The following Fedora 35 Security updates need testing:
Age URL
14
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c0f58bf07
mysql-connector-java-8.0.27-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9758549fce
matrix-synapse-1.48.0-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-52cdd0a154
libsndfile-1.0.31-6.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-62352983b4
golang-github-opencontainers-image-spec-1.0.2-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-acef1dc8cf
mariadb-10.5.13-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d9aca2ded
mod_auth_openidc-2.4.9.4-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2021-45c44b31a2
gnupg2-2.3.3-2.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-12f6c46ad8 qemu-6.1.0-13.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d94817a184
libretls-3.4.2-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c087121300
libjcat-0.1.9-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-7537131a0e
libdrm-2.4.109-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6b1ecc91fa mesa-21.3.1-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-52cdd0a154
libsndfile-1.0.31-6.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a145a5b0d4
xxhash-0.8.1-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8b1a79ba17
annobin-9.87-4.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8bd8a04c22
perl-Mozilla-CA-20211001-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f760b1df82
hwdata-0.354-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2e492411bd ibus-1.5.25-6.fc35
The following builds have been pushed to Fedora 35 updates-testing
ImageMagick-6.9.12.31-1.fc35
NLopt-2.7.1-1.fc35
NsCDE-1.4-1.fc35
R-littler-0.3.15-1.fc35
airnef-1.1-18.fc35
dnstwist-20211204-1.fc35
guestfs-tools-1.47.3-1.fc35
inchi-1.0.6-3.fc35
isync-1.4.4-1.fc35
legendary-0.20.19-1.fc35
nordugrid-arc-6.14.0-1.fc35
pspg-5.5.1-1.fc35
python-bids-validator-1.8.8-1.fc35
qcad-3.27.0.1-1.fc35
rubygem-rmagick-4.2.3-5.fc35.1
rust-1.57.0-1.fc35
rust-drg-0.5.1-4.fc35
rust-linux-raw-sys-0.0.36-1.fc35
rust-tiny_http-0.8.2-1.fc35
rust-tiny_http0.6-0.6.4-1.fc35
rust-wasmparser-0.81.0-1.fc35
rust-wast-38.0.1-2.fc35
seqan3-3.1.0-1.fc35
ugene-41.0-1.fc35
wike-1.6.2-1.fc35
Details about builds:
================================================================================
ImageMagick-6.9.12.31-1.fc35 (FEDORA-2021-95a109d540)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12-31 (#2025909)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2021 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12-31
- Update ImageMagick to 6.9.12-31 (#2025909)
* Mon Nov 22 2021 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12-30
- Update ImageMagick to 6.9.12-30 (#2017126)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2017126 - ImageMagick-6.9.12-30 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2017126
[ 2 ] Bug #2025909 - ImageMagick-6.9.12-31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2025909
--------------------------------------------------------------------------------
================================================================================
NLopt-2.7.1-1.fc35 (FEDORA-2021-cc8a984859)
Open-Source library for nonlinear optimization
--------------------------------------------------------------------------------
Update Information:
- New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.7.1-1
- Update to 2.7.1
Fixes rhbz#1899511
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1899511 - NLopt-2.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1899511
--------------------------------------------------------------------------------
================================================================================
NsCDE-1.4-1.fc35 (FEDORA-2021-6805961d29)
Modern and functional CDE desktop based on FVWM
--------------------------------------------------------------------------------
Update Information:
Update to 1.4; Fixes: RHBZ#2027079
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Davide Cavalca <dcavalca(a)fedoraproject.org> 1.4-1
- Update to 1.4; Fixes: RHBZ#2027079
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027079 - NsCDE-1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2027079
--------------------------------------------------------------------------------
================================================================================
R-littler-0.3.15-1.fc35 (FEDORA-2021-75f67efe28)
littler: R at the Command-Line via 'r'
--------------------------------------------------------------------------------
Update Information:
littler 0.3.15
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.3.15-1
- New upstream release 0.3.15
--------------------------------------------------------------------------------
================================================================================
airnef-1.1-18.fc35 (FEDORA-2021-a765a141fa)
Wireless download from your Nikon/Canon Camera
--------------------------------------------------------------------------------
Update Information:
add missing 're' import, rhbz#1990073 ---- add missing 're' import,
rhbz#1990073
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Pavel Raiskup <praiskup(a)redhat.com> - 1.1-18
- add missing 're' import, rhbz#1990073
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1990073 - GUI restarts without action after attempted download from camera
https://bugzilla.redhat.com/show_bug.cgi?id=1990073
--------------------------------------------------------------------------------
================================================================================
dnstwist-20211204-1.fc35 (FEDORA-2021-514cc96c28)
Domain name permutation engine
--------------------------------------------------------------------------------
Update Information:
Update to v20211204
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 20211204-1
- Update to v20211204
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2029065 - dnstwist-20211204 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2029065
--------------------------------------------------------------------------------
================================================================================
guestfs-tools-1.47.3-1.fc35 (FEDORA-2021-048f09f74b)
Tools to access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
New upstream development version 1.47.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Richard W.M. Jones <rjones(a)redhat.com> - 1.47.3-1
- New upstream development version 1.47.3
--------------------------------------------------------------------------------
================================================================================
inchi-1.0.6-3.fc35 (FEDORA-2021-7ac888351f)
The IUPAC International Chemical Identifier library
--------------------------------------------------------------------------------
Update Information:
Fixes int size mismatch in `MolfileReadCountsLine()` and `MolfileReadField()`.
Affects big-endian arches. See
https://sourceforge.net/p/inchi/bugs/77/ .
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 25 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.0.6-3
- Fix member read size mistake, especially on big endian (#1930943)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1930943 - inchi tests fail on s390x
https://bugzilla.redhat.com/show_bug.cgi?id=1930943
--------------------------------------------------------------------------------
================================================================================
isync-1.4.4-1.fc35 (FEDORA-2021-b7fdb7e69a)
Tool to synchronize IMAP4 and Maildir mailboxes
--------------------------------------------------------------------------------
Update Information:
Update to fix CVE-2021-44143 and CVE-2021-3657
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2021 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 1.4.4-1
- New upstream release 1.4.4
- Fixes rhbz#2028810
- Fixes CVE-2021-3657
- Fixes CVE-2021-44143
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1.4.3-2
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027173 - CVE-2021-44143 isync: specially crafted mail message may cause heap
overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2027173
[ 2 ] Bug #2028933 - CVE-2021-3657 isync: buffer overflows due to inadequate handling of
extremely large IMAP literals [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2028933
--------------------------------------------------------------------------------
================================================================================
legendary-0.20.19-1.fc35 (FEDORA-2021-ddf600e818)
Free and open-source replacement for the Epic Games Launcher
--------------------------------------------------------------------------------
Update Information:
Update to 0.20.19
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.20.19-1
- chore(update): 0.20.19
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-6.14.0-1.fc35 (FEDORA-2021-246d7ce062)
Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
ARC 6.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.14.0-1
- Update to version 6.14.0
- Drop patch nordugrid-arc-openssl3.patch (accepted upstream)
--------------------------------------------------------------------------------
================================================================================
pspg-5.5.1-1.fc35 (FEDORA-2021-d8f61dd0fd)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes
https://github.com/okbob/pspg/releases/tag/5.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Pavel Raiskup <praiskup(a)redhat.com> - 5.5.1-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.5.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2013560 - pspg-5.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2013560
--------------------------------------------------------------------------------
================================================================================
python-bids-validator-1.8.8-1.fc35 (FEDORA-2021-f27f2d7070)
Validator for the Brain Imaging Data Structure
--------------------------------------------------------------------------------
Update Information:
Numerous bugfixes and enhancements; see
https://github.com/bids-standard/bids-
validator/releases for upstream release notes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 1.8.8-1
- Update to 1.8.8 (close RHBZ#2028645)
* Sun Nov 7 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.8.4-1
- Update to 1.8.4 (close RHBZ#2020976)
- Switch to pyproject-rpm-macros (���new guidelines���)
- Backport updated versioneer from 1.8.5, which is not yet on PyPI, fixing
Python 3.11 support (fix RHBZ#20190576)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2028645 - python-bids-validator-1.8.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2028645
--------------------------------------------------------------------------------
================================================================================
qcad-3.27.0.1-1.fc35 (FEDORA-2021-4d6bfdfad4)
Powerful 2D CAD system
--------------------------------------------------------------------------------
Update Information:
- Release 3.27.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2021 Antonio Trande <sagitter(a)fedoraproject.org> - 3.27.0.1-1
- Release 3.27.0.1
--------------------------------------------------------------------------------
================================================================================
rubygem-rmagick-4.2.3-5.fc35.1 (FEDORA-2021-38903dde04)
Ruby binding to ImageMagick
--------------------------------------------------------------------------------
Update Information:
Relax ImageMagick dependency using rich dependency
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 4.2.3-5.1
- Rebuild for tag issue
* Thu Nov 25 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 4.2.3-5
- Use rich boolean dependency
* Mon Nov 22 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 4.2.3-4
- Rebuild against new ImageMagick
--------------------------------------------------------------------------------
================================================================================
rust-1.57.0-1.fc35 (FEDORA-2021-b4faad013a)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.57.0: - `panic!` in const contexts - Cargo support for custom
profiles - Fallible allocation - Stabilized APIs See the [blog
post](https://blog.rust-lang.org/2021/12/02/Rust-1.57.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1570-2021-12-02) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2021 Josh Stone <jistone(a)redhat.com> - 1.57.0-1
- Update to 1.57.0, fixes rhbz#2028675.
- Backport rust#91070, fixes rhbz#1990657
- Add rust-std-static-wasm32-wasi
* Sun Nov 28 2021 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 1.56.1-3
- De-bootstrap (libgit2)
* Sun Nov 28 2021 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 1.56.1-2
- Rebuild for libgit2 1.3.x
--------------------------------------------------------------------------------
================================================================================
rust-drg-0.5.1-4.fc35 (FEDORA-2021-571e3ed33c)
Command line tool to interact with a drogue-cloud instance
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.1-4
- Rebuilt for tiny_http 0.6.3+ (RUSTSEC-2020-0031 / CVE-2020-35884).
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 0.5.1-3
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
================================================================================
rust-linux-raw-sys-0.0.36-1.fc35 (FEDORA-2021-bcbe3e22a1)
Generated bindings for Linux's userspace API
--------------------------------------------------------------------------------
Update Information:
New package rust-linux-raw-sys
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 0.0.36-1
- Bump to upstream 0.0.36
* Thu Sep 23 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 0.0.28-1
- Bump to upstream 0.0.28
* Fri Jul 16 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 0.0.16-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1983160 - Review Request: rust-linux-raw-sys - Generated bindings for
Linux's userspace API
https://bugzilla.redhat.com/show_bug.cgi?id=1983160
--------------------------------------------------------------------------------
================================================================================
rust-tiny_http-0.8.2-1.fc35 (FEDORA-2021-571e3ed33c)
Low level HTTP server library
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> 0.8.2-1
- Update to version 0.8.2
--------------------------------------------------------------------------------
================================================================================
rust-tiny_http0.6-0.6.4-1.fc35 (FEDORA-2021-571e3ed33c)
Low level HTTP server library
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> 0.6.4-1
- Initial import (tiny_http 0.6 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-wasmparser-0.81.0-1.fc35 (FEDORA-2021-5374cea692)
Simple event-driven library for parsing WebAssembly binary files
--------------------------------------------------------------------------------
Update Information:
Update rust-wast and rust-wasmparser to latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 0.81.0-1
- Update to upstream 0.81.0 (fixes rhbz#2009481)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009481 - rust-wasmparser-0.81.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2009481
--------------------------------------------------------------------------------
================================================================================
rust-wast-38.0.1-2.fc35 (FEDORA-2021-5374cea692)
Customizable Rust parsers for the WebAssembly Text formats WAT and WAST
--------------------------------------------------------------------------------
Update Information:
Update rust-wast and rust-wasmparser to latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 38.0.1-2
- Update rust-wasmparser dev-dependency
* Sun Nov 28 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 38.0.1-1
- Update to version 38.0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009481 - rust-wasmparser-0.81.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2009481
--------------------------------------------------------------------------------
================================================================================
seqan3-3.1.0-1.fc35 (FEDORA-2021-86d0a2d5cd)
The modern C++ library for sequence analysis
--------------------------------------------------------------------------------
Update Information:
- Release 3.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 26 2021 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.0-1
- Release 3.1.0
* Sun Sep 5 2021 Antonio Trande <sagitter(a)fedoraproject.org> -
3.1.0-0.2.20210809git4604f1b2
- Rebuild for gtest-1.11.0
--------------------------------------------------------------------------------
================================================================================
ugene-41.0-1.fc35 (FEDORA-2021-c53f283c44)
Integrated bioinformatics toolkit
--------------------------------------------------------------------------------
Update Information:
New version 41.0 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 41.0-1
- 41.0
--------------------------------------------------------------------------------
================================================================================
wike-1.6.2-1.fc35 (FEDORA-2021-0103c51ce1)
Wikipedia Reader for the GNOME Desktop
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Gustavo Costa <xfgusta(a)fedoraproject.org> - 1.6.2-1
- Update to 1.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2029054 - wike-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2029054
--------------------------------------------------------------------------------