The following Fedora 36 Security updates need testing:
Age URL
54
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15729fa33d
perl-Alien-ProtoBuf-0.09-17.fc36 protobuf-3.19.6-1.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c41e8f24bb
tigervnc-1.13.0-2.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-94df30cbec
curl-7.82.0-13.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e821b64a4c
edk2-20221117gitfff6d81270b5-14.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2023-dad0295b25 xen-4.16.3-3.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-30e81e5293
c-ares-1.19.0-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-26b58f8098
epiphany-42.5-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-672f668f51
python-cryptography-36.0.0-4.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-ce66f112b2
golang-1.19.6-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d775d93be
python-django3-3.2.18-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-051e9ea171
stb-0^20230129git5736b15-0.2.fc36
The following Fedora 36 Critical Path updates have yet to be approved:
Age URL
69
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fabaf54050 gdb-12.1-3.fc36
54
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15729fa33d
perl-Alien-ProtoBuf-0.09-17.fc36 protobuf-3.19.6-1.fc36
38
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6f1cf5f89
annobin-11.06-2.fc36
17
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d723834799
python-rpmautospec-0.3.5-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-cfa4ce4f82 lua-5.4.4-9.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6b42073e3 nss-3.88.1-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c2446acb71
xmessage-1.0.6-2.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-13f71d04fc
gnome-shell-42.8-1.fc36 mutter-42.8-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-7a6ccd8d38
python3-docs-3.10.10-1.fc36 python3.10-3.10.10-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c692ac77e zstd-1.5.4-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-f706deb47c
pyproject-rpm-macros-1.6.2-1.fc36 redhat-rpm-config-223-1.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-c41e8f24bb
tigervnc-1.13.0-2.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-e821b64a4c
edk2-20221117gitfff6d81270b5-14.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-94df30cbec
curl-7.82.0-13.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-d7c4ff86aa
samba-4.16.9-0.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-a8bbed482b koji-1.32.0-1.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1d4621df55
pipewire-0.3.66-1.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-68f9a577c2
appstream-data-36-6.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2023-17b8a46bfe ffmpeg-5.0.2-2.fc36
librist-0.2.7-1.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2023-b8ee9df4e3
zchunk-1.2.4-1.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2023-dad0295b25 xen-4.16.3-3.fc36
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-8cbe8590ed
rust-rav1e-0.5.0-8.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-30e81e5293
c-ares-1.19.0-1.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b7992f752
fedora-appstream-metadata-20230220-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-7d1e4f8e5e ethtool-6.2-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4c01c01ecf
cmake-3.26.0~rc4-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-672f668f51
python-cryptography-36.0.0-4.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2023-3ab01cdee2
freerdp-2.10.0-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-f598efbe30
kf5-kidletime-5.103.0-2.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-aba8530e65
xorg-x11-drv-amdgpu-23.0.0-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-edb120eb86 ndctl-76.1-1.fc36
The following builds have been pushed to Fedora 36 updates-testing
chromium-110.0.5481.177-1.fc36
fzf-0.38.0-1.fc36
golang-github-charmbracelet-bubbletea-0.23.2-1.fc36
golang-github-projectdiscovery-chaos-client-0.4.0-3.fc36
icestorm-0-0.28.20230220gitd20a5e9.fc36
kernel-6.1.14-100.fc36
nextcloud-25.0.3-1.fc36
nextpnr-1-20.20230226git14050f9.fc36
python-bitcoinlib-0.12.0-1.fc36
python-pyrate-limiter-2.9.1-1.fc36
radare2-5.8.2-2.fc36
rust-sequoia-octopus-librnp-1.4.1-5.fc36
rust-sequoia-sop-0.26.1-5.fc36
rust-sequoia-sq-0.26.0-5.fc36
strace-6.2-1.fc36
trellis-1.2.1-16.20230226gitf767e56.fc36
usd-22.03-10.fc36
Details about builds:
================================================================================
chromium-110.0.5481.177-1.fc36 (FEDORA-2023-6aad70a822)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 110.0.5481.177. Fixes the following security issues: CVE-2023-0927
CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932
CVE-2023-0933 CVE-2023-0941
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 23 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.177-1
- update to 110.0.5481.177
- workaround for crash on aarch64, rhel8
* Wed Feb 22 2023 Jan Grulich <jgrulich(a)redhat.com> - 110.0.5481.100-3
- Enable PipeWire screen sharing on RHEL8+
* Tue Feb 21 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.100-2
- fixed bz#2036205, failed to load GLES library
--------------------------------------------------------------------------------
================================================================================
fzf-0.38.0-1.fc36 (FEDORA-2023-7109ad358e)
A command-line fuzzy finder written in Go
--------------------------------------------------------------------------------
Update Information:
Update to 0.38.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 24 2023 Alejandro S��ez <asm(a)redhat.com> - 0.38.0-1
- Update to 0.38.0
* Fri Feb 10 2023 Jonathan Lebon <jonathan(a)jlebon.com> - 0.37.0-1
- Update to latest version (#2161496)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.35.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2161496 - fzf-0.38.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2161496
--------------------------------------------------------------------------------
================================================================================
golang-github-charmbracelet-bubbletea-0.23.2-1.fc36 (FEDORA-2023-a780ea9fdb)
A powerful little TUI framework
--------------------------------------------------------------------------------
Update Information:
Update to 0.23.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.23.2-1
- Update to 0.23.2 - Closes rhbz#2168463
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.23.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-projectdiscovery-chaos-client-0.4.0-3.fc36 (FEDORA-2023-3c0efceb7b)
Go client to communicate with Chaos DNS API
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 25 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.4.0-3
- Fix dep on ratelimit - Closes rhbz#2145096
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 20 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.4.0-1
- Update to 0.4.0 - Closes rhbz#2145096
* Tue Dec 20 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.3.0-2
- Update to 0.4.0 - Closes rhbz#2145096
--------------------------------------------------------------------------------
================================================================================
icestorm-0-0.28.20230220gitd20a5e9.fc36 (FEDORA-2023-2dd07a254d)
Lattice iCE40 FPGA bitstream creation/analysis/programming tools
--------------------------------------------------------------------------------
Update Information:
Update to newer snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 0-0.28.20230220gitd20a5e9
- Update to newer snapshot
* Wed Feb 15 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 0-0.27.20230215git8649e3e
- Update to newer snapshot
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
0-0.26.20230104git45f5e5f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
kernel-6.1.14-100.fc36 (FEDORA-2023-531d4aa68d)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 6.1.14 stable kernel updates contain a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 25 2023 Justin M. Forbes <jforbes(a)fedoraproject.org> [6.1.14-0]
- Linux v6.1.14
--------------------------------------------------------------------------------
================================================================================
nextcloud-25.0.3-1.fc36 (FEDORA-2023-774057472a)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
https://nextcloud.com/changelog/#25-0-3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 21 2023 Iv��n Chavero <ichavero(a)chavero.com.mx> - 25.0.3-1
- Update to 25.0.3
--------------------------------------------------------------------------------
================================================================================
nextpnr-1-20.20230226git14050f9.fc36 (FEDORA-2023-1eaf2f2ed6)
FPGA place and route tool
--------------------------------------------------------------------------------
Update Information:
Update to newer snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 1-20.20230226git14050f9
- Update to newer snapshot
- Temp. use bundled pybind11 (
https://github.com/pybind/pybind11/issues/4529)
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> - 1-19.20230215git78dabb7
- Rebuilt for Boost 1.81
* Wed Feb 15 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 1-18.20230215git78dabb7
- Update to newer snapshot
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1-17.20230104gita46afc6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2171618 - nextpnr: FTBFS in Fedora rawhide/f38
https://bugzilla.redhat.com/show_bug.cgi?id=2171618
[ 2 ] Bug #2172708 - F39FailsToInstall: nextpnr
https://bugzilla.redhat.com/show_bug.cgi?id=2172708
--------------------------------------------------------------------------------
================================================================================
python-bitcoinlib-0.12.0-1.fc36 (FEDORA-2023-5241e9fe9c)
The Swiss Army Knife of the Bitcoin protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Pablo Greco <pgreco(a)centosproject.org> - 0.12.0-1
- Update to 0.12.0
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Pablo Greco <pgreco(a)centosproject.org> - 0.11.0-10
- Fix crash with openssl3
- Update to latest commit upstream
- Resolve ripemd160 deprecation
- Temporarily disable some tests failing in openssl3
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.0-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.11.0-8
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pyrate-limiter-2.9.1-1.fc36 (FEDORA-2023-a3dcbb7d98)
The request rate limiter using Leaky-bucket algorithm
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.1 ---- Update to 2.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.9.1-1
- Update to 2.9.1
* Tue Feb 21 2023 Steve Cossette <farchord(a)gmail.com> - 2.9.0-1
- Update to 2.9.0
--------------------------------------------------------------------------------
================================================================================
radare2-5.8.2-2.fc36 (FEDORA-2023-18471b6297)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
fix sdb generation from messon
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-2
- cherrypick upstream patch for fixing the sdb generation from mesosn
* Wed Jan 25 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-1
- bump to 5.8.2
- fix CVE-2023-0302 , CVE-2023-0302
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.7.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.8-1
- bump to 5.7.8
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.6-1
- bump to 5.7.6
- cherrypicked patch for new libmagic from upstream
- fix CVE-2022-34502
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.6.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 21 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.6.8-1
- bump to 5.6.8
* Wed Apr 13 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- refresh list of bundled libraries and associated cleanup
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- Fixes for CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238
CVE-2022-1240 CVE-2022-1244 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
CVE-2022-1297
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-1
- bump to 5.6.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2170036 - syscall detection is broken
https://bugzilla.redhat.com/show_bug.cgi?id=2170036
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-octopus-librnp-1.4.1-5.fc36 (FEDORA-2023-7bd6fbb5fa)
Reimplementation of RNP's interface using Sequoia
--------------------------------------------------------------------------------
Update Information:
Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.4.1-5
- Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004)
* Sun Feb 5 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.4.1-4
- Rebuild for fixed frame pointer compiler flags in Rust RPM macros
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-sop-0.26.1-5.fc36 (FEDORA-2023-7bd6fbb5fa)
Stateless OpenPGP Interface using Sequoia
--------------------------------------------------------------------------------
Update Information:
Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.26.1-5
- Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004)
* Sun Feb 5 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.26.1-4
- Rebuild for fixed frame pointer compiler flags in Rust RPM macros
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.26.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.26.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-sq-0.26.0-5.fc36 (FEDORA-2023-7bd6fbb5fa)
Command-line frontends for Sequoia
--------------------------------------------------------------------------------
Update Information:
Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.26.0-5
- Rebuild for bzip2 0.4.4 (CVE-2023-22895 / RUSTSEC-2023-0004)
* Sun Feb 5 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.26.0-4
- Rebuild for fixed frame pointer compiler flags in Rust RPM macros
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.26.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.26.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
strace-6.2-1.fc36 (FEDORA-2023-1629658acf)
Tracks and displays system calls associated with a running process
--------------------------------------------------------------------------------
Update Information:
v6.1 -> v6.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Dmitry V. Levin <ldv(a)strace.io> - 6.2-1
- v6.1 -> v6.2.
--------------------------------------------------------------------------------
================================================================================
trellis-1.2.1-16.20230226gitf767e56.fc36 (FEDORA-2023-7f4abde5f6)
Lattice ECP5 FPGA bitstream creation/analysis/programming tools
--------------------------------------------------------------------------------
Update Information:
Update to newer snapshot
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 1.2.1-16.20230226gitf767e56
- Update to newer snapshot
- Temp. use bundled pybind11 (
https://github.com/pybind/pybind11/issues/4529)
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> -
1.2.1-15.20230215git0c522ce
- Rebuilt for Boost 1.81
* Wed Feb 15 2023 Gabriel Somlo <gsomlo(a)gmail.com> - 1.2.1-14.20230215git0c522ce
- Update to newer snapshot
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.1-13.20221109git35f5aff
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
usd-22.03-10.fc36 (FEDORA-2023-ac5e1832f9)
3D VFX pipeline interchange file format
--------------------------------------------------------------------------------
Update Information:
Rebuilt with fix for null pointer dereference in stb_image
(
https://github.com/nothings/stb/issues/1452).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 22.03-10
- Update minimum stb_image versions
--------------------------------------------------------------------------------