The following Fedora 36 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-2023-de10e674ae
libpcap-1.10.4-1.fc36 tcpdump-4.99.4-1.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-6c3278c87b
thunderbird-102.10.0-1.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9992b32c1f
python-setuptools-59.6.0-4.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-8b0938312e
libsignal-protocol-c-2.3.3-7.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-b37722768e
rust-askama-0.11.1-4.fc36 rust-askama_shared-0.12.2-4.fc36 rust-comrak-0.18.0-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-8900b35c6f
webkit2gtk3-2.40.1-1.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2023-88c4b55c32
apptainer-1.1.8-1.fc36
The following Fedora 36 Critical Path updates have yet to be approved:
Age URL
128
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fabaf54050 gdb-12.1-3.fc36
13
https://bodhi.fedoraproject.org/updates/FEDORA-2023-ddcb7e8a30
annobin-12.02-1.fc36
13
https://bodhi.fedoraproject.org/updates/FEDORA-2023-de10e674ae
libpcap-1.10.4-1.fc36 tcpdump-4.99.4-1.fc36
12
https://bodhi.fedoraproject.org/updates/FEDORA-2023-86dff4f7d6
firewalld-1.2.5-1.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9992b32c1f
python-setuptools-59.6.0-4.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2023-6c3278c87b
thunderbird-102.10.0-1.fc36
7
https://bodhi.fedoraproject.org/updates/FEDORA-2023-fb80a4fff2
pyproject-rpm-macros-1.7.0-1.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-af1aaae396
mariadb-connector-c-3.3.4-2.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-72ef70f677
fedora-appstream-metadata-20230419-1.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2023-460849706f
linux-firmware-20230404-149.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-8900b35c6f
webkit2gtk3-2.40.1-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e8b5040e2
evolution-3.44.4-3.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2023-0355ccf850
pipewire-0.3.70-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2023-9c568e54e3
libmediainfo-23.03-2.fc36 libzen-0.4.41-1.fc36 mediainfo-23.03-2.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c19398137
389-ds-base-2.1.8-1.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2023-84cd7e9664
vim-9.0.1486-1.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2023-fe709e5968 bind-9.16.40-1.fc36
bind-dyndb-ldap-11.9-23.fc36
The following builds have been pushed to Fedora 36 updates-testing
distribution-gpg-keys-1.87-1.fc36
git-2.40.1-1.fc36
ladspa-autotalent-plugins-0.2-39.fc36
nqp-2023.04-1.fc36
pspg-5.7.6-1.fc36
python-awscrt-0.16.16-1.fc36
python-identify-2.5.23-1.fc36
python-llvmlite-0.39.1-8.fc36
python-pynamodb-5.5.0-1.fc36
python-pyphi-1.2.1-17.fc36
scitokens-cpp-1.0.1-1.fc36
x86-simd-sort-1.0-2.fc36
xfce4-whiskermenu-plugin-2.7.3-1.fc36
Details about builds:
================================================================================
distribution-gpg-keys-1.87-1.fc36 (FEDORA-2023-315f8a5ff1)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- update copr keys - update virtualbox key - update openSUSE-Backports key -
update skype key
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.87-1
- update copr keys
- update virtualbox key
- update openSUSE-Backports key
- update skype key
* Wed Apr 5 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.86-1
- update copr keys
- Add Jenkins 2023
- Add keys for Bacula & Baculum
- Add keys for Google Cloud
- Add VeraCrypt keys
- add Element keys
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2188684 - contains expired RPM-GPG-KEY-openSUSE-Backports key
https://bugzilla.redhat.com/show_bug.cgi?id=2188684
--------------------------------------------------------------------------------
================================================================================
git-2.40.1-1.fc36 (FEDORA-2023-003e7d2867)
Fast Version Control System
--------------------------------------------------------------------------------
Update Information:
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the
release notes for 2.30.9 for details of each CVE as well as the following
security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
(CVE-2023-25652)
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
(CVE-2023-29007) (At this time there is no upstream advisory for
CVE-2023-25815. This issue does not affect the Fedora packages as we do not use
the runtime prefix support.) Release notes:
https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt
https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 25 2023 Todd Zullinger <tmz(a)pobox.com> - 2.40.1-1
- update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git
apply --reject`, a path outside the working tree can be overwritten with partially
controlled contents
https://bugzilla.redhat.com/show_bug.cgi?id=2188333
[ 2 ] Bug #2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming
or deleting a section from a configuration file
https://bugzilla.redhat.com/show_bug.cgi?id=2188338
--------------------------------------------------------------------------------
================================================================================
ladspa-autotalent-plugins-0.2-39.fc36 (FEDORA-2023-e94b5d1ae1)
A pitch-correcting LADSPA plugin
--------------------------------------------------------------------------------
Update Information:
Drop the PDF reference card, convert License to SPDX, and tidy up packaging
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-39
- Record that the obsolete FSF postal address was reported upstream
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-38
- Stop unnecessarily globbing in the files list
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-37
- Remove unnecessary include-path patching
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-36
- Update URLs and summary
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-35
- Use RPM make macros and improve handling of build flags
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-34
- Update License to SPDX
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-33
- Drop the PDF reference card due to license issues
- Add an explanatory spec-file comment.
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2-32
- Improve spec-file formatting
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2-27
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2-26
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nqp-2023.04-1.fc36 (FEDORA-2023-3ddd2d881a)
Perl 6 compiler implementation that runs on MoarVM
--------------------------------------------------------------------------------
Update Information:
Update to 2023.04
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 topazus <topazus(a)outlook.com> - 2023.04-1
- Update to 2023.04
--------------------------------------------------------------------------------
================================================================================
pspg-5.7.6-1.fc36 (FEDORA-2023-5ae0106f32)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.7.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Pavel Raiskup <praiskup(a)redhat.com> - 5.7.6-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.7.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2188410 - pspg-5.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2188410
--------------------------------------------------------------------------------
================================================================================
python-awscrt-0.16.16-1.fc36 (FEDORA-2023-83019c3872)
Python bindings for the AWS Common Runtime
--------------------------------------------------------------------------------
Update Information:
https://github.com/awslabs/aws-crt-python/compare/v0.16.13...v0.16.16
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Nikola Forr�� <nforro(a)redhat.com> - 0.16.16-1
- New upstream release 0.16.16
--------------------------------------------------------------------------------
================================================================================
python-identify-2.5.23-1.fc36 (FEDORA-2023-92e8bcad73)
File identification library for Python
--------------------------------------------------------------------------------
Update Information:
2.5.23
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 2.5.23-1
- 2.5.23
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2189706 - python-identify-2.5.23 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2189706
--------------------------------------------------------------------------------
================================================================================
python-llvmlite-0.39.1-8.fc36 (FEDORA-2023-3d2e2fb8c4)
Lightweight LLVM Python binding for writing JIT compilers
--------------------------------------------------------------------------------
Update Information:
Replace downstream patch with backported upstream commit
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.1-8
- Don���t assume %_smp_mflags is -j%_smp_build_ncpus
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.1-7
- Simplify test-suite invocation
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.1-6
- Drop unnecessary manual BR on pyproject-rpm-macros
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.1-5
- Replace a downstream patch with a backported upstream commit
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.1-4
- Add public-domain text link in license breakdown
--------------------------------------------------------------------------------
================================================================================
python-pynamodb-5.5.0-1.fc36 (FEDORA-2023-ddaf8b482e)
A pythonic interface to Amazon���s DynamoDB
--------------------------------------------------------------------------------
Update Information:
v5.5.0 ---------- - `pynamodb.models.Model.save`,
`pynamodb.models.Model.update`, `pynamodb.models.Model.delete_item`, and
`pynamodb.models.Model.delete` now accept a `add_version_condition` parameter.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.5.0-1
- Update to 5.5.0 (close RHBZ#2189719)
* Wed Apr 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.4.1-2
- Don���t assume %_smp_mflags is -j%_smp_build_ncpus
--------------------------------------------------------------------------------
================================================================================
python-pyphi-1.2.1-17.fc36 (FEDORA-2023-c274e831c1)
A toolbox for integrated information theory
--------------------------------------------------------------------------------
Update Information:
Convert License to SPDX; build documentation as PDF; other minor packaging
improvements
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-17
- Update summary and description from upstream
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-16
- Build documentation as PDF instead of HTML
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-15
- Slightlier tidier shebang stripping
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-14
- Use generated BR���s for tests
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-13
- Apply sphinx-contrib-napolean with a patch rather than a sed invocation
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-12
- Simplify patch application
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-11
- Drop forge macros, which are not doing much for us
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-10
- Convert to SPDX and remove bundled bits
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-9
- Add RHBZ link for s390x failures
* Tue Apr 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.1-8
- Build on all arches to ensure we detect arch-dependent test failures
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 20 2022 Python Maint <python-maint(a)redhat.com> - 1.2.1-4
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
scitokens-cpp-1.0.1-1.fc36 (FEDORA-2023-eec18b74d6)
C++ Implementation of the SciTokens Library
--------------------------------------------------------------------------------
Update Information:
Fix bug in generate acls which would cause a timeout
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Derek Weitzel <dweitzel(a)unl.edu> - 1.0.1-1
- Fix bug in generate acls which would cause a timeout
--------------------------------------------------------------------------------
================================================================================
x86-simd-sort-1.0-2.fc36 (FEDORA-2023-a58a1ef7e3)
C++ header file library for high performance SIMD based sorting algorithms
--------------------------------------------------------------------------------
Update Information:
1st release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Ali Erdinc Koroglu <aekoroglu(a)linux.intel.com> - 1.0-2
- dependency fix
* Wed Apr 26 2023 Ali Erdinc Koroglu <aekoroglu(a)linux.intel.com> - 1.0-1
- 1st release
--------------------------------------------------------------------------------
================================================================================
xfce4-whiskermenu-plugin-2.7.3-1.fc36 (FEDORA-2023-c62fec34ed)
An alternate application launcher for Xfce
--------------------------------------------------------------------------------
Update Information:
- Update to 2.7.3 fixes rhbz#2189912
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 26 2023 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.7.3-1
- Update to 2.7.3 fixes rhbz#2189912
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jan 17 2023 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 2.7.2-1
- Update to v2.7.2
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------