------------------------------------------------------------------------
================================================================================
rust-iana-time-zone-0.1.57-1.fc37 (FEDORA-2023-85e5490992)
Get the IANA time zone for the current system
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.57.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.57-1
- Update to version 0.1.57; Fixes RHBZ#2213192
--------------------------------------------------------------------------------
================================================================================
rust-libcryptsetup-rs-0.8.0-1.fc37 (FEDORA-2023-a283026cbf)
High level Rust bindings for libcryptsetup
--------------------------------------------------------------------------------
Update Information:
Update rust-libcryptsetup-rs to 0.8.0 Update stratisd to 3.5.7 Update stratis-
cli to 3.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Bryan Gurney <bgurney(a)redhat.com> - 0.8.0-1
- Update to version 0.8.0
* Wed May 31 2023 Bryan Gurney <bgurney(a)redhat.com> - 0.7.1-1
- Update to version 0.7.1
--------------------------------------------------------------------------------
================================================================================
rust-lock_api-0.4.10-1.fc37 (FEDORA-2023-15317522c9)
Wrappers to create fully-featured Mutex and RwLock types
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.10-1
- Update to version 0.4.10; Fixes RHBZ#2212573
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-mio-0.8.8-1.fc37 (FEDORA-2023-44170bb48f)
Lightweight non-blocking I/O
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 4 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.8-1
- Update to version 0.8.8; Fixes RHBZ#2211201
--------------------------------------------------------------------------------
================================================================================
rust-once_cell-1.18.0-1.fc37 (FEDORA-2023-89a0185b9f)
Single assignment cells and lazy values
--------------------------------------------------------------------------------
Update Information:
Update to version 1.18.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.18.0-1
- Update to version 1.18.0; Fixes RHBZ#2212161
--------------------------------------------------------------------------------
================================================================================
rust-parking_lot_core-0.9.8-1.fc37 (FEDORA-2023-4c2e9b4341)
Advanced API for creating custom synchronization primitives
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.8-1
- Update to version 0.9.8; Fixes RHBZ#2212575
--------------------------------------------------------------------------------
================================================================================
rust-platform-info-2.0.1-1.fc37 (FEDORA-2023-82143ee52f)
Simple cross-platform interface to get info about a system
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2209142
--------------------------------------------------------------------------------
================================================================================
rust-regex-1.8.4-1.fc37 (FEDORA-2023-755756e54a)
Implementation of regular expressions for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.8.4-1
- Update to version 1.8.4; Fixes RHBZ#2212388
--------------------------------------------------------------------------------
================================================================================
rust-tempfile-3.6.0-1.fc37 (FEDORA-2023-a268baf8a1)
Library for managing temporary files and directories
--------------------------------------------------------------------------------
Update Information:
Update to version 3.6.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.6.0-1
- Update to version 3.6.0; Fixes RHBZ#2212993
--------------------------------------------------------------------------------
================================================================================
rust-xcb-1.2.1-1.fc37 (FEDORA-2023-b475eab95d)
Rust safe bindings for XCB
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.2.1-1
- Update to version 1.2.1; Fixes RHBZ#2061151
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
salt-3005.1-5.fc37 (FEDORA-2023-2f3b2035ff)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Revert patch
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Jonathan Steffan <jsteffan(a)fedoraproject.org> - 3005.1-5
- Remove patch on F37 (RHBZ#2212190)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212190 - Salt minion fails to start with "AttributeError:
'dict' object has no attribute 'select'" after latest update
https://bugzilla.redhat.com/show_bug.cgi?id=2212190
--------------------------------------------------------------------------------
================================================================================
stratis-cli-3.5.3-1.fc37 (FEDORA-2023-a283026cbf)
Command-line tool for interacting with the Stratis daemon
--------------------------------------------------------------------------------
Update Information:
Update rust-libcryptsetup-rs to 0.8.0 Update stratisd to 3.5.7 Update stratis-
cli to 3.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Bryan Gurney <bgurney(a)redhat.com> - 3.5.3-1
- Update to 3.5.3
--------------------------------------------------------------------------------
================================================================================
stratisd-3.5.7-1.fc37 (FEDORA-2023-a283026cbf)
Daemon that manages block devices to create filesystems
--------------------------------------------------------------------------------
Update Information:
Update rust-libcryptsetup-rs to 0.8.0 Update stratisd to 3.5.7 Update stratis-
cli to 3.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Bryan Gurney <bgurney(a)redhat.com> - 3.5.7-1
- Update to 3.5.7
* Wed May 31 2023 Bryan Gurney <bgurney(a)redhat.com> - 3.5.5-2
- Rebuild for new libcryptsetup-rs version
--------------------------------------------------------------------------------
================================================================================
syncthing-1.23.5-1.fc37 (FEDORA-2023-bf86df7ee8)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.5. Addresses CVE-2022-46165.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.5-1
- Update to version 1.23.5; Fixes RHBZ#2213024
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213011 - CVE-2022-46165 syncthing: Cross-site scripting through malicious
files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2213011
--------------------------------------------------------------------------------
================================================================================
urlscan-1.0.0-1.fc37 (FEDORA-2023-24a2e24065)
Extract and browse the URLs contained in an email (urlview replacement)
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.0:
https://github.com/firecat53/urlscan/releases/tag/1.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Ankur Sinha (Ankur Sinha Gmail) <sanjay.ankur(a)gmail.com> -
1.0.0-1
- feat: update to 1.0.0 (fixes rhbz#2211863)
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2211863 - urlscan-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2211863
--------------------------------------------------------------------------------