The following Fedora 34 Security updates need testing:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b3a2de94f xen-4.14.3-3.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb2465da4
gnome-shell-40.6-2.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2f9dcdbace
matrix-synapse-1.48.0-1.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f039fccfc2
libsndfile-1.0.31-6.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6789ed60f2
golang-github-opencontainers-image-spec-1.0.2-1.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-16ccad4aba
vim-8.2.3717-1.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-72d5918529
mariadb-10.5.13-1.fc34
The following Fedora 34 Critical Path updates have yet to be approved:
Age URL
241
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34
ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34
sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-bdd1cfb355
mtools-4.0.36-1.fc34
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2b3a2de94f xen-4.14.3-3.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-74d8aea64b
qrencode-4.1.1-1.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b61e57daf7
elfutils-0.186-1.fc34
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5c0deb66ef
fedora-release-34-39
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-95ad1f22bf koji-1.27.0-3.fc34
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae352d2544
rust-packaging-20-1.fc34 rust-srpm-macros-20-1.fc34
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-29571c611f
libretls-3.4.2-1.fc34
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-32da8bff09
libjcat-0.1.9-1.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2cb2465da4
gnome-shell-40.6-2.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ac83612a5
shadow-utils-4.8.1-10.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-495b3b1518
cups-2.3.3op2-11.fc34
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-24a21cd83c
libdrm-2.4.109-1.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-0a94ef5769
rust-fasteval-0.2.4-4.fc34 rust-zram-generator-1.1.1-2.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f039fccfc2
libsndfile-1.0.31-6.fc34
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c27532fbd8
xxhash-0.8.1-1.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c8f226c8be
annobin-9.79-3.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-16ccad4aba
vim-8.2.3717-1.fc34
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5f01e0121
perl-Mozilla-CA-20211001-1.fc34
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-186e0ff8ef
hwdata-0.354-1.fc34
The following builds have been pushed to Fedora 34 updates-testing
NsCDE-1.4-1.fc34
R-littler-0.3.15-1.fc34
airnef-1.1-18.fc34
dnstwist-20211204-1.fc34
inchi-1.0.6-2.fc34
isync-1.4.4-1.fc34
legendary-0.20.19-1.fc34
nordugrid-arc-6.14.0-1.fc34
pspg-5.5.1-1.fc34
python-bids-validator-1.8.8-1.fc34
qcad-3.27.0.1-1.fc34
rust-1.57.0-1.fc34
rust-drg-0.5.1-4.fc34
rust-tiny_http-0.8.2-1.fc34
rust-tiny_http0.6-0.6.4-1.fc34
rust-wasmparser-0.81.0-1.fc34
rust-wast-38.0.1-2.fc34
wike-1.6.2-1.fc34
Details about builds:
================================================================================
NsCDE-1.4-1.fc34 (FEDORA-2021-609067ff22)
Modern and functional CDE desktop based on FVWM
--------------------------------------------------------------------------------
Update Information:
Update to 1.4; Fixes: RHBZ#2027079
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Davide Cavalca <dcavalca(a)fedoraproject.org> 1.4-1
- Update to 1.4; Fixes: RHBZ#2027079
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027079 - NsCDE-1.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2027079
--------------------------------------------------------------------------------
================================================================================
R-littler-0.3.15-1.fc34 (FEDORA-2021-97445724d0)
littler: R at the Command-Line via 'r'
--------------------------------------------------------------------------------
Update Information:
littler 0.3.15
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.3.15-1
- New upstream release 0.3.15
--------------------------------------------------------------------------------
================================================================================
airnef-1.1-18.fc34 (FEDORA-2021-e4c0c897d2)
Wireless download from your Nikon/Canon Camera
--------------------------------------------------------------------------------
Update Information:
add missing 're' import, rhbz#1990073 ---- add missing 're' import,
rhbz#1990073
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Pavel Raiskup <praiskup(a)redhat.com> - 1.1-18
- add missing 're' import, rhbz#1990073
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 1.1-15
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1990073 - GUI restarts without action after attempted download from camera
https://bugzilla.redhat.com/show_bug.cgi?id=1990073
--------------------------------------------------------------------------------
================================================================================
dnstwist-20211204-1.fc34 (FEDORA-2021-a10cc58cbc)
Domain name permutation engine
--------------------------------------------------------------------------------
Update Information:
Update to v20211204
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 20211204-1
- Update to v20211204
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2029065 - dnstwist-20211204 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2029065
--------------------------------------------------------------------------------
================================================================================
inchi-1.0.6-2.fc34 (FEDORA-2021-e1065d73f1)
The IUPAC International Chemical Identifier library
--------------------------------------------------------------------------------
Update Information:
Fixes int size mismatch in `MolfileReadCountsLine()` and `MolfileReadField()`.
Affects big-endian arches. See
https://sourceforge.net/p/inchi/bugs/77/ .
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 25 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.0.6-2
- Fix member read size mistake, especially on big endian (#1930943)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1930943 - inchi tests fail on s390x
https://bugzilla.redhat.com/show_bug.cgi?id=1930943
--------------------------------------------------------------------------------
================================================================================
isync-1.4.4-1.fc34 (FEDORA-2021-577129851b)
Tool to synchronize IMAP4 and Maildir mailboxes
--------------------------------------------------------------------------------
Update Information:
Update to fix CVE-2021-44143 and CVE-2021-3657
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2021 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 1.4.4-1
- New upstream release 1.4.4
- Fixes rhbz#2028810
- Fixes CVE-2021-3657
- Fixes CVE-2021-44143
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1.4.3-2
- Rebuilt with OpenSSL 3.0.0
* Thu Aug 26 2021 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.4.3-1
- Update to latest upstream release 1.4.3 (rhbz#1987273)
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027173 - CVE-2021-44143 isync: specially crafted mail message may cause heap
overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2027173
[ 2 ] Bug #2028933 - CVE-2021-3657 isync: buffer overflows due to inadequate handling of
extremely large IMAP literals [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2028933
--------------------------------------------------------------------------------
================================================================================
legendary-0.20.19-1.fc34 (FEDORA-2021-ce93c7d5fa)
Free and open-source replacement for the Epic Games Launcher
--------------------------------------------------------------------------------
Update Information:
Update to 0.20.19
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.20.19-1
- chore(update): 0.20.19
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-6.14.0-1.fc34 (FEDORA-2021-8a6b60f1e9)
Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
ARC 6.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.14.0-1
- Update to version 6.14.0
- Drop patch nordugrid-arc-openssl3.patch (accepted upstream)
--------------------------------------------------------------------------------
================================================================================
pspg-5.5.1-1.fc34 (FEDORA-2021-4a4d101ce2)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes
https://github.com/okbob/pspg/releases/tag/5.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Pavel Raiskup <praiskup(a)redhat.com> - 5.5.1-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.5.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2013560 - pspg-5.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2013560
--------------------------------------------------------------------------------
================================================================================
python-bids-validator-1.8.8-1.fc34 (FEDORA-2021-3a392b2f69)
Validator for the Brain Imaging Data Structure
--------------------------------------------------------------------------------
Update Information:
Numerous bugfixes and enhancements; see
https://github.com/bids-standard/bids-
validator/releases for upstream release notes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 1.8.8-1
- Update to 1.8.8 (close RHBZ#2028645)
* Sun Nov 7 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.8.4-1
- Update to 1.8.4 (close RHBZ#2020976)
- Switch to pyproject-rpm-macros (���new guidelines���)
- Backport updated versioneer from 1.8.5, which is not yet on PyPI, fixing
Python 3.11 support (fix RHBZ#20190576)
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.2-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 1.2.2-9
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2028645 - python-bids-validator-1.8.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2028645
--------------------------------------------------------------------------------
================================================================================
qcad-3.27.0.1-1.fc34 (FEDORA-2021-1d85ef7a9d)
Powerful 2D CAD system
--------------------------------------------------------------------------------
Update Information:
- Release 3.27.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 3 2021 Antonio Trande <sagitter(a)fedoraproject.org> - 3.27.0.1-1
- Release 3.27.0.1
--------------------------------------------------------------------------------
================================================================================
rust-1.57.0-1.fc34 (FEDORA-2021-1ec64e94c0)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.57.0: - `panic!` in const contexts - Cargo support for custom
profiles - Fallible allocation - Stabilized APIs See the [blog
post](https://blog.rust-lang.org/2021/12/02/Rust-1.57.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1570-2021-12-02) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 2 2021 Josh Stone <jistone(a)redhat.com> - 1.57.0-1
- Update to 1.57.0, fixes rhbz#2028675.
- Backport rust#91070, fixes rhbz#1990657
- Add rust-std-static-wasm32-wasi
* Sun Nov 28 2021 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 1.56.1-3
- De-bootstrap (libgit2)
* Sun Nov 28 2021 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 1.56.1-2
- Rebuild for libgit2 1.3.x
--------------------------------------------------------------------------------
================================================================================
rust-drg-0.5.1-4.fc34 (FEDORA-2021-c824326120)
Command line tool to interact with a drogue-cloud instance
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.1-4
- Rebuilt for tiny_http 0.6.3+ (RUSTSEC-2020-0031 / CVE-2020-35884).
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 0.5.1-3
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tiny_http-0.8.2-1.fc34 (FEDORA-2021-c824326120)
Low level HTTP server library
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> 0.8.2-1
- Update to version 0.8.2
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tiny_http0.6-0.6.4-1.fc34 (FEDORA-2021-c824326120)
Low level HTTP server library
--------------------------------------------------------------------------------
Update Information:
- Update the tiny_http crate to version 0.8.2. - Introduce a compat package for
tiny_http versions 0.6.x. Both versions contain a fix for RUSTSEC-2020-0031 /
CVE-2020-35884, and the only dependent application (drg) has been rebuilt
against the version containing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Fabio Valentini <decathorpe(a)gmail.com> 0.6.4-1
- Initial import (tiny_http 0.6 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-wasmparser-0.81.0-1.fc34 (FEDORA-2021-a993d74dac)
Simple event-driven library for parsing WebAssembly binary files
--------------------------------------------------------------------------------
Update Information:
Update rust-wast and rust-wasmparser to latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 28 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 0.81.0-1
- Update to upstream 0.81.0 (fixes rhbz#2009481)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009481 - rust-wasmparser-0.81.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2009481
--------------------------------------------------------------------------------
================================================================================
rust-wast-38.0.1-2.fc34 (FEDORA-2021-a993d74dac)
Customizable Rust parsers for the WebAssembly Text formats WAT and WAST
--------------------------------------------------------------------------------
Update Information:
Update rust-wast and rust-wasmparser to latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 30 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 38.0.1-2
- Update rust-wasmparser dev-dependency
* Sun Nov 28 2021 Olivier Lemasle <o.lemasle(a)gmail.com> - 38.0.1-1
- Update to version 38.0.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009481 - rust-wasmparser-0.81.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2009481
--------------------------------------------------------------------------------
================================================================================
wike-1.6.2-1.fc34 (FEDORA-2021-31f214f268)
Wikipedia Reader for the GNOME Desktop
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 4 2021 Gustavo Costa <xfgusta(a)fedoraproject.org> - 1.6.2-1
- Update to 1.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2029054 - wike-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2029054
--------------------------------------------------------------------------------