The following Fedora 36 Security updates need testing:
Age URL
38
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3793987b02
nodejs-16.17.1-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6ec78b2586
device-mapper-multipath-0.8.7-9.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-affcf9eea6
mingw-gdb-12.1-2.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-19538a3732
mingw-binutils-2.37-5.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d1682fef04
mingw-python3-3.10.8-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-185482f0a7
mediawiki-1.37.6-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c9a1fd5370
mingw-gcc-11.2.1-6.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ebd5bb0478 exim-4.96-5.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-07438e12df xen-4.16.2-3.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5f28fceec0
dotnet6.0-6.0.110-2.fc36
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-37c2d26f59
php-pear-CAS-1.6.0-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3cf0e7ebc7
mingw-pixman-0.42.2-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-49db80f821
mingw-expat-2.5.0-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3c933ffaca
mingw-libtasn1-4.19.0-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ce32af66d6
webkit2gtk3-2.38.2-1.fc36
The following Fedora 36 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2022-57ee5658ba
annobin-10.91-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-362bd01539
python3-docs-3.10.8-1.fc36 python3.10-3.10.8-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6ec78b2586
device-mapper-multipath-0.8.7-9.fc36
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-48bd42b2dc
rust-packaging-23-1.fc36 rust-srpm-macros-23-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3dcead123d
hwdata-0.364-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-95075fcd45
gnome-control-center-42.4-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ef19edbdc expat-2.5.0-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0c6f7be0c2
xorg-x11-server-Xwayland-22.1.5-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-07438e12df xen-4.16.2-3.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e7a369b2b8
libxcrypt-4.4.30-1.fc36
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7349a124a
libxml2-2.10.3-2.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ce32af66d6
webkit2gtk3-2.38.2-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e50a5b9a6e
gnome-shell-42.6-1.fc36 mutter-42.6-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-edcd70289a
gnutls-3.7.8-3.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dd32e9e6e4
kernel-6.0.7-200.fc36
The following builds have been pushed to Fedora 36 updates-testing
android-tools-33.0.3p1-1.fc36
ansible-collection-community-mysql-3.5.1-1.fc36
cadvisor-0.45.0-1.fc36
golang-github-digitalocean-godo-1.89.0-1.fc36
golang-github-opencontainers-image-spec-1.1.0~rc2-1.fc36
golang-x-oauth2-0.1.0-1.fc36
libglibutil-1.0.67-1.fc36
ogr2osm-1.1.2-1.fc36
python-paramiko-2.12.0-1.fc36
solaar-1.1.7-2.fc36
Details about builds:
================================================================================
android-tools-33.0.3p1-1.fc36 (FEDORA-2022-9a9a638d09)
Android platform tools(adb, fastboot)
--------------------------------------------------------------------------------
Update Information:
Update to 33.0.3p1 Security fix for CVE-2022-20128 CVE-2022-3168
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 1:33.0.3p1-1
- Update to 33.0.3p1
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:31.0.2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 1:31.0.2-6
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Fri Jun 17 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1:31.0.2-5
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:31.0.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2045196 - android-tools: FTBFS in Fedora rawhide/f36
https://bugzilla.redhat.com/show_bug.cgi?id=2045196
[ 2 ] Bug #2139124 - CVE-2022-20128 CVE-2022-3168 android-tools: directory traversal
during adb pull [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2139124
--------------------------------------------------------------------------------
================================================================================
ansible-collection-community-mysql-3.5.1-1.fc36 (FEDORA-2022-1fac73f3d8)
MySQL collection for Ansible
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.1. Fixes rhbz#1956098.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Maxwell G <gotmax(a)e.email> - 3.5.1-1
- Update to 3.5.1. Fixes rhbz#1956098.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1956098 - ansible-collection-community-mysql-3.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1956098
--------------------------------------------------------------------------------
================================================================================
cadvisor-0.45.0-1.fc36 (FEDORA-2022-453db39b45)
Analyzes resource usage and performance characteristics of running containers
--------------------------------------------------------------------------------
Update Information:
Update to 0.45.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 0.45.0-1
- Update to 0.45.0
* Wed Aug 10 2022 Maxwell G <gotmax(a)e.email> 0.44.1-6
- Rebuild to fix FTBFS
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.44.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2114604 - cadvisor-0.45.0-containerd-cri is available
https://bugzilla.redhat.com/show_bug.cgi?id=2114604
--------------------------------------------------------------------------------
================================================================================
golang-github-digitalocean-godo-1.89.0-1.fc36 (FEDORA-2022-591a5ae6f9)
DigitalOcean Go API client
--------------------------------------------------------------------------------
Update Information:
Update to 1.89.0 ---- Update to 1.88.0 ---- Update to 1.87.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 3 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.89.0-1
- Update to 1.89.0 - Closes rhbz#2139549
* Tue Nov 1 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.88.0-1
- Update to 1.88.0 - Closes rhbz#2139080
* Fri Oct 28 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.87.0-1
- Update to 1.87.0 - Closes rhbz#2134521
--------------------------------------------------------------------------------
================================================================================
golang-github-opencontainers-image-spec-1.1.0~rc2-1.fc36 (FEDORA-2022-23390f93f3)
OCI Image Format Specification
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0~rc2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 5 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 1.1.0~rc2-1
- Update to 1.1.0~rc2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2132208 - golang-github-opencontainers-image-spec-1.1.0-rc2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2132208
--------------------------------------------------------------------------------
================================================================================
golang-x-oauth2-0.1.0-1.fc36 (FEDORA-2022-6696b6d341)
Client implementation for OAuth 2.0 spec
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 5 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 0.1.0-1
- Update to 0.1.0
* Wed Aug 10 2022 Maxwell G <gotmax(a)e.email> 0-0.15
- Rebuild to fix FTBFS
--------------------------------------------------------------------------------
================================================================================
libglibutil-1.0.67-1.fc36 (FEDORA-2022-920546af2c)
Library of glib utilities
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.67
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 29 2022 Alessandro Astone <ales.astone(a)gmail.com> - 1.0.67-1
- Update to 1.0.67
* Mon Aug 22 2022 Benson Muite <benson_muite(a)emailplus.org> - 1.0.66-1
- Update to new release
* Sun Dec 12 2021 Mo ��� <rmnscnce(a)ya.ru> - 1.0.61-1
- Track a new upstream URL
- Use the 'make_build' macro
- 1.0.61
--------------------------------------------------------------------------------
================================================================================
ogr2osm-1.1.2-1.fc36 (FEDORA-2022-cb4acad2f7)
Convert ogr-readable files like shapefiles into .pbf or .osm data
--------------------------------------------------------------------------------
Update Information:
https://github.com/roelderickx/ogr2osm/releases/tag/v1.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Andrea Musuruane <musuruan(a)gmail.com> - 1.1.2-1
- Updated to new upstream release
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 1.1.1-3
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2138862 - ogr2osm-1.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2138862
--------------------------------------------------------------------------------
================================================================================
python-paramiko-2.12.0-1.fc36 (FEDORA-2022-e8eb9f7cb4)
SSH2 protocol library for python
--------------------------------------------------------------------------------
Update Information:
This update fixes various issues relating to socket error handling.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Paul Howarth <paul(a)city-fan.org> - 2.12.0-1
- Update to 2.12.0 (rhbz#2140281)
- Add a 'transport_factory' kwarg to 'SSHClient.connect' for advanced
users
to gain more control over early Transport setup and manipulation (GH#2054,
GH#2125)
- Update '~paramiko.client.SSHClient' so it explicitly closes its wrapped
socket object upon encountering socket errors at connection time; this
should help somewhat with certain classes of memory leaks, resource
warnings, and/or errors (though we hasten to remind everyone that Client
and Transport have their own '.close()' methods for use in non-error
situations!) (GH#1822)
- Raise '~paramiko.ssh_exception.SSHException' explicitly when blank private
key data is loaded, instead of the natural result of 'IndexError'; this
should help more bits of Paramiko or Paramiko-adjacent codebases to
correctly handle this class of error (GH#1599, GH#1637)
- Use SPDX-format license tag
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.11.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint(a)redhat.com> - 2.11.0-2
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2140281 - python-paramiko-2.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2140281
--------------------------------------------------------------------------------
================================================================================
solaar-1.1.7-2.fc36 (FEDORA-2022-683d88070f)
Device manager for a wide range of Logitech devices
--------------------------------------------------------------------------------
Update Information:
### Changes since 1.1.5: * Add dependency on typing_extension to setup.py *
Don't defer saves in CLI and don't require Gtk in CLI * Be more permissive in
recognizing HID++ report descriptors * Update Polish and Croatian translations *
Switch scroll ratcheting in response to scroll ratchet button notification * Add
setting to turn scroll ratchet on and off * Eliminate visual glitch when
updating range setting * Make hid-parser an optional dependency * Only update
remaining pairings after successful pairing * Check for presence of status
attribute when resuming * Update Polish and Croatian translations * Don't add
non-existant key in raw xy processing * Add special keys from MX Mechanical Mini
* Fix processing of HID++ 1.0 battery reports * Use report descriptors to
determine suitable devices * Handle exceptions when processing configuration
file * Add Logitech PRO Gaming Keyboard * Fix bad entries in divert-keys when
found * Correctly convert old-style diversions to new style and remove old ones
* Add optional save argument to write_key_value methods * Use device name in
configuration entries if device modelId is zeroes * Don't show normal DJ
messages in debug log * Add Later rule action * Correctly record battery feature
when ADC produces error * Print feature call errors in solaar show instead of
terminating * Use ADC notifications to set device inactive and active * Add one
to feature count to count ROOT feature * Don't check modifiers for KeyPress
actions that are not clicks * Augment comments on what Solaar cannot do * Fix
bug in printing closed handle * Use only product records to determine which
receivers unpair * Add conditional delay to get around race with Linux HID++
driver
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Dominik Mierzejewski <dominik(a)greysector.net> - 1.1.7-2
- drop unnecessary dependency
* Fri Nov 4 2022 Mark E. Fuller <fuller(a)fedoraproject.org> - 1.1.7-1
- Update to 1.1.7 (#2137568)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2137568 - solaar-1.1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2137568
--------------------------------------------------------------------------------