The following Fedora 35 Security updates need testing:
Age URL
290
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f44dd1bec2
python3.10-3.10.8-3.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e733724edb
freerdp-2.8.1-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-003403ec6b
samba-4.15.12-0.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14f11bfc73
ntfs-3g-2022.10.3-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-927df621df
thunderbird-102.5.0-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53a4a5dd11 xen-4.15.4-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-333df1c4aa
galera-26.4.13-1.fc35 mariadb-10.5.18-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cbbd105d08
heimdal-7.7.1-3.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-07dd239d6c
admesh-0.98.5-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-df2f4923ea
libetpan-1.9.4-9.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ce9378e90 grub2-2.06-14.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-99c00af79f
advancecomp-2.4-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0ff8149aad
qpress-20220819-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec48d2c1b4
firefox-107.0-4.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
109
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
73
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a
libblockdev-2.28-2.fc35
15
https://bodhi.fedoraproject.org/updates/FEDORA-2022-43fa48ce4e
python-rpmautospec-0.3.1-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-08abe36a9e
linux-firmware-20221109-144.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f700faae4 glibc-2.34-49.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e733724edb
freerdp-2.8.1-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f44dd1bec2
python3.10-3.10.8-3.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53a4a5dd11 xen-4.15.4-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-927df621df
thunderbird-102.5.0-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14f11bfc73
ntfs-3g-2022.10.3-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-003403ec6b
samba-4.15.12-0.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7184211fc4 koji-1.31.0-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b29661d86 vim-9.0.915-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-32e69d01a9
libbsd-0.11.7-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ce9378e90 grub2-2.06-14.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9fde12c816 gcc-11.3.1-4.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec48d2c1b4
firefox-107.0-4.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a40f54d6fc
kernel-6.0.10-100.fc35
The following builds have been pushed to Fedora 35 updates-testing
appstream-data-35-9.fc35
fast_float-3.8.1-1.fc35
globus-gridftp-server-13.24-3.fc35
langtable-0.0.61-2.fc35
libxcrypt-4.4.33-3.fc35
livesys-scripts-0.3.0-1.fc35
moodle-3.11.11-1.fc35
nginx-mod-naxsi-1.3-6.fc35
openrgb-0.8-2.fc35
plasma-nano-5.25.5-1.fc35
python-howdoi-2.0.20-2.fc35
python-tox-3.27.1-1.fc35
Details about builds:
================================================================================
appstream-data-35-9.fc35 (FEDORA-2022-a644404329)
Fedora AppStream metadata
--------------------------------------------------------------------------------
Update Information:
New metadata version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Richard Hughes <richard(a)hughsie.com> 35-9
- New metadata version
--------------------------------------------------------------------------------
================================================================================
fast_float-3.8.1-1.fc35 (FEDORA-2022-3c73fe1c45)
Fast & exact implementation of C++ from_chars for float/double
--------------------------------------------------------------------------------
Update Information:
Update to 3.8.1: [3.8.1 release
notes](https://github.com/fastfloat/fast_float/releases/tag/v3.8.1), [3.8.0
release
notes](https://github.com/fastfloat/fast_float/releases/tag/v3.8.0),
[3.7.0 release
notes](https://github.com/fastfloat/fast_float/releases/tag/v3.7.0), [3.6.0
release
notes](https://github.com/fastfloat/fast_float/releases/tag/v3.6.0).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 27 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.8.1-1
- Update to 3.8.1 (close RHBZ#2148670)
* Sun Nov 27 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.8.0-1
- Update to 3.8.0 (close RHBZ#2148328)
* Sun Nov 20 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.7.0-1
- Update to 3.7.0 (close RHBZ#2143469)
* Sun Nov 20 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.6.0-1
- Update to 3.6.0 (close RHBZ#2140130)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2140130 - fast_float-3.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2140130
[ 2 ] Bug #2143469 - fast_float-3.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2143469
[ 3 ] Bug #2148328 - fast_float-3.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2148328
[ 4 ] Bug #2148670 - fast_float-3.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2148670
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-13.24-3.fc35 (FEDORA-2022-df7b42ebed)
Grid Community Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Fix a test.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 13.24-3
- Fix buffer overflow in test
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 13.24-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2146585 - buffer overflow in globus_list_cmp_alias_ent
https://bugzilla.redhat.com/show_bug.cgi?id=2146585
--------------------------------------------------------------------------------
================================================================================
langtable-0.0.61-2.fc35 (FEDORA-2022-6299256f20)
Guessing reasonable defaults for locale, keyboard layout, territory, and language.
--------------------------------------------------------------------------------
Update Information:
Migrate license tag of python3-langtable to SPDX as well ---- Update to 0.0.61
Add mnw_MM.UTF-8 and ckb_IQ.UTF-8 Do not run test cases using Python2 anymore
Add bih Add more translations from CLDR Migrate license tag to SPDX
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Mike FABIAN <mfabian(a)redhat.com> - 0.0.61-2
- Migrate license tag of python3-langtable to SPDX as well
* Thu Nov 24 2022 Mike FABIAN <mfabian(a)redhat.com> - 0.0.61-1
- Update to 0.0.61
- Add mnw_MM.UTF-8 and ckb_IQ.UTF-8
- Do not run test cases using Python2 anymore
- Add bih
- Add more translations from CLDR
- Migrate license tag to SPDX
--------------------------------------------------------------------------------
================================================================================
libxcrypt-4.4.33-3.fc35 (FEDORA-2022-ae162c4397)
Extended crypt library for descrypt, md5crypt, bcrypt, and others
--------------------------------------------------------------------------------
Update Information:
- New upstream release. - Do not BR the compat package during bootstrap. - Use
BR: coreutils instead of %{_bindir}/sha256sum. - Convert License to SPDX
expression. - Add upstream patch to improve performance on some type-cast
operations.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.33-3
- Convert License to SPDX expression
- Add upstream patch to improve performance on some type-cast operations
* Mon Nov 21 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.33-2
- Do not BR the compat package during bootstrap
- Use BR: coreutils instead of %{_bindir}/sha256sum
* Fri Nov 18 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.33-1
- New upstream release
* Fri Nov 18 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.32-1
- New upstream release
* Wed Nov 16 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.31-5
- Add %{perl_minver} macro and re-add BR on perl(:VERSION)
* Wed Nov 16 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.31-4
- Add BR for perl modules to run the skip-if-exec-format-error script
- Move the BR for minimum Perl version to perl-interpreter
* Tue Nov 15 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.31-3
- Explicitly list all needed build-time Perl modules
* Tue Nov 15 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.31-2
- Narrow down BuildRequires for the minimum needed Perl modules
* Sun Nov 13 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.31-1
- New upstream release
* Tue Nov 8 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.30-3
- Backport another upstream patch for a conversion fix
* Tue Nov 8 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.30-2
- Backport some upstream patches for fixes and optimizations
- Explicitly disable arc4random_buf in all_possible_tests configuration
* Tue Nov 1 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.30-1
- New upstream release
* Mon Oct 31 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.29-1
- New upstream release
* Wed Aug 10 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.28-3
- Rebuilt for arc4random_buf in glibc 2.36 (or later)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.28-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
livesys-scripts-0.3.0-1.fc35 (FEDORA-2022-4655d66843)
Scripts for auto-configuring live media during boot
--------------------------------------------------------------------------------
Update Information:
Add support for "extra" livesys session scripts defined for derivatives of main
spin/edition media
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 27 2022 Neal Gompa <ngompa(a)fedoraproject.org> - 0.3.0-1
- Update to 0.3.0
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
moodle-3.11.11-1.fc35 (FEDORA-2022-cb7084ae1c)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Fixes for multiple CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 3.11.11-1
- 3.11.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2144705 - CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151
CVE-2022-45152 moodle: various flaws [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2144705
[ 2 ] Bug #2144706 - CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151
CVE-2022-45152 moodle: various flaws [fedora-36]
https://bugzilla.redhat.com/show_bug.cgi?id=2144706
--------------------------------------------------------------------------------
================================================================================
nginx-mod-naxsi-1.3-6.fc35 (FEDORA-2022-9c1a9f862c)
nginx web application firewall module
--------------------------------------------------------------------------------
Update Information:
Rebuild for nginx 1.22.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Neal Gompa <ngompa(a)fedoraproject.org> - 1.3-6
- Rebuild for nginx 1.22.1
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2138851 - F35FailsToInstall: nginx-mod-naxsi
https://bugzilla.redhat.com/show_bug.cgi?id=2138851
--------------------------------------------------------------------------------
================================================================================
openrgb-0.8-2.fc35 (FEDORA-2022-2497a63681)
Open source RGB lighting control
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 0.8-2
- build: ExcludeArch: %{ix86}
* Mon Nov 28 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 0.8-1
- build: Update to 0.8
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.7-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
plasma-nano-5.25.5-1.fc35 (FEDORA-2022-3f1b682deb)
A minimalist Plasma shell for developing custom experiences on embedded devices.
--------------------------------------------------------------------------------
Update Information:
add plasma-nano to F35 because it is needed by plasma-mobile - nothing
provides plasma-nano needed by plasma-mobile-5.25.4-1.fc35.x86_64
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 7 2022 Marc Deop <marcdeop(a)fedoraproject.org> - 5.25.5-1
- 5.25.5
* Wed Aug 31 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 5.25.4-1
- 5.25.4
* Sat Apr 16 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 5.24.4-1
- 5.24.4
* Mon Jan 17 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 5.23.5-1
- Initial version of package
--------------------------------------------------------------------------------
================================================================================
python-howdoi-2.0.20-2.fc35 (FEDORA-2022-8e0f0c8fbb)
Instant coding answers via the command line
--------------------------------------------------------------------------------
Update Information:
Update to `howdoi` 2.0.20 2.0.20 ------ - Update dependency versions - Add
support for Python 3.10 2.0.19 ------ - Fix typo 2.0.18 ------ - Fixed issue
with howdoi cache where cache misses would be printed to the console 2.0.17
------ - New documentation and mkdocs - Fixed issue with how howdoi chooses
the proper search engine (command line flags now override environment variables)
- Added a search engine fallback if one of the search engines fails
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 28 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 2.0.20-2
- Rename binary package to just howdoi, as it is an application
* Mon Nov 28 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 2.0.20-1
- Update to 2.0.20; convert to new Python packaging guidelines
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.16-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 16 2022 Python Maint <python-maint(a)redhat.com> - 2.0.16-5
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.16-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-tox-3.27.1-1.fc35 (FEDORA-2022-40239fb20a)
Virtualenv-based automation of test activities
--------------------------------------------------------------------------------
Update Information:
## tox 3.27.1 ### Bugfixes - Replaced deprecated `license_file` key with
`license_files` in `setup.cfg` -- by [@mgorny](https://github.com/mgorny).
[#2521](https://github.com/tox-dev/tox/issues/2521) - Add env cleanup to
envreport - fix PYTHONPATH leak into "envreport" -- by
[@f3flight](https://github.com/f3flight). [#2528](https://github.com/tox-
dev/tox/issues/2528) ## tox 3.27.0 ### Bugfixes - Dropped `--build-option`
in isolated builds, an alternative fix for the `SetuptoolsDeprecationWarning`
about using `--global-option` -- by [@adamchainz](https://github.com/adamchainz)
[#2497](https://github.com/tox-dev/tox/issues/2497) - Remove read-only files
in `ensure_empty_dir`. [#2498](https://github.com/tox-dev/tox/issues/2498) -
Multiple tox instances no longer clobber the `.tox` directory when
`provision_tox_env` is used. - by [@masenf](https://github.com/masenf)
[#2515](https://github.com/tox-dev/tox/issues/2515) ###
Documentation[](https://tox.wiki/en/latest/changelog.html#documentation
"Permalink to this heading") - Clarify that `install_command` only takes one
command - by [@jugmac00](https://github.com/jugmac00)
[#2433](https://github.com/tox-dev/tox/issues/2433) - Documented problems
with plugin and provision env - by [@ziima](https://github.com/ziima).
[#2469](https://github.com/tox-dev/tox/issues/2469)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 25 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 3.27.1-1
- Update to 3.27.1
--------------------------------------------------------------------------------