The following Fedora 32 Security updates need testing: Age URL 102 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c8458e373 containernetworking-plugins-0.9.1-1.fc32 98 https://bodhi.fedoraproject.org/updates/FEDORA-2021-16d1596c42 buildah-1.19.4-1.fc32 14 https://bodhi.fedoraproject.org/updates/FEDORA-2021-158a237d4a bind-9.11.31-1.fc32 bind-dyndb-ldap-11.3-6.fc32 dnsperf-2.3.4-6.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-179f2fbb88 mariadb-10.4.19-1.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4 firefox-88.0.1-1.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-498be8f560 prosody-0.11.9-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e540b85b9 ceph-14.2.21-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899 kernel-5.11.21-100.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7aa58932f5 composer-1.10.22-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5b1dd085c7 wordpress-5.7.2-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3c013b5555 php-symfony3-3.4.48-1.fc32 The following Fedora 32 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2021-19cdc5683f libmodulemd-2.12.1-1.fc32 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fd2a21f94 python3-3.8.10-1.fc32 python3-docs-3.8.10-1.fc32 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-276b0013e8 gnome-terminal-3.36.3-1.fc32 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-151dc7fd1b vte291-0.60.4-1.fc32 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2ee549bcb xorg-x11-drv-nouveau-1.0.17-1.fc32 8 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f438908573 btrfs-progs-5.11.1-1.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-14d0195ff8 linux-firmware-20210511-120.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4 firefox-88.0.1-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d58314a3e libidn2-2.3.1-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-816eecc358 zstd-1.5.0-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899 kernel-5.11.21-100.fc32 The following builds have been pushed to Fedora 32 updates-testing libtirpc-1.2.6-4.rc4.fc32 lmms-1.1.3-17.fc32 ne-3.3.1-1.fc32 retroarch-1.9.3-1.fc32 rpcbind-1.2.6-0.fc32 rpki-client-7.1-1.fc32 slapi-nis-0.56.7-1.fc32 upx-3.96-9.fc32 Details about builds: ================================================================================ libtirpc-1.2.6-4.rc4.fc32 (FEDORA-2021-53ea50793d) Transport Independent RPC Library -------------------------------------------------------------------------------- Update Information: Updated non-free licenses -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Steve Dickson <steved@xxxxxxxxxx> 1.2.6-4.rc4 - Updated non-free licenses (bz 1955239) * Wed Apr 7 2021 Steve Dickson <steved@xxxxxxxxxx> 1.2.6-3.rc4 - libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS (bz 1947058) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1955239 - non-free licensed files in libtirpc https://bugzilla.redhat.com/show_bug.cgi?id=1955239 -------------------------------------------------------------------------------- ================================================================================ lmms-1.1.3-17.fc32 (FEDORA-2021-b07c44d2b2) Linux MultiMedia Studio -------------------------------------------------------------------------------- Update Information: Rebuild due to an unannounced soname bump in fluidsynth. -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Thomas Moschny <thomas.moschny@xxxxxx> - 1.1.3-17 - Add patches to fix building on F32. * Fri May 7 2021 Carl George <carl@george.computer> - 1.1.3-16 - Rebuilt for fluidsynth soname bump rhbz#1953438 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1953438 - fluidsynth-libs: incompatible upgrade from libfluidsynth.so.1 to libfluidsynth.so.2 (F32) https://bugzilla.redhat.com/show_bug.cgi?id=1953438 -------------------------------------------------------------------------------- ================================================================================ ne-3.3.1-1.fc32 (FEDORA-2021-d5a0ecfed9) ne, the nice editor -------------------------------------------------------------------------------- Update Information: First release -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1952927 - Review Request: ne - ne, the nice editor https://bugzilla.redhat.com/show_bug.cgi?id=1952927 -------------------------------------------------------------------------------- ================================================================================ retroarch-1.9.3-1.fc32 (FEDORA-2021-1acc306095) Cross-platform, sophisticated frontend for the libretro API. -------------------------------------------------------------------------------- Update Information: Update to 1.9.3 -------------------------------------------------------------------------------- ChangeLog: * Sat May 15 2021 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 1.9.3-1 - build(update): 1.9.3 -------------------------------------------------------------------------------- ================================================================================ rpcbind-1.2.6-0.fc32 (FEDORA-2021-4fa5160678) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: Updated to latest upstream release: rpcbind-1_2_6 -------------------------------------------------------------------------------- ChangeLog: * Mon May 17 2021 Steve Dickson <steved@xxxxxxxxxx> 1.2.6-0 - Updated to latest upstream release: rpcbind-1_2_6 (bz 1959127) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1959127 - rpcbind-1.2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1959127 -------------------------------------------------------------------------------- ================================================================================ rpki-client-7.1-1.fc32 (FEDORA-2021-0965639ccd) RPKI validator to support BGP Origin Validation -------------------------------------------------------------------------------- Update Information: rpki-client 7.1 =============== * Add keep-alive support to the HTTP client code for RRDP * Reference-count and delete unused files synced via RRDP, as far as possible * In the JSON output, change the AS Number from a string ("AS123") to an integer ("123") to make processing of the output easier * Add an `expires` column to CSV & JSON output, based on certificate and CRL validity times. The `expires` value can be used to avoid route selection based on stale data when generating VRP sets, when faced with loss of communication between consumer and valdiator, or validator and CA repository * Make the runtime timeout (`-s` option) also triggers in child processes * Improved RRDP support, upstream encourages testing of RRDP with the `-r` option so that RRDP can be enabled by default in a future release; please report any RRDP issues found, if possible, directly to upstream In the portable version, * Improve support for older libressl versions (although the latest stable release is recommended) * Add missing compat headers in release packages so they build on Alpine Linux and macOS -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 7.1-1 - Upgrade to 7.1 (#1961870) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1961870 - rpki-client-7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1961870 -------------------------------------------------------------------------------- ================================================================================ slapi-nis-0.56.7-1.fc32 (FEDORA-2021-f6cbdada86) NIS Server and Schema Compatibility plugins for Directory Server -------------------------------------------------------------------------------- Update Information: CVE-2021-3480: invalid BIND DN crash -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Alexander Bokovoy <abokovoy@xxxxxxxxxx> - 0.56.7-1 - CVE-2021-3480: invalid bind DN crash - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1961157 - CVE-2021-3480 slapi-nis: NULL dereference (DoS) with specially crafted Binding DN [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1961157 -------------------------------------------------------------------------------- ================================================================================ upx-3.96-9.fc32 (FEDORA-2021-09b10922eb) Ultimate Packer for eXecutables -------------------------------------------------------------------------------- Update Information: Patch for CVE-2020-24119. -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.96-9 - Patch for CVE-2020-24119 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1961592 - CVE-2020-24119 upx: heap buffer overflow in p_lx_elf.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1961592 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure