The following Fedora 33 Security updates need testing:
Age URL
16
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e13d0fc790
chromium-89.0.4389.82-1.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8b17a2725e
pdfbox-2.0.23-1.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c57a892d1
rubygem-kramdown-2.2.1-10.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d52a8a999
rpm-4.16.1.3-1.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d20c8a4730
busybox-1.32.1-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c07a9e79cf
xmlgraphics-commons-2.6-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1a8e93a285 libldb-2.2.1-1.fc33
samba-4.13.7-0.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8e96009030 atasm-1.09-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5697574fd1 exim-4.94-7.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-90e915cc4f
spamassassin-3.4.5-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-864dc37032
webkit2gtk3-2.32.0-1.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-80b6c2a644
redhat-rpm-config-175-1.fc33
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-44d14d13a1
libmaxminddb-1.5.2-1.fc33
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b18bcdca9a
gnome-online-accounts-3.38.1-1.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-49ee0be2e7 quota-4.05-17.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb
PackageKit-1.2.3-1.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d52a8a999
rpm-4.16.1.3-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6993c96e1b
libgee-0.20.4-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b854921cd9 taglib-1.12-3.fc33
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c9f99f2209 fwupd-1.5.8-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1a8e93a285 libldb-2.2.1-1.fc33
samba-4.13.7-0.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-cd9aef1cce
ostree-2021.1-2.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-cc816e2515
libgweather-3.36.2-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c2a3e4b8f5
gtk3-3.24.28-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3eac9a57d8
pango-1.48.4-1.fc33
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-864dc37032
webkit2gtk3-2.32.0-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
R-qtl-1.48.1-1.fc33
eggdrop-1.9.0-1.fc33
foot-1.7.1-1.fc33
golang-github-prometheus-2.24.1-5.fc33
golang-github-prometheus-node-exporter-1.1.1-2.fc33
libmediainfo-21.03-1.fc33
libzen-0.4.39-1.fc33
mediaconch-18.03.2-17.fc33
mediainfo-21.03-1.fc33
pluma-1.24.2-1.fc33
pulseeffects-4.8.5-1.fc33
python-openant-0.4-3.fc33
python-usort-0.6.3-2.fc33
Details about builds:
================================================================================
R-qtl-1.48.1-1.fc33 (FEDORA-2021-5a413e230d)
Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:
qtl 1.48-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.48.1-1
- Update to 1.48-1
--------------------------------------------------------------------------------
================================================================================
eggdrop-1.9.0-1.fc33 (FEDORA-2021-8dd12ef3bd)
The world's most popular Open Source IRC bot
--------------------------------------------------------------------------------
Update Information:
Eggdrop v1.9.0 ============== General changes --------------- - Added `CAP`
support, allowing Eggdrop to extend IRC server capabilities - Added support
for SASL authentication - Added a BETA threaded DNS capability, enabled with
the `--enable-tdns` configure flag. This allows asynchronus DNS requests similar
to the what the current DNS module offers, but using host system capability
instead of rewriting it from scratch. Using this means you no longer have to use
the DNS module. - Eggdrop can listen on multiple IPs (and ports) now by using
multiple instances of the `listen` command - Added Twitch support - Added
support for users that change hosts mid-session, usually associated with
authenticating with services (396 raw code and `CHGHOST` capability). - Added
support for the users that change their realname value mid-session (`SETNAME`
capability) - Added the ability for Eggdrop to internally track the away
status of an individual, with some limitations. - Added the `make sslsilent`
option that creates an SSL certificate keypair non-interactively, to assist in
scripted/automated installs - Differentiate between scripted and server `WHOX`
calls, preventing mangling of channel userlists - The `-n` flag is no longer
required to run Eggdrop in terminal mode; just `-t` or `-c` are fine by
themselves - Added some checks to flags added via `.chattr` and `.botattr` to
clearly identify what happens when you add flags that can't co-exist together
Botnet changes -------------- - Removed automatic upgrade to TLS-protected
botnet links with STARTTLS. Based on user feedback, protecting a botnet link is
now at the discretion of the user. Prefixing a port with a `+` will require a
TLS connection, otherwise the connection will be in plaintext. A port not
prefixed with a `+` can still be upgraded with STARTTLS, allowing 1.8 bots and
scripts to initiate a secure connection, but 1.9.0 bots will not attempt the
upgrade. - Added granular userfile sharing flags (bcejnu). Adding these flags
can limit userfile sharing to a combination of bans, invites, exempts, channels,
users, and ignores (or still the s flag for all these). - No longer try
port+1,2,3 when connecting to a botnet port doesn't work the first time Tcl
API changes --------------- - Added the RAWT bind, which will (eventually)
phase out the RAW bind. Implementing the IRCv3 message-tags capability requires
a new way to handle basic IRC messages, and RAWT was added in a way so that a)
RAW binds in old scripts still work and b) the RAWT bind can handle messages
that either do or do not have message-tags attached - Added the INVT bind,
allowing Eggdrop to react to a standard invitation, or the new IRCv3 invite-
notify capability - Added the AWY3 bind, allowing Eggdrop to react to the new
IRCv3 away-notify capability. - Added the refreshchan command, which refreshes
without removing existing channel status information tracked by Eggdrop for
users on a channel. - Added the isaway command, which returns if a user is
listed by the server as away or not, if using the IRCv3 away-notify capability.
If away-notify is not enabled, this command can still be used effectively in
conjunction with `refreshchan w`, described above. - Added the hand2nicks
command, an alternative to the hand2nick command. hand2nicks returns ALL nicks
matching a handle, not just the first one. - Aded the socklist command, an
update to the dcclist command. Returns similar info as a Tcl dict, and adds the
IP to the information. - Use the system's strftime formatting instead of
Eggdrop-provided GNU version/extensions. This could cause formatting differences
or errors between systems. To ensure fully portable code, developers should only
rely on POSIX-compliant formatting specifiers. - The dcclist command now
returns port information and whether or not TLS is in use for that port. This
change could affect field-based parsers depending on this command - Added the
addserver and delserver command, to *gasp* add and delete aserver from Eggdrop's
server list - Modified the listen command to accept an optional IP argument.
This allows Eggdrop to listen on multiple addresses by using multiple listen
commands in the config file or Tcl script. If no IP is specified, 0.0.0.0 is
used as default. As a result of this change, the listen-addr command is no
longer needed and removed from the config file - Added an optional -channel
flag to the end of the is* commands (isban, isexempt, etc). This flag prevents
the is* command from checking the global list and returning a '1' when there is
no channel-specific case - Added several Tcl commands and binds to enable
better interaction with the Twitch gaming service. Because these commands only
work with a Twitch server, they are not included in `tcl-commands.doc` but
rather `twitch-tcl-commands.doc`, located in the `doc/` directory. - Limited
the expiration for new bans, ignores and exempts to 2000 days. Module changes
-------------- - Added the PBKDF2 module, which allows Eggdrop to hash
passwords using the PBKDF2 algorithm. This module is a stepping stone to future,
more adaptable hashing and encryption implementation. IMPORTANT: PLEASE read
`doc/PBKDF2` for more information on how to properly use it, you could
accidentally render old passwords useless! - Added the twitch module, which
allows Eggdrop to connect to the Twitch gaming service. As Twitch offers only a
limited subset of standard IRC functionality, be prepared for some commands or
scripts to work differently than on a normal IRC server. Please read
`doc/TWITCH` for more information. - Added the ident module, which can
automatically interact with a running oidentd service or allow Eggdrop to serve
as its own ident server to respond to ident requests during the server
connection process. Eggdrop config file changes ---------------------------
- Added additional net-types for freenode, Quakenet, and Rizon (`net-type`) -
Added ability to choose specific SSL/TLS protocols to use (`ssl-protocols`) -
Added ability to allow bots to remain linked if userfile sharing fails
(`sharefail-unlink`) - Changed the method Eggdrop uses to add servers from a
`{}` list to the new addserver command - Removed the `listen-addr` command.
See above; the `listen` command now accepts an optional IP argument in lieu of
using `listen-addr` - Added the `show-uname` setting, which allows you to
disable the display of uname info for the host system in things like `.status`
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert Scheck <robert(a)fedoraproject.org> 1.9.0-1
- Upgrade to 1.9.0 (#1933540)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933540 - eggdrop-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1933540
--------------------------------------------------------------------------------
================================================================================
foot-1.7.1-1.fc33 (FEDORA-2021-01ce75ee3c)
Fast, lightweight and minimalistic Wayland terminal emulator
--------------------------------------------------------------------------------
Update Information:
Update to 1.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.7.1-1
- Update to 1.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1943921 - foot-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1943921
--------------------------------------------------------------------------------
================================================================================
golang-github-prometheus-2.24.1-5.fc33 (FEDORA-2021-370d1a8eba)
Prometheus monitoring system and time series database
--------------------------------------------------------------------------------
Update Information:
Add ExecReload to service file
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2.24.1-5
- Add ExecReload to service file
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 2.24.1-4
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
--------------------------------------------------------------------------------
================================================================================
golang-github-prometheus-node-exporter-1.1.1-2.fc33 (FEDORA-2021-952882d203)
Exporter for machine metrics
--------------------------------------------------------------------------------
Update Information:
Fix binary location
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.1.1-2
- Fix binary location
--------------------------------------------------------------------------------
================================================================================
libmediainfo-21.03-1.fc33 (FEDORA-2021-3b67623d93)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 21.03-1
- Update to 21.03
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 20.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1940984 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940984
[ 2 ] Bug #1940986 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940986
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.39-1.fc33 (FEDORA-2021-3b67623d93)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 0.4.39-1
- Update to 0.4.39
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.38-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1940984 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940984
[ 2 ] Bug #1940986 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940986
--------------------------------------------------------------------------------
================================================================================
mediaconch-18.03.2-17.fc33 (FEDORA-2021-3b67623d93)
Most relevant technical and tag data for video and audio files (CLI)
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 18.03.2-17
- Rebuild with new mediainfo 21.03
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 18.03.2-16
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
18.03.2-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Sep 29 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 18.03.2-14
- Rebuild for libevent soname change
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1940984 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940984
[ 2 ] Bug #1940986 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940986
--------------------------------------------------------------------------------
================================================================================
mediainfo-21.03-1.fc33 (FEDORA-2021-3b67623d93)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 21.03-1
- Update to 21.03
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 20.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1940984 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940984
[ 2 ] Bug #1940986 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940986
--------------------------------------------------------------------------------
================================================================================
pluma-1.24.2-1.fc33 (FEDORA-2021-63c82054a7)
Text editor for the MATE desktop
--------------------------------------------------------------------------------
Update Information:
- update to 1.24.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 27 2021 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.24.2-1
- update to 1.24.2
--------------------------------------------------------------------------------
================================================================================
pulseeffects-4.8.5-1.fc33 (FEDORA-2021-c6f7edbb7b)
Audio equalizer, filters and effects for Pulseaudio applications
--------------------------------------------------------------------------------
Update Information:
Update to latest version.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 4.8.5-1
- Update to 4.8.5
--------------------------------------------------------------------------------
================================================================================
python-openant-0.4-3.fc33 (FEDORA-2021-357698f850)
A python library to communicate with ANT-FS compliant devices
--------------------------------------------------------------------------------
Update Information:
Macro for udev rules update added
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.4-3
- Added macro for udev rules update
* Sat Mar 13 2021 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.4-2
- Cosmetic changes
--------------------------------------------------------------------------------
================================================================================
python-usort-0.6.3-2.fc33 (FEDORA-2021-533a2d1db7)
A small, safe import sorter
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1936257 - Review Request: python-usort - A small, safe import sorter
https://bugzilla.redhat.com/show_bug.cgi?id=1936257
--------------------------------------------------------------------------------