The following Fedora 33 Security updates need testing: Age URL 164 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e7c8ba6301 ntfs-3g-2021.8.22-2.fc33 8 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9fb6da134f squashfs-tools-4.5-3.20210913gite048580.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b349650e52 gifsicle-1.93-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-be0a93fb15 ghostscript-9.54.0-2.1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9998719311 fetchmail-6.4.22-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-fc96a3a749 curl-7.71.1-11.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c1fef03e71 python-rsa-4.7.2-1.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-edf6957b7d webkit2gtk3-2.32.4-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-55198e6804 iaito-5.3.1-3.fc33 radare2-5.4.0-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-87578dca12 ckeditor-4.16.2-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-34760089da python2.7-2.7.18-15.fc33 The following Fedora 33 Critical Path updates have yet to be approved: Age URL 183 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 118 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33 34 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e7c8ba6301 ntfs-3g-2021.8.22-2.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b23a9bea6a ethtool-5.14-1.fc33 8 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b45ccbe1a6 libmodulemd-2.13.0-2.fc33 8 https://bodhi.fedoraproject.org/updates/FEDORA-2021-9fb6da134f squashfs-tools-4.5-3.20210913gite048580.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-90604978ab pungi-4.3.0-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-fd41bb269a createrepo_c-0.17.5-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2234494a2d appstream-data-33-4.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-fc96a3a749 curl-7.71.1-11.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-edf6957b7d webkit2gtk3-2.32.4-1.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e2e8b29ae7 libxcrypt-4.4.26-2.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-31db2a6200 openssl-1.1.1l-2.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-205a6ce5ea kernel-5.13.19-100.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e63926a1bb btrfs-progs-5.14.1-1.fc33 The following builds have been pushed to Fedora 33 updates-testing charliecloud-0.25-1.fc33 cppzmq-4.8.1-1.fc33 flatpak-1.10.3-1.fc33 flatpak-builder-1.0.14-1.fc33 libspf2-1.2.11-1.20210922git4915c308.fc33 libssh-0.9.6-1.fc33 mozilla-ublock-origin-1.38.0-1.fc33 php-nikic-php-parser4-4.13.0-1.fc33 php-phpunit-php-code-coverage9-9.2.7-1.fc33 php-twig-1.44.5-1.fc33 php-twig2-2.14.7-1.fc33 php-twig3-3.3.3-1.fc33 polybar-3.5.7-1.fc33 python-dask-2021.9.1-1.fc33~bootstrap python-flask-restx-0.2.0-4.fc33 python-iso3166-2.0.2-1.fc33 samba-4.13.12-0.fc33 wireguard-tools-1.0.20210914-1.fc33 wireshark-3.4.8-2.fc33 Details about builds: ================================================================================ charliecloud-0.25-1.fc33 (FEDORA-2021-440dc6ce92) Lightweight user-defined software stacks for high-performance computing -------------------------------------------------------------------------------- Update Information: New version. Bundle working lark-parser. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 20 2021 Jordan Ogas <jogas@xxxxxxxx 0.25-1 - bundle python lark parser - new version -------------------------------------------------------------------------------- ================================================================================ cppzmq-4.8.1-1.fc33 (FEDORA-2021-cb8a170fc9) Header-only C++ binding for libzmq -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 4.8.1-1 - Update to latest version (#2005750) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2005750 - cppzmq-4.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2005750 -------------------------------------------------------------------------------- ================================================================================ flatpak-1.10.3-1.fc33 (FEDORA-2021-b5e7522780) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: Update to 1.10.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.10.3-1 - Update to 1.10.3 -------------------------------------------------------------------------------- ================================================================================ flatpak-builder-1.0.14-1.fc33 (FEDORA-2021-70e594f5ef) Tool to build flatpaks from source -------------------------------------------------------------------------------- Update Information: Update to 1.0.14 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1.0.14-1 - Update to 1.0.14 -------------------------------------------------------------------------------- ================================================================================ libspf2-1.2.11-1.20210922git4915c308.fc33 (FEDORA-2021-044be3d54e) An implementation of the SPF specification -------------------------------------------------------------------------------- Update Information: Update to latest in git. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1.2.11-1.20210922git4915c308 - Build latest upstream git HEAD - CVE-2021-20314 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.10-30.20150405gitd57d79fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.2.10-29.20150405gitd57d79fd - Perl 5.34 rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.10-28.20150405gitd57d79fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1993071 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1993071 [ 2 ] Bug #1993072 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1993072 -------------------------------------------------------------------------------- ================================================================================ libssh-0.9.6-1.fc33 (FEDORA-2021-f2a020a065) A library implementing the SSH protocol -------------------------------------------------------------------------------- Update Information: Rebase to libssh-0.9.6 Fix CVE-2021-3634 -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 13 2021 Norbert Pocs <npocs@xxxxxxxxxx> - 0.9.6-1 - Fix CVE-CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying - Resolves: rhbz#1994600 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1998135 - CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1998135 [ 2 ] Bug #1998163 - libssh-0.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1998163 -------------------------------------------------------------------------------- ================================================================================ mozilla-ublock-origin-1.38.0-1.fc33 (FEDORA-2021-210b391666) An efficient blocker for Firefox -------------------------------------------------------------------------------- Update Information: New cosmetic procedural operator, `:matches-path(...)`. See ["Add $path modifier of Adguard or any equivalents of this"](https://github.com/uBlockOrigin/uBlock- issues/issues/1690). The setting *"Prevent WebRTC from leaking local IP addresses"* has been removed since it is no longer necessary in modern browsers, except for Firefox for Android where the issue is still present. Closed as fixed, notable changes: * $removeparam doesn't work well with UrlEncoded gb2312 Chinese word * Scriptlets don't work randomly in Firefox * Security: comments can be used to smuggle url() functions into css values * Prevent uBO from hiding html or body when matched by a generic cosmetic filter * Add $path modifier of Adguard or any equivalents of this * The overview panel will not show everything if the uBO's icon is placed in the Firefox overflow menu * [patch by @vtriolet] TypeError in noscript-spoof scriptlet with invalid meta refresh URL * TypeError when trying to use element picker on plaintext resource * Split out core functionality into separate module * Better lookup all elements under mouse cursor in element picker * Add visual hint to grab area of element picker dialog * Add no-xhr-if scriptlet * Refactor hntrie to avoid the need for boundary cells * Fix bad test in WASM version of HNTrieContainer * Export the rule-based filtering engines to the nodejs package * Rewrite logical expressions for ESLint * [patch by @mjethani] Add Makefile * [patch by @mjethani] Make uAssets a submodule * Ensure compiled sections are ordered in ascending id * Fix handling of some procedural cosmetic filters with explicit `:scope` -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 1.38.0-1 - update to 1.38.0 (#2005514) - drop obsolete patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #2005514 - mozilla-ublock-origin-1.38.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2005514 -------------------------------------------------------------------------------- ================================================================================ php-nikic-php-parser4-4.13.0-1.fc33 (FEDORA-2021-b6519b02fe) A PHP parser written in PHP - version 4 -------------------------------------------------------------------------------- Update Information: **Version 4.13.0** (2021-09-20) Added * [PHP 8.1] Added support for intersection types using a new `IntersectionType` node. Additionally a `ComplexType` parent class for `NullableType`, `UnionType` and `IntersectionType` has been added. * [PHP 8.1] Added support for explicit octal literals. * [PHP 8.1] Added support for first-class callables. These are represented using a call whose first argument is a `VariadicPlaceholder`. The representation is intended to be forward-compatible with partial function application, just like the PHP feature itself. Call nodes now extend from `Expr\CallLike`, which provides an `isFirstClassCallable()` method to determine whether a placeholder id present. `getArgs()` can be used to assert that the call is not a first-class callable and returns `Arg[]` rather than `array<Arg|VariadicPlaceholder>`. Fixed * Multiple modifiers for promoted properties are now accepted. In particular this allows something like `public readonly` for promoted properties. * Formatting-preserving pretty printing for comments in array literals has been fixed. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Remi Collet <remi@xxxxxxxxxxxx> - 4.13.0-1 - update to 4.13.0 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-php-code-coverage9-9.2.7-1.fc33 (FEDORA-2021-d4faa303c9) PHP code coverage information -------------------------------------------------------------------------------- Update Information: **Version 9.2.7** - 2021-09-17 Fixed * [#860](https://github.com/sebastianbergmann/php-code-coverage/pull/860): Empty value for `XDEBUG_MODE` environment variable is not handled correctly -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Remi Collet <remi@xxxxxxxxxxxx> - 9.2.7-1 - update to 9.2.7 - raise dependency on nikic/php-parser 4.12.0 -------------------------------------------------------------------------------- ================================================================================ php-twig-1.44.5-1.fc33 (FEDORA-2021-3de7a5e1e2) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.44.5** (2021-09-17) * Improve compatibility with PHP 8.1 * Explicitly specify the encoding for mb_ord in JS escaper -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Remi Collet <remi@xxxxxxxxxxxx> - 1.44.5-1 - update to 1.44.5 - add patch for test suite from https://github.com/twigphp/Twig/pull/3563 * Tue Jul 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.44.4-2 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-twig2-2.14.7-1.fc33 (FEDORA-2021-8e2a1b3011) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.14.7** (2021-09-17) * Allow Symfony 6 * Improve compatibility with PHP 8.1 * Explicitly specify the encoding for mb_ord in JS escaper -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Remi Collet <remi@xxxxxxxxxxxx> - 2.14.7-1 - update to 2.14.7 -------------------------------------------------------------------------------- ================================================================================ php-twig3-3.3.3-1.fc33 (FEDORA-2021-86e7d4504e) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.14.7** (2021-09-17) * Allow Symfony 6 * Improve compatibility with PHP 8.1 * Explicitly specify the encoding for mb_ord in JS escaper -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Remi Collet <remi@xxxxxxxxxxxx> - 3.3.3-1 - update to 3.3.3 -------------------------------------------------------------------------------- ================================================================================ polybar-3.5.7-1.fc33 (FEDORA-2021-e633938cfa) Fast and easy-to-use status bar -------------------------------------------------------------------------------- Update Information: Update to 3.5.7 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 3.5.7-1 - build(update): 3.5.7 -------------------------------------------------------------------------------- ================================================================================ python-dask-2021.9.1-1.fc33~bootstrap (FEDORA-2021-99e3124daf) Parallel PyData with Task Scheduling -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> 2021.9.1-1 - Update to latest version (#2006577) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2006577 - python-dask-2021.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2006577 -------------------------------------------------------------------------------- ================================================================================ python-flask-restx-0.2.0-4.fc33 (FEDORA-2021-67b7695f95) Framework for fast, easy and documented API development with Flask -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2021-32838 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Jiri Popelka <jpopelka@xxxxxxxxxx> - 0.2.0-4 - optimize email regex - Fixes rhbz#2006119 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2006118 - CVE-2021-32838 python-flask-restx: Regular expression denial of service in email_regex https://bugzilla.redhat.com/show_bug.cgi?id=2006118 -------------------------------------------------------------------------------- ================================================================================ python-iso3166-2.0.2-1.fc33 (FEDORA-2021-de6e1c2f56) Self-contained ISO 3166-1 country definitions -------------------------------------------------------------------------------- Update Information: Type hint support ---- This update provides the latest release of the python- iso3166 Python module. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - Update to 2.0.2 * Mon Sep 20 2021 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 2.0.1-1 - Update to 2.0.1 * Tue Oct 6 2020 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 1.0.1-5 - Add BuildRequires on python3-setuptools - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #2004396 - python-iso3166-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2004396 [ 2 ] Bug #2006151 - python-iso3166-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2006151 -------------------------------------------------------------------------------- ================================================================================ samba-4.13.12-0.fc33 (FEDORA-2021-8b2257fc8f) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to Samba 4.13.12 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Guenther Deschner <gdeschner@xxxxxxxxxx> - 4.13.12-0 - Update to Samba 4.13.12 -------------------------------------------------------------------------------- ================================================================================ wireguard-tools-1.0.20210914-1.fc33 (FEDORA-2021-80042b46d8) Fast, modern, secure VPN tunnel -------------------------------------------------------------------------------- Update Information: Update to 1.0.20210914 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 21 2021 Joe Doss <joe@xxxxxxxxxxxxxx> - 1.0.20210914-1 - contrib/launchd: fix xml syntax error - wg-quick: darwin: account for "link#XX" gateways - ipc: add wireguard-nt support - ipc: cache windows lookups to avoid O(n^2) with nested lookups - ipc: remove windows elevation - ipc: windows: don't display disabled adapters - ipc: windows: use devpkey instead of nci for name - wg-quick: android: adjust for android 12 - wg-quick: openbsd: set DNS with resolvd(8) * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.20210424-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2003848 - wireguard-tools-1.0.20210914 is available https://bugzilla.redhat.com/show_bug.cgi?id=2003848 -------------------------------------------------------------------------------- ================================================================================ wireshark-3.4.8-2.fc33 (FEDORA-2021-602fa6a595) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: Use system sysusers config to create groups -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 22 2021 Michal Ruprich <mruprich@xxxxxxxxxx> - 1:3.4.8-2 - Use system sysusers config to create groups -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
