The following Fedora 34 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8523af7a88 fossil-2.14.2-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-25c0011e78 golang-1.16.6-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-69de7c7ca4 aspell-0.60.8-7.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-36cdab1f8d ruby-3.0.2-149.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6cf271948a php-pear-1.10.12-9.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-10d54c261f redis-6.2.5-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0d3268fc35 mrxvt-0.5.3-31.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf7d8c7b1a webkit2gtk3-2.32.3-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d20d6712bc java-1.8.0-openjdk-1.8.0.302.b08-0.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a627cfd31e matrix-synapse-1.38.1-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-440e34200c buildah-1.21.4-4.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6a0249cb06 seamonkey-2.53.8.1-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4581ccb97d java-11-openjdk-11.0.12.0.7-0.fc34 The following Fedora 34 Critical Path updates have yet to be approved: Age URL 108 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-59eb8f096e rdma-core-36.0-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-71bdebb69f net-snmp-5.9.1-3.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a3bc99fffc mtools-4.0.33-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf7d8c7b1a webkit2gtk3-2.32.3-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ca42042d1 dnsmasq-2.85-3.fc34 The following builds have been pushed to Fedora 34 updates-testing gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc34 gtk-gnutella-1.2.1-1.fc34 ipxe-20200823-7.git4bd064de.fc34 java-latest-openjdk-16.0.2.0.7-1.rolling.fc34 logwatch-7.5.6-1.fc34 mbedtls-2.16.11-1.fc34 mingw-exiv2-0.27.4-2.fc34 mingw-python-pillow-8.1.2-3.fc34 mozilla-ublock-origin-1.37.0-1.fc34 mythes-de-0.20210723-1.fc34 python-pillow-8.1.2-4.fc34 Details about builds: ================================================================================ gnome-shell-extension-pop-shell-1.2.0^2.9616931-1.fc34 (FEDORA-2021-bf9ab734af) GNOME Shell extension for advanced tiling window management -------------------------------------------------------------------------------- Update Information: Latest upstream snapshot -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Carl George <carl@george.computer> - 1.2.0^2.9616931-1 - Latest upstream snapshot * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.0^1.d59e373-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gtk-gnutella-1.2.1-1.fc34 (FEDORA-2021-a043d97bbe) GUI based Gnutella Client -------------------------------------------------------------------------------- Update Information: Update to 1.2.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 25 2021 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 1.2.1-1 - update to 1.2.1 -------------------------------------------------------------------------------- ================================================================================ ipxe-20200823-7.git4bd064de.fc34 (FEDORA-2021-abacced846) A network boot loader -------------------------------------------------------------------------------- Update Information: * Add snponly build (bz #1981799) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Cole Robinson <crobinso@xxxxxxxxxx> - 20200823-7.git4bd064de - Add snponly build (bz 1981799) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 20200823-6.git4bd064de - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jul 7 2021 Cole Robinson <crobinso@xxxxxxxxxx> - 20200823-5.git4bd064de - Generate qemu compatible rom filenames * Mon Jun 14 2021 Jiri Kucera <jkucera@xxxxxxxxxx> - 20200823-4.git4bd064de - Replace genisoimage by xorriso * Tue Feb 23 2021 Cole Robinson <aintdiscole@xxxxxxxxx> - 20200823-3.git4bd064de - combine BIOS and EFI roms using "util/catrom.pl" -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-16.0.2.0.7-1.rolling.fc34 (FEDORA-2021-97706cf14f) OpenJDK 16 Runtime Environment -------------------------------------------------------------------------------- Update Information: July 2021 CPU update -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 23 2021 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:16.0.2.0.7-1.rolling - bumped to security update of 16.0.2-ga * Tue Jun 29 2021 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:16.0.1.0.9-5.rolling - renamed source15 to source17 to match el8 - added fips support: - added pr3695-toggle_system_crypto_policy.patch ; missing prerequisity - removed rh1655466-global_crypto_and_fips.patch; jdk16 do not have default algorithm, it throws exception - adapted rh1655466-global_crypto_and_fips.patch - adapted rh1860986-disable_tlsv1.3_in_fips_mode.patch (?) - adapted rh1915071-always_initialise_configurator_access.patch -------------------------------------------------------------------------------- ================================================================================ logwatch-7.5.6-1.fc34 (FEDORA-2021-944fd549df) Analyzes and Reports on system logs -------------------------------------------------------------------------------- Update Information: Update to 7.5.6 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Frank Crawford <frank@xxxxxxxxxxxxxxxxxx> - 7.5.6-1 - Update to 7.5.6 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mbedtls-2.16.11-1.fc34 (FEDORA-2021-165969af24) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 2.16.11 Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Morten Stevens <mstevens@xxxxxxxxxxxxxxxxx> - 2.16.11-1 - Update to 2.16.11 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.16.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1943664 - mbedtls: multiple vulnerabilities fixed in mbedtls-2.26.0 https://bugzilla.redhat.com/show_bug.cgi?id=1943664 [ 2 ] Bug #1981510 - mbedtls: Local side channel attack on RSA https://bugzilla.redhat.com/show_bug.cgi?id=1981510 [ 3 ] Bug #1981514 - mbedtls: Local side channel attack on static Diffie-Hellman with Montgomery curves https://bugzilla.redhat.com/show_bug.cgi?id=1981514 [ 4 ] Bug #1985311 - CVE-2021-24119 mbedtls: side-channel vulnerability allows system-level-attacker information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1985311 -------------------------------------------------------------------------------- ================================================================================ mingw-exiv2-0.27.4-2.fc34 (FEDORA-2021-0b27f220bd) MinGW Windows exiv2 library -------------------------------------------------------------------------------- Update Information: Update to 0.27.4, fixes CVE-2021-29463 and CVE-2021-29464. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.27.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sun Jun 20 2021 Sandro Mani <manisandro@xxxxxxxxx> - 0.27.4-1 - Update to 0.27.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1982185 - CVE-2021-29463 mingw-exiv2: exiv2: out-of-bounds read is triggered via crafted image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982185 [ 2 ] Bug #1982189 - CVE-2021-29464 mingw-exiv2: exiv2: heap-based buffer overflow via crafted image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982189 -------------------------------------------------------------------------------- ================================================================================ mingw-python-pillow-8.1.2-3.fc34 (FEDORA-2021-3ec845dc0c) MinGW Windows Python pillow library -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2021-34552. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Sandro Mani <manisandro@xxxxxxxxx> - 8.1.2-3 - Backport fix for CVE-2021-34552 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982379 [ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982380 [ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982381 -------------------------------------------------------------------------------- ================================================================================ mozilla-ublock-origin-1.37.0-1.fc34 (FEDORA-2021-f9f3648ecd) An efficient blocker for Firefox -------------------------------------------------------------------------------- Update Information: ### Closed as fixed #### Core * '$popup' not working * Service worker "tabless" requests with correct context are still modified when page is whitelisted * Back/Forward navigation does not work between Ublock Origin option pages * csp_report filter created via logger is marked as invalid * Extreme popup blocking - uBo dashboard is blocked when popups are * IPv6 fe80::1%lo0 localhost from hosts file is marked as error line * Whitespaces are now stripped from blocking-rule URLs, causing rules targeting whitespaces to fail and/or block extremely broadly * uBO's dashboard does not refresh custom filters in real-time * Element picker/zapper don't work if cosmetic filtering is disabled * Logger always highlights first match * Static filtering: Cannot prevent my filter from strict-blocking ### Notable commits without en entry in the issue tracker * Provide visual cue in popup panel when base domain has subdomains * Disclose where uBO's own filter lists are hosted * Add abort-current-script scriptlet * Fix spurious error messages when updating contextual menu * Make `getByName()` return an dummy Tracker object * Add asap behavior to remove-attr scriptlet * Ensure pending callbacks are called only once -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 1.37.0-1 - update to 1.37.0 (#1985343) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1985343 - mozilla-ublock-origin-1.37.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1985343 -------------------------------------------------------------------------------- ================================================================================ mythes-de-0.20210723-1.fc34 (FEDORA-2021-56f1f15bf3) German thesaurus -------------------------------------------------------------------------------- Update Information: * Upgrade to latest daily snapshot release -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.20210723-1 - Upgrade to latest daily snapshot release * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.20210302-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-pillow-8.1.2-4.fc34 (FEDORA-2021-3ec845dc0c) Python image processing library -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2021-34552. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 24 2021 Sandro Mani <manisandro@xxxxxxxxx> - 8.1.2-4 - Backport fix for CVE-2021-34552 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1982379 - CVE-2021-34552 mingw-python-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982379 [ 2 ] Bug #1982380 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982380 [ 3 ] Bug #1982381 - CVE-2021-34552 python2-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1982381 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
