The following Fedora 33 Security updates need testing: Age URL 226 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ac23d9e47f freerdp-2.4.1-1.fc33 gnome-boxes-3.38.2-3.fc33 gnome-remote-desktop-0.1.9-3.fc33 guacamole-server-1.3.0-9.fc33 hydra-9.2-3.fc33 medusa-2.2-14.20181216git292193b.fc33 pidgin-sipe-1.25.0-7.fc33 remmina-1.4.21-1.fc33 vinagre-3.22.0-21.fc33 weston-8.0.0-7.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-25e89d9374 libxls-1.6.2-5.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-43d3c10590 roundcubemail-1.4.12-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-218ec2d434 freeipa-4.9.6-3.fc33 libldb-2.2.3-1.fc33 samba-4.13.14-2.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b8bb26909 getdata-0.11.0-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c8043fa05f php-7.4.26-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5a95823596 busybox-1.34.1-1.fc33 The following Fedora 33 Critical Path updates have yet to be approved: Age URL 244 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 179 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33 95 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6b0de8ad53 ethtool-5.15-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ac23d9e47f freerdp-2.4.1-1.fc33 gnome-boxes-3.38.2-3.fc33 gnome-remote-desktop-0.1.9-3.fc33 guacamole-server-1.3.0-9.fc33 hydra-9.2-3.fc33 medusa-2.2-14.20181216git292193b.fc33 pidgin-sipe-1.25.0-7.fc33 remmina-1.4.21-1.fc33 vinagre-3.22.0-21.fc33 weston-8.0.0-7.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-474baeb685 pungi-4.3.2-2.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-218ec2d434 freeipa-4.9.6-3.fc33 libldb-2.2.3-1.fc33 samba-4.13.14-2.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b033c2d885 firefox-94.0-2.fc33 The following builds have been pushed to Fedora 33 updates-testing badwolf-1.2.2-1.fc33 fetchmail-6.4.24-1.fc33 generic-logos-18.0.0-15.fc33 libdxfrw-1.0.1-1.fc33 librecad-2.2.0-0.11.rc2.fc33 mtools-4.0.36-1.fc33 pdf2djvu-0.9.18.2-1.fc33 perl-CPAN-Perl-Releases-5.20211120-1.fc33 perl-Module-CoreList-5.20211120-1.fc33 rabbitmq-server-3.8.26-1.fc33 Details about builds: ================================================================================ badwolf-1.2.2-1.fc33 (FEDORA-2021-dd8b213e45) Web Browser which aims at security and privacy over usability -------------------------------------------------------------------------------- Update Information: Updating to 1.2.2 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Lyes Saadi <mail@xxxxxxx> 1.2.2-1 - Updating to 1.2.2 * Sun Nov 21 2021 Lyes Saadi <mail@xxxxxxx> 1.2.1-1 - Updating to 1.2.1 (fix #2025185) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025185 - badwolf-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2025185 -------------------------------------------------------------------------------- ================================================================================ fetchmail-6.4.24-1.fc33 (FEDORA-2021-a26eb7b287) A remote mail retrieval and forwarding utility -------------------------------------------------------------------------------- Update Information: Update to fetchmail-6.4.24 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Vitezslav Crhonek <vcrhonek@xxxxxxxxxx> - 6.4.24-1 - Update to fetchmail-6.4.24 -------------------------------------------------------------------------------- ================================================================================ generic-logos-18.0.0-15.fc33 (FEDORA-2021-2471f5862b) Icons and pictures -------------------------------------------------------------------------------- Update Information: Add `system-logos(httpd-logo-ng)` virtual name to the `generic-logos-httpd` subpackage to allow debranding -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 17 2021 Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> - 18.0.0-15 - Make generic-logos-httpd provide system-logos(httpd-logo-ng) (#2014863) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.0.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jul 6 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 18.0.0-13 - fix generic-logos-httpd conflict with fedora-logos-httpd * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.0.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2014863 - generic-logos-httpd does not fulfill 'system-logos(httpd-logo-ng)' dependency of httpd in Fedora >= 34 https://bugzilla.redhat.com/show_bug.cgi?id=2014863 -------------------------------------------------------------------------------- ================================================================================ libdxfrw-1.0.1-1.fc33 (FEDORA-2021-49ed4be7d5) Library to read/write DXF files -------------------------------------------------------------------------------- Update Information: Update libdxfrw to 1.0.1 (from upstream git). Rebuild librecad against it. This fixes CVE-2021-21898, CVE-2021-21899, and CVE-2021-21900. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.1-1 - rebase to new code home, fixes CVE-2021-21898/21899/21900 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.3-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Thu May 27 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.6.3-18 - disable rpath * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.3-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Dec 31 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.6.3-16 - more fixes from LibreCAD git * Wed Nov 4 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.6.3-15 - add all of the current fixes from LibreCAD git -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025628 - CVE-2021-21899 librecad: heap out-of-bounds write in dwgCompressor:copyCompBytes21 https://bugzilla.redhat.com/show_bug.cgi?id=2025628 [ 2 ] Bug #2025631 - CVE-2021-21900 librecad: use-after-free in dxfRW:processLType() https://bugzilla.redhat.com/show_bug.cgi?id=2025631 [ 3 ] Bug #2025634 - CVE-2021-21898 librecad: out-of-bounds write in dwgCompressor:decompress18() https://bugzilla.redhat.com/show_bug.cgi?id=2025634 -------------------------------------------------------------------------------- ================================================================================ librecad-2.2.0-0.11.rc2.fc33 (FEDORA-2021-49ed4be7d5) Computer Assisted Design (CAD) Application -------------------------------------------------------------------------------- Update Information: Update libdxfrw to 1.0.1 (from upstream git). Rebuild librecad against it. This fixes CVE-2021-21898, CVE-2021-21899, and CVE-2021-21900. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.2.0-0.11.rc2 - rebuild against new libdxfrw - rebase to 1d31427 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.0-0.10.rc2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.0-0.9.rc2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Dec 31 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.2.0-0.8.rc2 - update to rc2 * Wed Nov 4 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.2.0-0.7.rc1 - update to latest git main -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025628 - CVE-2021-21899 librecad: heap out-of-bounds write in dwgCompressor:copyCompBytes21 https://bugzilla.redhat.com/show_bug.cgi?id=2025628 [ 2 ] Bug #2025631 - CVE-2021-21900 librecad: use-after-free in dxfRW:processLType() https://bugzilla.redhat.com/show_bug.cgi?id=2025631 [ 3 ] Bug #2025634 - CVE-2021-21898 librecad: out-of-bounds write in dwgCompressor:decompress18() https://bugzilla.redhat.com/show_bug.cgi?id=2025634 -------------------------------------------------------------------------------- ================================================================================ mtools-4.0.36-1.fc33 (FEDORA-2021-c0a692e064) Programs for accessing MS-DOS disks without mounting the disks -------------------------------------------------------------------------------- Update Information: Update to 4.0.36 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Vojtech Trefny <vtrefny@xxxxxxxxxx> 4.0.36-1 - Update to 4.0.36 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025341 - mtools-4.0.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=2025341 -------------------------------------------------------------------------------- ================================================================================ pdf2djvu-0.9.18.2-1.fc33 (FEDORA-2021-ad9e025b45) PDF to DjVu converter -------------------------------------------------------------------------------- Update Information: - Update to 0.9.18.2 fixes rhbz#2025677 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 0.9.18.2-1 - Update to 0.9.18.2 fixes rhbz#2025677 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025677 - pdf2djvu-0.9.18.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2025677 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-5.20211120-1.fc33 (FEDORA-2021-a298f4d27a) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated for v5.35.6 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 5.20211120-1 - 5.20211120 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025237 - perl-CPAN-Perl-Releases-5.20211120 is available https://bugzilla.redhat.com/show_bug.cgi?id=2025237 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20211120-1.fc33 (FEDORA-2021-eac4d1d3ad) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: Updated for v5.35.6 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1:5.20211120-1 - 5.20211120 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #2025236 - perl-Module-CoreList-5.20211120 is available https://bugzilla.redhat.com/show_bug.cgi?id=2025236 -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.8.26-1.fc33 (FEDORA-2021-f9977fe625) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: RabbitMQ ver. 3.8.26 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 22 2021 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.8.26-1 - Ver. 3.8.26 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure