The following Fedora 37 Security updates need testing:
Age URL
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3b4c68d85d
golang-1.19.4-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-88772d0a2d
libtar-1.2.20-26.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7e327a20be
containerd-1.6.14-2.fc37 golang-github-containerd-cgroups-1.0.4-3.fc37
moby-engine-20.10.21-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-62b61a8542
trafficserver-9.1.4-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fbf6a320fe
python3.6-3.6.15-15.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7ee33d4ad curl-7.85.0-5.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-90162a1d88
kernel-6.0.15-300.fc37
The following Fedora 37 Critical Path updates have yet to be approved:
Age URL
51
https://bodhi.fedoraproject.org/updates/FEDORA-2022-700705c81b
unbound-1.17.0-1.fc37
40
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a1bfac29ac
python-rpmautospec-0.3.1-1.fc37
29
https://bodhi.fedoraproject.org/updates/FEDORA-2022-26a1391176
annobin-10.93-1.fc37
14
https://bodhi.fedoraproject.org/updates/FEDORA-2022-28dc37634d
dnsmasq-2.88-1.fc37
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7129e598e3 pungi-4.3.7-1.fc37
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf8feea173 lorax-37.10-1.fc37
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d1073ce971
libshout-2.4.6-1.fc37
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-16b288b12d git-2.39.0-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bb36bea121 xen-4.16.3-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f44938861b
xorg-x11-server-Xwayland-22.1.7-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-106a8e01bc
tpm2-tss-3.2.1-1.fc37
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2bc7296765 clevis-18-14.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-90162a1d88
kernel-6.0.15-300.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7ee33d4ad curl-7.85.0-5.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7f86ea7f00
edk2-20221117gitfff6d81270b5-8.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c4efd0aa07
libksba-1.6.3-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc84e3e4d5
selinux-policy-37.17-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b5cd15651f
xdg-user-dirs-0.18-1.fc37 xdg-user-dirs-gtk-0.11-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-984c47cd82
libgusb-0.4.3-1.fc37
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-13651af329 ethtool-6.1-1.fc37
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e63f49c01d
samba-4.17.4-2.fc37
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7edcc46973
thunderbird-102.6.0-2.fc37
The following builds have been pushed to Fedora 37 updates-testing
ImageMagick-6.9.12.70-1.fc37
Macaulay2-1.21-1.fc37
OpenImageIO-2.4.6.1-1.fc37
btrfs-progs-6.1-1.fc37
crudini-0.9.4-1.fc37
frobby-0.9.5-1.fc37
gnome-shell-extension-vertical-workspaces-23-1.fc37
libmediainfo-22.12-1.fc37
libpwquality-1.4.5-1.fc37
libzen-0.4.40-1.fc37
magic-8.3.357-1.fc37
mediainfo-22.12-3.fc37
packit-0.65.1-1.fc37
pcm-202212-0.fc37
rubygem-racc-1.6.2-200.fc37
rust-html-escape-0.2.13-1.fc37
rust-libc-0.2.139-1.fc37
rust-time0.1-0.1.45-1.fc37
simdutf-2.0.9-3.fc37
w3m-0.5.3-58.git20220429.fc37
Details about builds:
================================================================================
ImageMagick-6.9.12.70-1.fc37 (FEDORA-2022-21d72b9715)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12.70 (#2150658)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12.70-1
- Update ImageMagick to 6.9.12.70 (#2150658)
* Tue Dec 20 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1:6.9.12.67-2
- LibRaw rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2150658 - ImageMagick-6.9.12.70 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2150658
--------------------------------------------------------------------------------
================================================================================
Macaulay2-1.21-1.fc37 (FEDORA-2022-ae9eefc1dc)
System for algebraic geometry and commutative algebra
--------------------------------------------------------------------------------
Update Information:
Version 0.9.5 of frobby is version 0.9.0 with various Debian patches applied.
See the git changelog at
https://github.com/Macaulay2/frobby/commits/master for
details. See
https://faculty.math.illinois.edu/Macaulay2/doc/Macaulay2-
1.21/share/doc/Macaulay2/Macaulay2Doc/html/_changes_cm_sp1.21.html for changes
in Macaulay2 version 1.21.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 Jerry James <loganjerry(a)gmail.com> - 1.21-1
- Version 1.21
- Drop upstreamed patch for crash when building documentation
- Use rdns names for the desktop and metainfo files
* Tue Dec 20 2022 Jerry James <loganjerry(a)gmail.com> - 1.20-2
- Convert License tag to SPDX
* Sun Sep 25 2022 Rich Mattes <richmattes(a)gmail.com> - 1.20-2
- Rebuild for tinyxml2-9.0.0
--------------------------------------------------------------------------------
================================================================================
OpenImageIO-2.4.6.1-1.fc37 (FEDORA-2022-fc361cc7b6)
Library for reading and writing images
--------------------------------------------------------------------------------
Update Information:
* Update to 2.4.6.1, see release notes for details:
https://github.com/OpenImageIO/oiio/releases * Security fix for
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 Richard Shaw <hobbes1069(a)gmail.com> - 2.4.6.1-1
- Update to 2.4.6.1.
* Tue Dec 20 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 2.4.4.2-3
- LibRaw rebuild
* Tue Nov 15 2022 Richard Shaw <hobbes1069(a)gmail.com> - 2.4.4.2-2
- Rebuild for yaml-cpp 0.7.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139227 - OpenImageIO-2.4.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139227
[ 2 ] Bug #2156029 - CVE-2022-43603 OpenImageIO: denial of service vulnerability
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2156029
--------------------------------------------------------------------------------
================================================================================
btrfs-progs-6.1-1.fc37 (FEDORA-2022-70605fc15f)
Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:
#### Upstream changes * filesystem df: add json output * qgroup show: add
json output * new command: 'inspect-internal map-swapfile' to check swapfile
and its swapfile_offset value used for hibernation * corrupt-block: fix
parsing of option --root argument * experimental (interfaces not finalized):
* new command 'inspect-internal list-chunks' * new group reflink, command
clone * other: * synchronize some files with kernel versions *
docs updates * build: use gnu11 #### Build changes * Use `libgcrypt`
for crypto instead of built-in code
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Neal Gompa <ngompa(a)fedoraproject.org> - 6.1-1
- Update to 6.1
- Use libgcrypt for cryptographic hash functions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2155906 - btrfs-progs-6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2155906
--------------------------------------------------------------------------------
================================================================================
crudini-0.9.4-1.fc37 (FEDORA-2022-ef18f0a54f)
A utility for manipulating ini files
--------------------------------------------------------------------------------
Update Information:
Latest version from upstream. Fixes "pipes" module deprecation warnings.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 P��draig Brady <P(a)draigBrady.com> - 0.9.4-1
- Latest upstream
* Thu Aug 11 2022 P��draig Brady <P(a)draigBrady.com> - 0.9.3-8
- Fix FTBFS on rawhide by avoiding pipes module warning
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.3-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
frobby-0.9.5-1.fc37 (FEDORA-2022-ae9eefc1dc)
Computations With Monomial Ideals
--------------------------------------------------------------------------------
Update Information:
Version 0.9.5 of frobby is version 0.9.0 with various Debian patches applied.
See the git changelog at
https://github.com/Macaulay2/frobby/commits/master for
details. See
https://faculty.math.illinois.edu/Macaulay2/doc/Macaulay2-
1.21/share/doc/Macaulay2/Macaulay2Doc/html/_changes_cm_sp1.21.html for changes
in Macaulay2 version 1.21.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 Jerry James <loganjerry(a)gmail.com> - 0.9.5-1
- Version 0.9.5
- New URLs
- Drop upstreamed Macaulay2 patch
- Convert License tag to SPDX
- Minor spec file cleanups
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-vertical-workspaces-23-1.fc37 (FEDORA-2022-c664441ed6)
Vertical orientation of workspaces for GNOME 40+
--------------------------------------------------------------------------------
Update Information:
This is the latest upstream version with new features and bug fixes.
https://github.com/G-dH/vertical-workspaces/blob/v23/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Carl George <carl(a)george.computer> 23-1
- Update to version 23, resolves rhbz#2155960
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2155960 - gnome-shell-extension-vertical-workspaces-23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2155960
--------------------------------------------------------------------------------
================================================================================
libmediainfo-22.12-1.fc37 (FEDORA-2022-9bee6fc7d0)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 22.12.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Vasiliy N. Glazov <vascom2(a)gmail.com> - 22.12-1
- Update to 22.12
--------------------------------------------------------------------------------
================================================================================
libpwquality-1.4.5-1.fc37 (FEDORA-2022-edda4c3b97)
A library for password generation and password quality checking
--------------------------------------------------------------------------------
Update Information:
Make cracklibs a weak dependency
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 Paul Wouters <paul.wouters(a)aiven.io - 1.4.5-1
- Resolves: rhbz#2154991 libpwquality fails to build with Python 3.12:
ModuleNotFoundError: No module named 'distutils'
- Resolves: rhbz#2006063 RFE: Support running without cracklib-dicts installed
- Cleanup and remove python2/3 conditional macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2006063 - RFE: Support running without cracklib-dicts installed
https://bugzilla.redhat.com/show_bug.cgi?id=2006063
[ 2 ] Bug #2154991 - libpwquality fails to build with Python 3.12: ModuleNotFoundError:
No module named 'distutils'
https://bugzilla.redhat.com/show_bug.cgi?id=2154991
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.40-1.fc37 (FEDORA-2022-9bee6fc7d0)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update to 22.12.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Vasiliy N. Glazov <vascom2(a)gmail.com> - 0.4.40-1
- Update to 0.4.40
--------------------------------------------------------------------------------
================================================================================
magic-8.3.357-1.fc37 (FEDORA-2022-e625dd75a2)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.3.357 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 8.3.357-1
- 8.3.357
--------------------------------------------------------------------------------
================================================================================
mediainfo-22.12-3.fc37 (FEDORA-2022-9bee6fc7d0)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 22.12.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Vasiliy N. Glazov <vascom2(a)gmail.com> - 22.12-3
- Update to 22.12
- Fix EPEL build
--------------------------------------------------------------------------------
================================================================================
packit-0.65.1-1.fc37 (FEDORA-2022-5583aefc00)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
* Thu Dec 22 2022 Packit <hello(a)packit.dev> - 0.65.1-1 - Packit now puts the
correct release number into the changelog when the `Release` tag is reset during
`propose-downstream`. (#1816)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 22 2022 Packit <hello(a)packit.dev> - 0.65.1-1
- Packit now puts the correct release number into the changelog when the `Release` tag is
reset during `propose-downstream`. (#1816)
--------------------------------------------------------------------------------
================================================================================
pcm-202212-0.fc37 (FEDORA-2022-8d9048f0ed)
Intel(r) Performance Counter Monitor
--------------------------------------------------------------------------------
Update Information:
update to upstream 202212 version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
rubygem-racc-1.6.2-200.fc37 (FEDORA-2022-1aa76c9cce)
LALR(1) parser generator
--------------------------------------------------------------------------------
Update Information:
New version 1.6.2 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.6.2-200
- 1.6.2
--------------------------------------------------------------------------------
================================================================================
rust-html-escape-0.2.13-1.fc37 (FEDORA-2022-cb29469e4f)
Library for escaping special characters and unescaping HTML entities in HTML
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.13.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.2.13-1
- Update to version 0.2.13; Fixes RHBZ#2156064
--------------------------------------------------------------------------------
================================================================================
rust-libc-0.2.139-1.fc37 (FEDORA-2022-51ae0a4b89)
Raw FFI bindings to platform libraries like libc
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.139.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.2.139-1
- Update to version 0.2.139; Fixes RHBZ#2155777
--------------------------------------------------------------------------------
================================================================================
rust-time0.1-0.1.45-1.fc37 (FEDORA-2022-9dcbb35d9e)
Utilities for working with time-related functions in Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.45.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.1.45-1
- Update to version 0.1.45
--------------------------------------------------------------------------------
================================================================================
simdutf-2.0.9-3.fc37 (FEDORA-2022-f4df098fd5)
Unicode validation and transcoding at billions of characters per second
--------------------------------------------------------------------------------
Update Information:
devel version control
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 aekoroglu <aekoroglu(a)linux.intel.com> 2.0.9-3
- devel version control
* Fri Dec 23 2022 aekoroglu <aekoroglu(a)linux.intel.com> 2.0.9-2
- delete accidental add
* Fri Dec 23 2022 aekoroglu <aekoroglu(a)linux.intel.com> 2.0.9-1
- update to 2.0.9
* Fri Nov 11 2022 aekoroglu <aekoroglu(a)linux.intel.com> 2.0.2-2
- exclude s390 and s390x
* Fri Nov 11 2022 aekoroglu <aekoroglu(a)linux.intel.com> 2.0.2-1
- 1st fedora release
--------------------------------------------------------------------------------
================================================================================
w3m-0.5.3-58.git20220429.fc37 (FEDORA-2022-7d2f942be2)
Pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to address CVE-2022-38223 (#2126270)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 23 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.5.3-58.git20220429
- Added upstream patch to address CVE-2022-38223 (#2126270)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2126270 - CVE-2022-38223 w3m: an out-of-bounds write in checkType located in
etc.c in w3m
https://bugzilla.redhat.com/show_bug.cgi?id=2126270
--------------------------------------------------------------------------------