The following Fedora 35 Security updates need testing:
Age URL
80
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
72
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e8b1324ec8
plantuml-1.2022.2-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c07546070d
moby-engine-20.10.14-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cff7016d31
zchunk-1.2.2-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-db16b42897 gh-2.8.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3a63897745
bettercap-2.28-9.fc35 chisel-1.7.7-2.fc35 commit-stream-0.1.2-6.fc35
containerd-1.6.2-2.fc35 doctl-1.73.0-2.fc35 gh-2.7.0-2.fc35 gobuster-3.1.0-2.fc35
golang-contrib-opencensus-resource-0.1.2-6.fc35 golang-gioui-0-7.20201225git18d4dbf.fc35
golang-github-appc-docker2aci-0.17.2-8.fc35 golang-github-appc-goaci-0.1.1-10.fc35
golang-github-appc-spec-0.8.11-13.fc35 golang-github-containerd-continuity-0.2.2-2.fc35
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc35
golang-github-coredns-corefile-migration-1.0.11-5.fc35
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35
golang-github-francoispqt-gojay-1.2.13-6.fc35 golang-github-gogo-googleapis-1.4.1-3.fc35
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc35
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc35
golang-github-googleapis-gnostic-0.5.3-5.fc35
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc35 golang-github-grpc-e
cosystem-gateway-2-2.7.3-3.fc35 golang-github-haproxytech-client-native-2.5.3-2.fc35
golang-github-haproxytech-dataplaneapi-2.4.4-3.fc35
golang-github-instrumenta-kubeval-0.15.0-7.fc35 golang-github-intel-goresctrl-0.2.0-4.fc35
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc35
golang-github-pact-foundation-1.5.1-5.fc35 golang-github-prometheus-2.32.1-4.fc35
golang-github-prometheus-alertmanager-0.23.0-8.fc35
golang-github-prometheus-node-exporter-1.3.1-7.fc35
golang-github-redteampentesting-monsoon-0.6.0-5.fc35
golang-github-spf13-cobra-1.4.0-2.fc35
golang-github-theupdateframework-notary-0.7.0-4.fc35
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc35
golang-gopkg-src-d-git-4-4.13.1-7.fc35 golang-k8s-apiextensions-apiserver-1.22.0-5.fc35
golang-k8s-code-generator-1.22.0-3.fc35 golang-k8s-kube-aggregator-1.22.0-3.fc35
golang-k8s-sample-apiserver-1.22.0-4.fc35 golang-k8s-sample-controller-1.22.0-3.fc35
golang-mongodb-mongo-driver-1.4.5-5.fc35 golang-storj-drpc-0.0.
16-5.fc35 golang-x-perf-0-0.14.20210123gitbdcc622.fc35 gopass-1.13.1-2.fc35
grpcurl-1.8.6-2.fc35 onionscan-0.2-6.fc35 shellz-1.5.0-6.fc35 shhgit-0.2-6.fc35
snowcrash-0-0.6.20201119git49b99ad.fc35 xq-0.0.7-3.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fe84314a8e
stb-0^20210910gitaf1a5bc-0.2.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8cf0124add
ruby-3.0.4-152.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87047f163
podman-3.4.7-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ad26447c98
epiphany-41.4-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353 usd-21.11-11.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f6e24d96b6 esh-0.3.2-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bc606b86f4
CuraEngine-4.13.1-2.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
34
https://bodhi.fedoraproject.org/updates/FEDORA-2022-925ac7bfff
gnome-shell-41.5-1.fc35 mutter-41.5-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-59b61235bf
binutils-2.37-17.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-20c77a3dce
mtools-4.0.39-1.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7c355d4e9b
fwupd-efi-1.3-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17ba61ca06
libguestfs-1.48.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5bee6b70f
container-selinux-2.181.0-2.fc35 flatpak-1.12.7-2.fc35 osbuild-54-2.fc35
selinux-policy-35.17-1.fc35 snapd-2.55.3-2.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cff7016d31
zchunk-1.2.2-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fff31008f6
langtable-0.0.58-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd04a43eb1 rtkit-0.11-30.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15778e49e1
libhandy-1.4.1-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-193031a230
livecd-tools-29.0-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-54bb9337da
annobin-10.66-2.fc35 gcc-11.3.1-2.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c66e33b1 inih-55-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
ansible-bender-0.9.0-6.fc35
chromium-100.0.4896.127-1.fc35
claws-mail-4.1.0-1.fc35
dotnet3.1-3.1.418-1.fc35
golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc35
python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc35
rust-nix0.22-0.22.3-1.fc35
Details about builds:
================================================================================
ansible-bender-0.9.0-6.fc35 (FEDORA-2022-79d05fbc34)
Build container images using Ansible playbooks
--------------------------------------------------------------------------------
Update Information:
Allow users to choose between ansible and ansible-core
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Gordon Messmer <gordon.messmer(a)gmail.com> - 0.9.0-6
- Suggest ansible-core
- Use %pytest macro
* Tue Feb 22 2022 Maxwell G <gotmax(a)e.email> - 0.9.0-5
- Allow users to choose between ansible and ansible-core.
- Switch BR to ansible-core.
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
chromium-100.0.4896.127-1.fc35 (FEDORA-2022-0f14e2308e)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
100 Chromium releases! Of course, at the rate they release now, we'll probably
be at 150 before the end of the year. Anyway, here's the update. Fixes:
CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308
CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313
CVE-2022-1314 CVE-2022-1364
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.127-1
- update to 100.0.4896.127
* Tue Apr 5 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.75-1
- update to 100.0.4896.75
* Sat Apr 2 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.60-1
- update to 100.0.4896.60
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2071876 - CVE-2022-1232 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2071876
[ 2 ] Bug #2074371 - CVE-2022-1305 chromium-browser: Use after free in storage
https://bugzilla.redhat.com/show_bug.cgi?id=2074371
[ 3 ] Bug #2074372 - CVE-2022-1306 chromium-browser: Inappropriate implementation in
compositing
https://bugzilla.redhat.com/show_bug.cgi?id=2074372
[ 4 ] Bug #2074373 - CVE-2022-1307 chromium-browser: Inappropriate implementation in
full screen
https://bugzilla.redhat.com/show_bug.cgi?id=2074373
[ 5 ] Bug #2074374 - CVE-2022-1308 chromium-browser: Use after free in BFCache
https://bugzilla.redhat.com/show_bug.cgi?id=2074374
[ 6 ] Bug #2074375 - CVE-2022-1309 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=2074375
[ 7 ] Bug #2074376 - CVE-2022-1310 chromium-browser: Use after free in regular
expressions
https://bugzilla.redhat.com/show_bug.cgi?id=2074376
[ 8 ] Bug #2074377 - CVE-2022-1311 chromium-browser: Use after free in Chrome OS shell
https://bugzilla.redhat.com/show_bug.cgi?id=2074377
[ 9 ] Bug #2074378 - CVE-2022-1312 chromium-browser: Use after free in storage
https://bugzilla.redhat.com/show_bug.cgi?id=2074378
[ 10 ] Bug #2074379 - CVE-2022-1313 chromium-browser: Use after free in tab groups
https://bugzilla.redhat.com/show_bug.cgi?id=2074379
[ 11 ] Bug #2074380 - CVE-2022-1314 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2074380
[ 12 ] Bug #2076274 - CVE-2022-1364 Chromium-browser: Type Confusion in V8.
https://bugzilla.redhat.com/show_bug.cgi?id=2076274
--------------------------------------------------------------------------------
================================================================================
claws-mail-4.1.0-1.fc35 (FEDORA-2022-9440b7cecd)
Email client and news reader based on GTK+
--------------------------------------------------------------------------------
Update Information:
Update from 3.18.0 to 3.19.0 for Fedora 34. Update from 4.0.0 to 4.1.0 for
Fedora 35/36.
https://www.claws-mail.org/news.php
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 23 2022 Michael Schwendt <mschwendt(a)fedoraproject.org> - 4.1.0-1
- Update to 4.1.0.
- New keyword_warner plugin.
- pdf_viewer patch not needed anymore.
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dotnet3.1-3.1.418-1.fc35 (FEDORA-2022-bbb0fe5bd5)
.NET Core Runtime and SDK
--------------------------------------------------------------------------------
Update Information:
# Update to .NET Core SDK 3.1.418 and Runtime3.1.24 .NET Core SDK 3.1.418 and
Runtime 3.1.24 were recently released by Microsoft:
https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.24/3.1.24.md
This is a bugfix release that updates the version in Fedora to the upstream
release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2022 Omair Majid <omajid(a)redhat.com> - 3.1.418-1
- Update to .NET SDK 3.1.418 and Runtime 3.1.24
--------------------------------------------------------------------------------
================================================================================
golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc35 (FEDORA-2022-49648ecde5)
Go library for the TOML file format
--------------------------------------------------------------------------------
Update Information:
Backport patch that fixes test on i686
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-3
- Backport patch that fixes test on i686
* Sun Apr 24 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-2
- Deactivate a test that fail on i686 (see
https://github.com/pelletier/go-
toml/issues/760)
* Tue Apr 19 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-1
- Initial import (fedora#2031226)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2031226 - Review Request: golang-github-pelletier-toml-2 - Go library for the
toml language
https://bugzilla.redhat.com/show_bug.cgi?id=2031226
--------------------------------------------------------------------------------
================================================================================
python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc35 (FEDORA-2022-9e11cd4a62)
Python module to access DMI data
--------------------------------------------------------------------------------
Update Information:
- Build commit #f0a089a1 (include covscan error fixes)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Antonio Trande <sagitter(a)fedoraproject.org> -
3.12.2-27.20210630gitf0a089a1
- Build commit #f0a089a1 (include covscan error fixes)
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.12.2-26
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-nix0.22-0.22.3-1.fc35 (FEDORA-2022-78b96849bc)
Rust friendly bindings to *nix APIs
--------------------------------------------------------------------------------
Update Information:
Update the package for nix crate versions 0.22.x to version 0.22.3.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.22.3-1
- Update to version 0.22.3
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.22.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------