The following Fedora 32 Security updates need testing: Age URL 29 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c8458e373 containernetworking-plugins-0.9.1-1.fc32 26 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b61fc0e1b7 linux-firmware-20210208-117.fc32 25 https://bodhi.fedoraproject.org/updates/FEDORA-2021-16d1596c42 buildah-1.19.4-1.fc32 14 https://bodhi.fedoraproject.org/updates/FEDORA-2021-88d9d29680 python3-3.8.8-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9a0fff8455 libebml-1.4.2-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-99cad2b81f wpa_supplicant-2.9-6.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5b679877e x11vnc-0.9.16-3.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-85087f8a70 privoxy-3.0.32-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e0f390c951 libtpms-0.7.7-0.20210302gitfd5bd3fb1d.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f9c663b52 chromium-88.0.4324.182-2.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6c7cfe2532 suricata-5.0.6-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f6bd75e9d4 nodejs-12.21.0-2.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-43088486b2 firefox-86.0-7.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-332fb9c796 arm-none-eabi-newlib-4.1.0-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2897f5366c python3.10-3.10.0~a6-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ef83e8525a python-django-3.0.13-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1db4ab0a3d kernel-5.10.20-100.fc32 kernel-headers-5.10.20-100.fc32 kernel-tools-5.10.20-100.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-def0e32233 rubygem-activerecord-5.2.3-5.fc32 The following Fedora 32 Critical Path updates have yet to be approved: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2020-345d2fd2aa iproute-5.9.0-1.fc32 62 https://bodhi.fedoraproject.org/updates/FEDORA-2021-50c22ae8fd lua-socket-3.0-0.27.rc1.fc32 26 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b61fc0e1b7 linux-firmware-20210208-117.fc32 15 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a15939f099 pcre2-10.36-4.fc32 14 https://bodhi.fedoraproject.org/updates/FEDORA-2021-88d9d29680 python3-3.8.8-1.fc32 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0add7af1ca gtk3-3.24.26-1.fc32 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-84fe85a7ae thunderbird-78.8.0-1.fc32 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-449618a8a8 fwupd-1.5.7-1.fc32 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ebd097aa46 nfs-utils-2.5.3-0.fc32 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-dcf7002718 libsndfile-1.0.31-3.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-be78216a31 dnf-4.6.0-1.fc32 libdnf-0.58.0-1.fc32 microdnf-3.7.1-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5cf5afe520 hwdata-0.345-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-99cad2b81f wpa_supplicant-2.9-6.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-43088486b2 firefox-86.0-7.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-530abc3f9a librepo-1.13.0-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-707856e2b2 zstd-1.4.9-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1db4ab0a3d kernel-5.10.20-100.fc32 kernel-headers-5.10.20-100.fc32 kernel-tools-5.10.20-100.fc32 The following builds have been pushed to Fedora 32 updates-testing R-desc-1.3.0-1.fc32 Rex-1.13.3-1.fc32 dh-make-2.202003-2.fc32 imaptest-20210305-1.fc32 jc-1.14.4-1.fc32 luv-icon-theme-0.4.9.31-4.20210305git04d47f13.fc32 mingw-jasper-2.0.26-1.fc32 mingw-python3-3.8.8-1.fc32 ntl-11.4.4-1.fc32 playonlinux-4.4-2.fc32 python-pillow-7.0.0-7.fc32 python2-pillow-6.2.2-5.fc32 yad-8.0-1.fc32 Details about builds: ================================================================================ R-desc-1.3.0-1.fc32 (FEDORA-2021-893804a86f) Manipulate DESCRIPTION Files -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> - 1.3.0-1 - Update to latest version (#1936004) - Rename check conditional to bootstrap * Mon Jan 25 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1936004 - R-desc-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1936004 -------------------------------------------------------------------------------- ================================================================================ Rex-1.13.3-1.fc32 (FEDORA-2021-87fcfa6838) The friendly automation framework on basis of Perl -------------------------------------------------------------------------------- Update Information: This update brings a the new version 1.13.3 of the friendly automation framework Rex to a Fedora box near you. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Dominic Hopf <dmaphy@xxxxxxxxxxxxxxxxx> - 1.13.3-1 - Update to 1.13.3 (#1936026) * Mon Jan 25 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1936026 - Rex-1.13.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1936026 -------------------------------------------------------------------------------- ================================================================================ dh-make-2.202003-2.fc32 (FEDORA-2021-eede6890c6) Tool that converts source archives into Debian package source -------------------------------------------------------------------------------- Update Information: Update to 2.202003 (#1869057) -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.202003-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Dec 1 2020 Fedora Release Monitoring <release-monitoring@xxxxxxxxxxxxxxxxx> - 2.202003-1 - Update to 2.202003 (#1869057) * Mon Jul 27 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.202001-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1869057 - dh-make-2.202003 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869057 -------------------------------------------------------------------------------- ================================================================================ imaptest-20210305-1.fc32 (FEDORA-2021-34646cc069) Generic IMAP server compliancy tester -------------------------------------------------------------------------------- Update Information: ImapTest 20210305 ================= * Fix `secs=n` to work with non-busy profile With profile there often aren't any clients running, so stop should be done immediately. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20210305-1 - Upgrade to 20210305 (#1935535) * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 20210116-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1935535 - imaptest-20210305 is available https://bugzilla.redhat.com/show_bug.cgi?id=1935535 -------------------------------------------------------------------------------- ================================================================================ jc-1.14.4-1.fc32 (FEDORA-2021-7d6715bdc7) Serialize the output of CLI tools and file-types to structured JSON -------------------------------------------------------------------------------- Update Information: Update to v1.14.4 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Artur Frenszek-Iwicki <fedora@xxxxxxxxxx> - 1.14.4-1 - Update to v1.14.4 -------------------------------------------------------------------------------- ================================================================================ luv-icon-theme-0.4.9.31-4.20210305git04d47f13.fc32 (FEDORA-2021-48bd3a11f6) Flat, but complex, icon theme -------------------------------------------------------------------------------- Update Information: Update to latest git snapshot (2021-03-05) -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Artur Frenszek-Iwicki <fedora@xxxxxxxxxx> - 0.4.9.31-4.20210305git04d47f13 - Update to latest git snapshot (2021-03-05) -------------------------------------------------------------------------------- ================================================================================ mingw-jasper-2.0.26-1.fc32 (FEDORA-2021-56a49b0bc6) MinGW Windows Jasper library -------------------------------------------------------------------------------- Update Information: Update to jasper-2.0.26, see https://github.com/jasper- software/jasper/releases/tag/version-2.0.26 for details. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2021 Sandro Mani <manisandro@xxxxxxxxx> - 2.0.26-1 - Update to 2.0.26 * Wed Feb 10 2021 Sandro Mani <manisandro@xxxxxxxxx> - 2.0.25-1 - Update to 2.0.25 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1922319 - CVE-2021-26926 mingw-jasper: jasper: Out of bounds read in jp2_decode() in jp2_dec.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1922319 [ 2 ] Bug #1922493 - CVE-2021-26927 mingw-jasper: jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1922493 -------------------------------------------------------------------------------- ================================================================================ mingw-python3-3.8.8-1.fc32 (FEDORA-2021-309bc2e727) MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Update to python3-3.8.8, see https://www.python.org/downloads/release/python-388/ for details. -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 22 2021 Sandro Mani <manisandro@xxxxxxxxx> - 3.8.8-1 - Update to 3.8.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1928912 - CVE-2021-23336 mingw-python3: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1928912 -------------------------------------------------------------------------------- ================================================================================ ntl-11.4.4-1.fc32 (FEDORA-2021-7ce9ae447f) High-performance algorithms for vectors, matrices, and polynomials -------------------------------------------------------------------------------- Update Information: Changes in version 11.4.4: - Improved Karatsuba code for ZZX and GF2EX (as well as the non-GMP implementation of ZZ). (Thanks to Marco Bodrato) -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2021 Jerry James <loganjerry@xxxxxxxxx> - 11.4.4-1 - ntl-11.4.4 * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 11.4.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 11.4.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ playonlinux-4.4-2.fc32 (FEDORA-2021-0ef65ec1f9) Graphical front-end for Wine -------------------------------------------------------------------------------- Update Information: New users can often find Wine to be intimidating and difficult to use. PlayOnLinux is a graphical front-end for Wine which allows to easily install and use numerous games and applications designed to run with Microsoft Windows. PlayOnLinux has the database of Windows applications from which the user can install desired application with a few clicks. It will automatically setup the Wine prefix and download any required Windows libraries. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1913737 - Review Request: playonlinux - Graphical front-end for Wine https://bugzilla.redhat.com/show_bug.cgi?id=1913737 -------------------------------------------------------------------------------- ================================================================================ python-pillow-7.0.0-7.fc32 (FEDORA-2021-0ece308612) Python image processing library -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Sandro Mani <manisandro@xxxxxxxxx> - 7.0.0-7 - Backport patch for CVE-2021-2792{1,2,3} * Fri Mar 5 2021 Sandro Mani <manisandro@xxxxxxxxx> - 7.0.0-6 - Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933899 - python-pillow-8.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1933899 [ 2 ] Bug #1934681 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934681 [ 3 ] Bug #1934682 - CVE-2021-25289 python2-pillow: python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934682 [ 4 ] Bug #1934683 - CVE-2021-25289 mingw-python-pillow: python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934683 [ 5 ] Bug #1934686 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934686 [ 6 ] Bug #1934687 - CVE-2021-25290 python2-pillow: python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934687 [ 7 ] Bug #1934688 - CVE-2021-25290 mingw-python-pillow: python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934688 [ 8 ] Bug #1934693 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934693 [ 9 ] Bug #1934694 - CVE-2021-25291 python2-pillow: python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934694 [ 10 ] Bug #1934695 - CVE-2021-25291 mingw-python-pillow: python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934695 [ 11 ] Bug #1934700 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934700 [ 12 ] Bug #1934701 - CVE-2021-25292 python2-pillow: python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934701 [ 13 ] Bug #1934702 - CVE-2021-25292 mingw-python-pillow: python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934702 [ 14 ] Bug #1934706 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934706 [ 15 ] Bug #1934707 - CVE-2021-25293 python2-pillow: python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934707 [ 16 ] Bug #1934708 - CVE-2021-25293 mingw-python-pillow: python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934708 [ 17 ] Bug #1935385 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935385 [ 18 ] Bug #1935386 - CVE-2021-27921 python2-pillow: python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935386 [ 19 ] Bug #1935388 - CVE-2021-27921 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935388 [ 20 ] Bug #1935397 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935397 [ 21 ] Bug #1935398 - CVE-2021-27922 python2-pillow: python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935398 [ 22 ] Bug #1935399 - CVE-2021-27922 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935399 [ 23 ] Bug #1935402 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935402 [ 24 ] Bug #1935403 - CVE-2021-27923 python2-pillow: python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935403 [ 25 ] Bug #1935405 - CVE-2021-27923 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935405 [ 26 ] Bug #1936047 - python-pillow-8.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1936047 -------------------------------------------------------------------------------- ================================================================================ python2-pillow-6.2.2-5.fc32 (FEDORA-2021-0ece308612) Python image processing library -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2021-27921, CVE-2021-27922 and CVE-2021-27923. ---- Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Sandro Mani <manisandro@xxxxxxxxx> - 6.2.2-5 - Backport patch for CVE-2021-2792{1,2,3} * Fri Mar 5 2021 Sandro Mani <manisandro@xxxxxxxxx> - 6.2.2-4 - Backport fixes for CVE-2020-35653, CVE-2020-35654, CVE-2020-35655 - Backport fixes for CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293 * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1933899 - python-pillow-8.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1933899 [ 2 ] Bug #1934681 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934681 [ 3 ] Bug #1934682 - CVE-2021-25289 python2-pillow: python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934682 [ 4 ] Bug #1934683 - CVE-2021-25289 mingw-python-pillow: python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934683 [ 5 ] Bug #1934686 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934686 [ 6 ] Bug #1934687 - CVE-2021-25290 python2-pillow: python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934687 [ 7 ] Bug #1934688 - CVE-2021-25290 mingw-python-pillow: python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934688 [ 8 ] Bug #1934693 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934693 [ 9 ] Bug #1934694 - CVE-2021-25291 python2-pillow: python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934694 [ 10 ] Bug #1934695 - CVE-2021-25291 mingw-python-pillow: python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934695 [ 11 ] Bug #1934700 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934700 [ 12 ] Bug #1934701 - CVE-2021-25292 python2-pillow: python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934701 [ 13 ] Bug #1934702 - CVE-2021-25292 mingw-python-pillow: python-pillow: backtracking regex in PDF parser could be used as a DOS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934702 [ 14 ] Bug #1934706 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934706 [ 15 ] Bug #1934707 - CVE-2021-25293 python2-pillow: python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934707 [ 16 ] Bug #1934708 - CVE-2021-25293 mingw-python-pillow: python-pillow: out-of-bounds read in SGIRleDecode.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1934708 [ 17 ] Bug #1935385 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935385 [ 18 ] Bug #1935386 - CVE-2021-27921 python2-pillow: python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935386 [ 19 ] Bug #1935388 - CVE-2021-27921 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for a BLP container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935388 [ 20 ] Bug #1935397 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935397 [ 21 ] Bug #1935398 - CVE-2021-27922 python2-pillow: python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935398 [ 22 ] Bug #1935399 - CVE-2021-27922 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for an ICNS container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935399 [ 23 ] Bug #1935402 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935402 [ 24 ] Bug #1935403 - CVE-2021-27923 python2-pillow: python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935403 [ 25 ] Bug #1935405 - CVE-2021-27923 mingw-python-pillow: python-pillow: reported size of a contained image is not properly checked for an ICO container [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1935405 [ 26 ] Bug #1936047 - python-pillow-8.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1936047 -------------------------------------------------------------------------------- ================================================================================ yad-8.0-1.fc32 (FEDORA-2021-5906713ecb) Display graphical dialogs from shell scripts or command line -------------------------------------------------------------------------------- Update Information: Update to 8.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 6 2021 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 8.0-1 - Update to 8.0 * Thu Jan 28 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure