The following Fedora 35 Security updates need testing:
Age URL
204
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
196
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
29
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7f95e65dd
booth-1.0-251.3.bfb2f92.git.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15da0cf165 rsync-3.2.5-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d9f1bb102d
OpenImageIO-2.2.21.0-2.fc35 ctk-0.1-0.24.20190721.fc35 dcmtk-3.6.7-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ddfeee50c9
webkit2gtk3-2.36.7-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ddee3eb27c
thunderbird-102.2.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3b33d04743 vim-9.0.246-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
15
https://bodhi.fedoraproject.org/updates/FEDORA-2022-da31238a14
binutils-2.37-24.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9ddf777fdb
libbluray-1.3.2-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4fc68b4137
libkcapi-1.4.0-2.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8597aa54ec
libdnf-0.68.0-1.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15da0cf165 rsync-3.2.5-1.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-03eb748e1d
freerdp-2.8.0-1.fc35 gnome-boxes-41.3-2.fc35 gnome-connections-41.2-2.fc35
gnome-remote-desktop-41.3-2.fc35 guacamole-server-1.4.0-6.fc35 hydra-9.2-5.fc35
medusa-2.2-18.20181216git292193b.fc35 pidgin-sipe-1.25.0-14.fc35 vinagre-3.22.0-26.fc35
weston-8.0.0-12.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4841fbd892
createrepo_c-0.20.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2eb835425a fedora-repos-35-4
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-48e82b4eda
dbus-broker-32-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-564484bcd4
twolame-0.4.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e4bd968e45
libreport-2.17.2-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ad62906a26
shadow-utils-4.9-10.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9a3f9767d1 ndctl-74-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-52f71b625b
ethtool-5.19-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-19b61cd789
librepo-1.14.4-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-781669c384 glibc-2.34-41.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ada487682a
tzdata-2022c-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a7c12f917e
kernel-5.19.4-100.fc35 kernel-headers-5.19.4-100.fc35 kernel-tools-5.19.4-100.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3b33d04743 vim-9.0.246-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ddee3eb27c
thunderbird-102.2.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ddfeee50c9
webkit2gtk3-2.36.7-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3a75635d6a
kde-settings-35.2-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
cinfo-0.4.8-1.fc35
emacs-dockerfile-mode-1.8-1.fc35
fts-rest-client-3.12.0-1.fc35
gnome-shell-extension-just-perfection-21.0-1.fc35
golang-uber-multierr-1.8.0-1.fc35
libtar-1.2.20-25.fc35
osbuild-65-1.fc35
osbuild-composer-61-1.fc35
python-cloudscraper-1.2.62-1.fc35
python-ecdsa-0.18.0-1.fc35
sameboy-0.15.5-1.fc35
sssd-2.7.4-1.fc35
tcpreplay-4.4.2-1.fc35
texstudio-4.3.1-1.fc35
tuptime-5.2.1-1.fc35
yambar-1.8.0-1.fc35
Details about builds:
================================================================================
cinfo-0.4.8-1.fc35 (FEDORA-2022-39b31f0010)
Fast and minimal system information tool
--------------------------------------------------------------------------------
Update Information:
initial package build
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 20 2022 Jonathan Wright <jonathan(a)almalinux.org> 0.4.8-1
- Initial package build
- rhbz#2120002
--------------------------------------------------------------------------------
================================================================================
emacs-dockerfile-mode-1.8-1.fc35 (FEDORA-2022-6ca391cf1c)
An emacs mode for handling Dockerfiles
--------------------------------------------------------------------------------
Update Information:
Fix: remove repeated switch in docstring
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 18 2022 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 1.8-1
- Update to 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2117992 - emacs-dockerfile-mode-1.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2117992
--------------------------------------------------------------------------------
================================================================================
fts-rest-client-3.12.0-1.fc35 (FEDORA-2022-3817cede8e)
File Transfer Service (FTS) -- Python3 Client and CLI
--------------------------------------------------------------------------------
Update Information:
First release of the FTS REST Client package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 27 2022 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 3.12.0-1
- First EPEL release (v3.12.0 upstream release)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2111607 - Review Request: fts-rest-client - FTS Python3 clients
https://bugzilla.redhat.com/show_bug.cgi?id=2111607
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-just-perfection-21.0-1.fc35 (FEDORA-2022-252488152b)
Extension to Customize GNOME Shell and Disable UI Elements
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 21. See the [upstream
changelog](https://gitlab.gnome.org/jrahmatzadeh/just-
perfection/-/blob/21.0/CHANGELOG.md) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 27 2022 Carl George <carl(a)george.computer> 21.0-1
- Latest upstream, resolves rhbz#2116039
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 20.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2116039 - gnome-shell-extension-just-perfection-21.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2116039
--------------------------------------------------------------------------------
================================================================================
golang-uber-multierr-1.8.0-1.fc35 (FEDORA-2022-eae2f4f9f5)
Combine one or more go errors together
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Anthony Rabbito <hello(a)anthonyrabbito.com> 1.8.0-1
- Update to 1.8.0 use generate_buildrequires
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libtar-1.2.20-25.fc35 (FEDORA-2022-fe1a4e3cf0)
Tar file manipulation API
--------------------------------------------------------------------------------
Update Information:
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646) -
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Kamil Dudka <kdudka(a)redhat.com> - 1.2.20-25
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.20-24
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.20-23
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
osbuild-65-1.fc35 (FEDORA-2022-a03d2ca8a8)
A build system for OS images
--------------------------------------------------------------------------------
Update Information:
New upstream release: 60 ---- New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Packit <hello(a)packit.dev> - 65-1
Changes with 65
----------------
* Add greenboot configuration management via osbuild (#1086)
* Add new properties to ostree.remotes stage: gpgkeypath and contenturl (#1097)
* pipeline: include mounts in stage checksum (#1098)
* runners: add fedora38 (#1092)
Contributions from: Achilleas Koutsou, Christian Kellner, Ond��ej Budai, Sayan Paul
��� Somewhere on the Internet, 2022-08-26
* Wed Aug 17 2022 Packit <hello(a)packit.dev> - 64-1
Changes with 64
----------------
* Ability to mark installation as `ostree-booted` (#1085)
* Add org.osbuild.gcp.guest-agent.conf stage (#1080)
* Check source via `autopep8` (#1083)
* `stages/gcp.guest-agent.conf`: various small fixes (#1081)
* osbuild-mpp: Allow use of mpp-* operations for stages (#1084)
* stages/rpm: allow setting the dbpath (#666)
Contributions from: Alexander Larsson, Christian Kellner, fkolwa
��� Somewhere on the Internet, 2022-08-17
--------------------------------------------------------------------------------
================================================================================
osbuild-composer-61-1.fc35 (FEDORA-2022-cd28ab27c1)
An image building service based on osbuild
--------------------------------------------------------------------------------
Update Information:
New upstream release: 61
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Packit <hello(a)packit.dev> - 61-1
Changes with 61
----------------
* Add the `rhsm.facts` stage. (#2909)
* Disable skipped tests (#2885)
* Support hybrid boot for edge installers (#2912)
* worker/osbuild: use `os-release` to determine host OS (#2842)
Contributions from: Achilleas Koutsou, Juan Abia, Simon de Vlieger, Tomas Hozza, Xiaofeng
Wang
��� Somewhere on the Internet, 2022-08-26
* Wed Aug 24 2022 Packit <hello(a)packit.dev> - 60-1
Changes with 60
----------------
* Add search command to dnf-json and use it for package searches (#2908)
* Modify repositories/rhel-xy.json file before testing nightly compose (#2894)
* Update terraform SHA with more aarch64 runner options (#2907)
* [GCE images] don't install SDK and turn off GPG check on el9 (#2900)
* distro/image-installer: remove nvmf dracut module for RHEL-9.1 (#2899)
* distro: add oscap packages to image (#2898)
* tests: Add comment to make it more obvious what's happening (#2888)
* tests: Remove useless JSON file overrides (#2881)
* update civ (#2796)
Contributions from: Alexander Todorov, Brian C. Lane, Gianluca Zuccarelli, Jakub Rusz,
Juan Abia, Tomas Hozza, Xiaofeng Wang
��� Somewhere on the Internet, 2022-08-24
--------------------------------------------------------------------------------
================================================================================
python-cloudscraper-1.2.62-1.fc35 (FEDORA-2022-4c797a5e49)
Python module to bypass Cloudflare's anti-bot page
--------------------------------------------------------------------------------
Update Information:
Updating 1.2.62
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 27 2022 Lyes Saadi <lyessaadi(a)fedoraproject.org> 1.2.62-1
- Updating to 1.2.62
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.60-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.2.60-3
- Rebuilt for pyparsing-3.0.9
* Tue Jun 14 2022 Python Maint <python-maint(a)redhat.com> - 1.2.60-2
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
python-ecdsa-0.18.0-1.fc35 (FEDORA-2022-d05684ab29)
ECDSA cryptographic signature library
--------------------------------------------------------------------------------
Update Information:
update to 0.18.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Jonathan Wright <jonathan(a)almalinux.org> - 0.18.0-1
- update to 0.18.0
- rhbz#1873173
* Fri Aug 26 2022 Jonathan Wright <jonathan(a)almalinux.org> - 0.17.0-9
- improve performance with gmpy2
* Fri Aug 26 2022 Jonathan Wright <jonathan(a)almalinux.org> - 0.17.0-8
- modernize spec file
* Fri Aug 26 2022 Jonathan Wright <jonathan(a)almalinux.org> - 0.17.0-7
- remove python2-related code from spec
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.17.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.17.0-5
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.17.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
sameboy-0.15.5-1.fc35 (FEDORA-2022-a69911a8c9)
Game Boy and Game Boy Color emulator written in C
--------------------------------------------------------------------------------
Update Information:
Update to 0.15.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 25 2022 Jan Dr��gehoff <sentrycraft123(a)gmail.com> - 0.15.5-1
- Update to 0.15.5
--------------------------------------------------------------------------------
================================================================================
sssd-2.7.4-1.fc35 (FEDORA-2022-3c8a55de8c)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
Rebase to sssd-2.7.4. Release notes:
https://sssd.io/release-
notes/sssd-2.7.4.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Pavel B��ezina <pbrezina(a)redhat.com> - 2.7.4-1
- Rebase to SSSD 2.7.4
--------------------------------------------------------------------------------
================================================================================
tcpreplay-4.4.2-1.fc35 (FEDORA-2022-680ea95f71)
Replay captured network traffic
--------------------------------------------------------------------------------
Update Information:
This is Tcpreplay suite 4.4.2 This release contains bug fixes only. What's
changed: - Bug #716 heap-buffer-overflow in get_l2len_protocol() by @fklassen
in #738 - Bug #721 fixed typo in tcpliveplay.c by @jonathan-dev in #721 - Bug
#717 avoid assertion in get_layer4_v6 by @fklassen in #739 - Bug #718 improved
heap-overflow protection by @fklassen in #740 - Bug #719 better overflow
protection in parse_mpls by @fklassen in #741 - Bug #725 FORCE_ALIGN on arm by
@fklassen in #742 - Bug #729 tcpreplay_edit: disallow both -K and -l options by
@fklassen in #743 - Bug #735 heap-overflow in get_l2len_protocol by @fklassen in
#744 - Bug #745 remove autogen.sh from distribution tarballs by @fklassen in
#747
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 27 2022 Bojan Smojver <bojan@rexursive com> - 4.4.2-1
- bump up to 4.4.2
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2071668 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple
vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2071668
[ 2 ] Bug #2071669 - CVE-2022-27939 tcpreplay: net-analyzer/tcpreplay: multiple
vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2071669
[ 3 ] Bug #2071673 - CVE-2022-27940 tcpreplay: net-analyzer/tcpreplay: multiple
vulnerabilities [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2071673
[ 4 ] Bug #2071716 - CVE-2022-27941 tcpreplay: VUL-0: CVE-2022-27941: tcpreplay:
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in
common/get.c. [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2071716
[ 5 ] Bug #2071721 - CVE-2022-27942 tcpreplay: CVE-2022-27942: tcpreplay: tcpprep in
Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2071721
[ 6 ] Bug #2081861 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums()
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2081861
[ 7 ] Bug #2081862 - CVE-2022-28487 tcpreplay: memory leak in fix_ipv6_checksums()
function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2081862
--------------------------------------------------------------------------------
================================================================================
texstudio-4.3.1-1.fc35 (FEDORA-2022-36c0a22548)
A feature-rich editor for LaTeX documents
--------------------------------------------------------------------------------
Update Information:
- update to 4.3.1 -
https://raw.githubusercontent.com/texstudio-
org/texstudio/master/utilities/manual/CHANGELOG.txt
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Johannes Lips <hannes(a)fedoraproject.org> 4.3.1-1
- Update to latest upstream release 4.3.1
--------------------------------------------------------------------------------
================================================================================
tuptime-5.2.1-1.fc35 (FEDORA-2022-412a293fa6)
Report historical system real time
--------------------------------------------------------------------------------
Update Information:
New upstream release ---- New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 27 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 5.2.1-1
- New upstream release
* Sat Aug 20 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 5.2.0-1
- New upstream release
- Rename systemd unit files from tuptime-cron to tuptime-sync
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
yambar-1.8.0-1.fc35 (FEDORA-2022-f2c240a532)
Modular status panel for X11 and Wayland
--------------------------------------------------------------------------------
Update Information:
Initial import (#2051066)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.8.0-1
- Initial import (#2051066)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2051066 - Review Request: yambar - Modular status panel for X11 and Wayland
https://bugzilla.redhat.com/show_bug.cgi?id=2051066
--------------------------------------------------------------------------------