The following Fedora 32 Security updates need testing: Age URL 100 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c8458e373 containernetworking-plugins-0.9.1-1.fc32 96 https://bodhi.fedoraproject.org/updates/FEDORA-2021-16d1596c42 buildah-1.19.4-1.fc32 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-158a237d4a bind-9.11.31-1.fc32 bind-dyndb-ldap-11.3-6.fc32 dnsperf-2.3.4-6.fc32 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-38e1f87ac3 thunderbird-78.10.1-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-179f2fbb88 mariadb-10.4.19-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4 firefox-88.0.1-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-498be8f560 prosody-0.11.9-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e540b85b9 ceph-14.2.21-1.fc32 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899 kernel-5.11.21-100.fc32 The following Fedora 32 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-38e1f87ac3 thunderbird-78.10.1-1.fc32 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e79d2e147 hwdata-0.347-1.fc32 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-19cdc5683f libmodulemd-2.12.1-1.fc32 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fd2a21f94 python3-3.8.10-1.fc32 python3-docs-3.8.10-1.fc32 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-276b0013e8 gnome-terminal-3.36.3-1.fc32 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-151dc7fd1b vte291-0.60.4-1.fc32 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2ee549bcb xorg-x11-drv-nouveau-1.0.17-1.fc32 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f438908573 btrfs-progs-5.11.1-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-14d0195ff8 linux-firmware-20210511-120.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4 firefox-88.0.1-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d58314a3e libidn2-2.3.1-1.fc32 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-816eecc358 zstd-1.5.0-1.fc32 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899 kernel-5.11.21-100.fc32 The following builds have been pushed to Fedora 32 updates-testing chatterino2-2.3.2-1.fc32 composer-1.10.22-1.fc32 copr-backend-1.148-1.fc32 golang-github-lestrrat-apache-logformat-2.0.6-2.fc32 golang-github-lestrrat-envload-0-0.2.20210517gita3eb8dd.fc32 golang-github-lestrrat-strftime-1.0.4-2.fc32 golang-github-rodaine-hclencoder-0-0.2.20210517gitaaa140e.fc32 golang-tinygo-x-llvm-0-0.18.20210513gite7b8519.fc32 ibus-table-chinese-1.8.3-3.fc32 mkdocs-markdownextradata-plugin-0.2.4-1.fc32 mozilla-noscript-11.2.7-1.fc32 opentype-sanitizer-8.1.4-1.fc32 perl-CPAN-Perl-Releases-5.20210515-1.fc32 php-horde-Horde-Imap-Client-2.30.2-1.fc32 php-symfony3-3.4.48-1.fc32 tinygo-0.18.0-1.fc32 wordpress-5.7.2-1.fc32 Details about builds: ================================================================================ chatterino2-2.3.2-1.fc32 (FEDORA-2021-25e7400199) Chat client for twitch.tv -------------------------------------------------------------------------------- Update Information: Update to 2.3.2 -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 2.3.2-1 - build(update): 2.3.2 -------------------------------------------------------------------------------- ================================================================================ composer-1.10.22-1.fc32 (FEDORA-2021-7aa58932f5) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.10.22** 2021-04-27 * Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / **CVE-2021-29472**) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 27 2021 Remi Collet <remi@xxxxxxxxxxxx> - 1.10.22-1 - update to 1.10.22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1955727 - CVE-2021-29472 composer: Specifically crafted URL values allow code to be executed in the HgDriver https://bugzilla.redhat.com/show_bug.cgi?id=1955727 -------------------------------------------------------------------------------- ================================================================================ copr-backend-1.148-1.fc32 (FEDORA-2021-d450a21354) Backend for Copr -------------------------------------------------------------------------------- Update Information: work with builders over ipv6, too -------------------------------------------------------------------------------- ChangeLog: * Thu May 13 2021 Pavel Raiskup <praiskup@xxxxxxxxxx> 1.148-1 - work with builders also over ipv6 -------------------------------------------------------------------------------- ================================================================================ golang-github-lestrrat-apache-logformat-2.0.6-2.fc32 (FEDORA-2021-224081b602) Port of Perl5's Apache::LogFormat::Compiler to golang -------------------------------------------------------------------------------- Update Information: Update to version 2.0.6 (Fixes rhbz#1960880) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960880 - Review Request: golang-github-lestrrat-apache-logformat - Port of Perl5's Apache::LogFormat::Compiler to golang https://bugzilla.redhat.com/show_bug.cgi?id=1960880 -------------------------------------------------------------------------------- ================================================================================ golang-github-lestrrat-envload-0-0.2.20210517gita3eb8dd.fc32 (FEDORA-2021-9365fec031) Restore and load environment variables -------------------------------------------------------------------------------- Update Information: Update to git commit a3eb8dd (Fixes rhbz#1960878) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960878 - Review Request: golang-github-lestrrat-envload - Restore and load environment variables https://bugzilla.redhat.com/show_bug.cgi?id=1960878 -------------------------------------------------------------------------------- ================================================================================ golang-github-lestrrat-strftime-1.0.4-2.fc32 (FEDORA-2021-6f1dbc1ccc) Fast strftime for Go -------------------------------------------------------------------------------- Update Information: Update to version 1.0.4 (Fixes rhbz#1960879) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960879 - Review Request: golang-github-lestrrat-strftime - Fast strftime for Go https://bugzilla.redhat.com/show_bug.cgi?id=1960879 -------------------------------------------------------------------------------- ================================================================================ golang-github-rodaine-hclencoder-0-0.2.20210517gitaaa140e.fc32 (FEDORA-2021-5d4bcb8f32) HCL Encoder/Marshaller - Convert Go Types into HCL files -------------------------------------------------------------------------------- Update Information: Update to git commit aaa140e (Fixes rhbz#1960876) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960876 - Review Request: golang-github-rodaine-hclencoder - HCL Encoder/Marshaller - Convert Go Types into HCL files https://bugzilla.redhat.com/show_bug.cgi?id=1960876 -------------------------------------------------------------------------------- ================================================================================ golang-tinygo-x-llvm-0-0.18.20210513gite7b8519.fc32 (FEDORA-2021-6d56d05fa0) Go bindings to a system-installed LLVM -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Thu May 13 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> - 0-0.18.20210513gite7b8519 - Update to commit e7b85195e81cf864a886c203c928997658c6f83a -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960058 - tinygo-0.18.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1960058 -------------------------------------------------------------------------------- ================================================================================ ibus-table-chinese-1.8.3-3.fc32 (FEDORA-2021-e5a6bc2c4e) Chinese input tables for IBus -------------------------------------------------------------------------------- Update Information: Correct misplaced non-alphabetic symbol in wubi-jidian table -------------------------------------------------------------------------------- ChangeLog: * Sun May 16 2021 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.3-3 - Correct misplaced non-alphabetic symbol in wubi-jidian table - Resolves: https://github.com/definite/ibus-table-chinese/pull/16 -------------------------------------------------------------------------------- ================================================================================ mkdocs-markdownextradata-plugin-0.2.4-1.fc32 (FEDORA-2021-5671bdeb91) MkDocs plugin that injects mkdocs.yml extra variables -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960859 - Review Request: mkdocs-markdownextradata-plugin - MkDocs plugin that injects mkdocs.yml extra variables https://bugzilla.redhat.com/show_bug.cgi?id=1960859 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-11.2.7-1.fc32 (FEDORA-2021-5f3479aaf3) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Better prompt layout (no accidental scrollbar) * [nscl] Fix regression causing media patches to break some pages (thanks l0drex for report, issue #189) * [nscl] Various webgl blocking enhancements * Remove also sticky-positioned elements with click+DEL on scriptless pages (thanks skriptimaahinen for RFE) * [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW * Fixed race condition causing external CSS not to be rendered sometimes when unrestricted CSS is disabled * Avoid document rewriting for noscript meta refresh emulation in most cases * [nscl] Fixed XHTML pages broken when served with application/xml MIME type and no "object" capability * [nscl] Switch early content script configuration to use /nscl/service/DocStartInjection.js * Configurable "unrestricted CSS" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) * [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (thanks barbaz for report) * [XSS] Increased sensitivity and specificity of risky operator pre-checks -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 11.2.7-1 - update to 11.2.7 (#1956505) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1956505 - mozilla-noscript-11.2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1956505 -------------------------------------------------------------------------------- ================================================================================ opentype-sanitizer-8.1.4-1.fc32 (FEDORA-2021-43e86698cd) Parses and serializes OpenType/WOFF/WOFF2 font files -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1959947 - Review Request: opentype-sanitizer - Parses and serializes OpenType/WOFF/WOFF2 font files https://bugzilla.redhat.com/show_bug.cgi?id=1959947 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-5.20210515-1.fc32 (FEDORA-2021-f73776c961) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated for v5.34.0-RC2 ---- Updated for v5.34.0-RC1 -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 5.20210515-1 - 5.20210515 bump * Tue May 11 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 5.20210505-1 - 5.20210505 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1957176 - perl-CPAN-Perl-Releases-5.20210505 is available https://bugzilla.redhat.com/show_bug.cgi?id=1957176 [ 2 ] Bug #1960857 - perl-CPAN-Perl-Releases-5.20210515 is available https://bugzilla.redhat.com/show_bug.cgi?id=1960857 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.30.2-1.fc32 (FEDORA-2021-a2cd3623bf) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: **Horde_Imap_Client 2.30.2** * Remove redundant array_diff that could cause removal of emails from local message cache -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Remi Collet <remi@xxxxxxxxxxxx> - 2.30.2-1 - update to 2.30.2 -------------------------------------------------------------------------------- ================================================================================ php-symfony3-3.4.48-1.fc32 (FEDORA-2021-3c013b5555) Symfony PHP framework (version 3) -------------------------------------------------------------------------------- Update Information: **Version 3.4.48** (2021-05-12) * security **CVE-2021-21424** [Security][Guard] Prevent user enumeration (chalasr) -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Remi Collet <remi@xxxxxxxxxxxx> - 3.4.48-1 - update to 3.4.48 * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.4.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960631 - CVE-2021-21424 php-symfony: user enumeration in authentication mechanisms [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1960631 -------------------------------------------------------------------------------- ================================================================================ tinygo-0.18.0-1.fc32 (FEDORA-2021-6d56d05fa0) Go compiler for small places -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Thu May 13 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> - 0.18.0-1 - Update to latest version (#1960058) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1960058 - tinygo-0.18.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1960058 -------------------------------------------------------------------------------- ================================================================================ wordpress-5.7.2-1.fc32 (FEDORA-2021-5b1dd085c7) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: ** Wordpress 5.7.2** -------------------------------------------------------------------------------- ChangeLog: * Thu May 13 2021 Remi Collet <remi@xxxxxxxxxxxx> - 5.7.2-1 - WordPress 5.7.2 Security Release -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
