The following Fedora 36 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b50023a180 xen-4.16.1-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e819bd191f gerbv-2.8.2-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3826c8f549
moby-engine-20.10.14-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-930b54aa84
plantuml-1.2022.4-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d1452fd421
python-fastapi-0.75.2-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a7ca6ee0cf
ruby-3.1.2-164.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c8f6a39cf6
stb-0^20210910gitaf1a5bc-0.2.fc36
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-88690c6188
epiphany-42.2-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546
blender-3.1.2-3.fc36 usd-22.03-8.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c4e644865f esh-0.3.2-1.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0125d9cd29
CuraEngine-4.13.1-2.fc36
The following Fedora 36 Critical Path updates have yet to be approved:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-43488e303c
binutils-2.37-27.fc36
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-50842594a4
mtools-4.0.39-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c2b9ed1ee
libguestfs-1.48.1-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c5b629da0
libnma-1.8.38-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8c9270d57e
NetworkManager-1.37.91-1.fc36
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf82f181ea
fwupd-efi-1.3-1.fc36
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b50023a180 xen-4.16.1-1.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14e4bfaa27
libnl3-3.6.0-1.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-42003bf3a9
libsolv-0.7.22-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e90643ce61
redhat-rpm-config-217-1.fc36
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c616f153bd
langtable-0.0.58-1.fc36
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-77f3c1cd62
samba-4.16.0-6.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d880c3988
thunderbird-91.8.0-2.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d283248368 rtkit-0.11-30.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-794d75ddf5
livecd-tools-29.0-1.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2ee3305d27 inih-55-1.fc36
The following builds have been pushed to Fedora 36 updates-testing
ansible-bender-0.9.0-6.fc36
chromium-100.0.4896.127-1.fc36
claws-mail-4.1.0-1.fc36
dotnet3.1-3.1.418-1.fc36
golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc36
python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc36
rust-nix0.22-0.22.3-1.fc36
zxing-cpp-1.2.0-4.fc36
Details about builds:
================================================================================
ansible-bender-0.9.0-6.fc36 (FEDORA-2022-e0fd549e91)
Build container images using Ansible playbooks
--------------------------------------------------------------------------------
Update Information:
Allow users to choose between ansible and ansible-core
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Gordon Messmer <gordon.messmer(a)gmail.com> - 0.9.0-6
- Suggest ansible-core
- Use %pytest macro
* Tue Feb 22 2022 Maxwell G <gotmax(a)e.email> - 0.9.0-5
- Allow users to choose between ansible and ansible-core.
- Switch BR to ansible-core.
--------------------------------------------------------------------------------
================================================================================
chromium-100.0.4896.127-1.fc36 (FEDORA-2022-59297c8fcd)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
100 Chromium releases! Of course, at the rate they release now, we'll probably
be at 150 before the end of the year. Anyway, here's the update. Fixes:
CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308
CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313
CVE-2022-1314 CVE-2022-1364
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.127-1
- update to 100.0.4896.127
* Tue Apr 5 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.75-1
- update to 100.0.4896.75
* Sat Apr 2 2022 Tom Callaway <spot(a)fedoraproject.org> - 100.0.4896.60-1
- update to 100.0.4896.60
* Sun Mar 27 2022 Tom Callaway <spot(a)fedoraproject.org> - 99.0.4844.84-1
- update to 99.0.4844.84
- package up libremoting_core.so* for chrome-remote-desktop
- strip all the .so files (and binaries)
* Sat Mar 19 2022 Tom Callaway <spot(a)fedoraproject.org> - 99.0.4844.74-1
- update to 99.0.4844.74
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2071876 - CVE-2022-1232 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2071876
[ 2 ] Bug #2074371 - CVE-2022-1305 chromium-browser: Use after free in storage
https://bugzilla.redhat.com/show_bug.cgi?id=2074371
[ 3 ] Bug #2074372 - CVE-2022-1306 chromium-browser: Inappropriate implementation in
compositing
https://bugzilla.redhat.com/show_bug.cgi?id=2074372
[ 4 ] Bug #2074373 - CVE-2022-1307 chromium-browser: Inappropriate implementation in
full screen
https://bugzilla.redhat.com/show_bug.cgi?id=2074373
[ 5 ] Bug #2074374 - CVE-2022-1308 chromium-browser: Use after free in BFCache
https://bugzilla.redhat.com/show_bug.cgi?id=2074374
[ 6 ] Bug #2074375 - CVE-2022-1309 chromium-browser: Insufficient policy enforcement in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=2074375
[ 7 ] Bug #2074376 - CVE-2022-1310 chromium-browser: Use after free in regular
expressions
https://bugzilla.redhat.com/show_bug.cgi?id=2074376
[ 8 ] Bug #2074377 - CVE-2022-1311 chromium-browser: Use after free in Chrome OS shell
https://bugzilla.redhat.com/show_bug.cgi?id=2074377
[ 9 ] Bug #2074378 - CVE-2022-1312 chromium-browser: Use after free in storage
https://bugzilla.redhat.com/show_bug.cgi?id=2074378
[ 10 ] Bug #2074379 - CVE-2022-1313 chromium-browser: Use after free in tab groups
https://bugzilla.redhat.com/show_bug.cgi?id=2074379
[ 11 ] Bug #2074380 - CVE-2022-1314 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=2074380
[ 12 ] Bug #2076274 - CVE-2022-1364 Chromium-browser: Type Confusion in V8.
https://bugzilla.redhat.com/show_bug.cgi?id=2076274
--------------------------------------------------------------------------------
================================================================================
claws-mail-4.1.0-1.fc36 (FEDORA-2022-cf006221a1)
Email client and news reader based on GTK+
--------------------------------------------------------------------------------
Update Information:
Update from 3.18.0 to 3.19.0 for Fedora 34. Update from 4.0.0 to 4.1.0 for
Fedora 35/36.
https://www.claws-mail.org/news.php
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 23 2022 Michael Schwendt <mschwendt(a)fedoraproject.org> - 4.1.0-1
- Update to 4.1.0.
- New keyword_warner plugin.
- pdf_viewer patch not needed anymore.
--------------------------------------------------------------------------------
================================================================================
dotnet3.1-3.1.418-1.fc36 (FEDORA-2022-ba11e56204)
.NET Core Runtime and SDK
--------------------------------------------------------------------------------
Update Information:
# Update to .NET Core SDK 3.1.418 and Runtime3.1.24 .NET Core SDK 3.1.418 and
Runtime 3.1.24 were recently released by Microsoft:
https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.24/3.1.24.md
This is a bugfix release that updates the version in Fedora to the upstream
release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 21 2022 Omair Majid <omajid(a)redhat.com> - 3.1.418-1
- Update to .NET SDK 3.1.418 and Runtime 3.1.24
--------------------------------------------------------------------------------
================================================================================
golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc36 (FEDORA-2022-eeb810dce7)
Go library for the TOML file format
--------------------------------------------------------------------------------
Update Information:
Backport patch that fixes test on i686
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-3
- Backport patch that fixes test on i686
* Sun Apr 24 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-2
- Deactivate a test that fail on i686 (see
https://github.com/pelletier/go-
toml/issues/760)
* Tue Apr 19 2022 W. Michael Petullo <mike(a)flyn.org> 2.0.0~beta.8-1
- Initial import (fedora#2031226)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2031226 - Review Request: golang-github-pelletier-toml-2 - Go library for the
toml language
https://bugzilla.redhat.com/show_bug.cgi?id=2031226
--------------------------------------------------------------------------------
================================================================================
python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc36 (FEDORA-2022-83e0745840)
Python module to access DMI data
--------------------------------------------------------------------------------
Update Information:
- Build commit #f0a089a1 (include covscan error fixes)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Antonio Trande <sagitter(a)fedoraproject.org> -
3.12.2-27.20210630gitf0a089a1
- Build commit #f0a089a1 (include covscan error fixes)
--------------------------------------------------------------------------------
================================================================================
rust-nix0.22-0.22.3-1.fc36 (FEDORA-2022-85781b9528)
Rust friendly bindings to *nix APIs
--------------------------------------------------------------------------------
Update Information:
Update the package for nix crate versions 0.22.x to version 0.22.3.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.22.3-1
- Update to version 0.22.3
--------------------------------------------------------------------------------
================================================================================
zxing-cpp-1.2.0-4.fc36 (FEDORA-2022-e22f1a8c17)
C++ port of the ZXing ("Zebra Crossing") barcode scanning library
--------------------------------------------------------------------------------
Update Information:
- rebuild for CVE-2022-28041
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 23 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.2.0-4
- Security fix for CVE-2022-28041
--------------------------------------------------------------------------------