The following Fedora 36 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b50023a180 xen-4.16.1-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e819bd191f gerbv-2.8.2-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3826c8f549 moby-engine-20.10.14-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-930b54aa84 plantuml-1.2022.4-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-d1452fd421 python-fastapi-0.75.2-1.fc36 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a7ca6ee0cf ruby-3.1.2-164.fc36 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c8f6a39cf6 stb-0^20210910gitaf1a5bc-0.2.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-88690c6188 epiphany-42.2-1.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546 blender-3.1.2-3.fc36 usd-22.03-8.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c4e644865f esh-0.3.2-1.fc36 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0125d9cd29 CuraEngine-4.13.1-2.fc36 The following Fedora 36 Critical Path updates have yet to be approved: Age URL 11 https://bodhi.fedoraproject.org/updates/FEDORA-2022-43488e303c binutils-2.37-27.fc36 11 https://bodhi.fedoraproject.org/updates/FEDORA-2022-50842594a4 mtools-4.0.39-1.fc36 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c2b9ed1ee libguestfs-1.48.1-1.fc36 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c5b629da0 libnma-1.8.38-1.fc36 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8c9270d57e NetworkManager-1.37.91-1.fc36 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf82f181ea fwupd-efi-1.3-1.fc36 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b50023a180 xen-4.16.1-1.fc36 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-14e4bfaa27 libnl3-3.6.0-1.fc36 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-42003bf3a9 libsolv-0.7.22-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e90643ce61 redhat-rpm-config-217-1.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c616f153bd langtable-0.0.58-1.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-77f3c1cd62 samba-4.16.0-6.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d880c3988 thunderbird-91.8.0-2.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-d283248368 rtkit-0.11-30.fc36 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-794d75ddf5 livecd-tools-29.0-1.fc36 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2ee3305d27 inih-55-1.fc36 The following builds have been pushed to Fedora 36 updates-testing ansible-bender-0.9.0-6.fc36 chromium-100.0.4896.127-1.fc36 claws-mail-4.1.0-1.fc36 dotnet3.1-3.1.418-1.fc36 golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc36 python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc36 rust-nix0.22-0.22.3-1.fc36 zxing-cpp-1.2.0-4.fc36 Details about builds: ================================================================================ ansible-bender-0.9.0-6.fc36 (FEDORA-2022-e0fd549e91) Build container images using Ansible playbooks -------------------------------------------------------------------------------- Update Information: Allow users to choose between ansible and ansible-core -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 24 2022 Gordon Messmer <gordon.messmer@xxxxxxxxx> - 0.9.0-6 - Suggest ansible-core - Use %pytest macro * Tue Feb 22 2022 Maxwell G <gotmax@e.email> - 0.9.0-5 - Allow users to choose between ansible and ansible-core. - Switch BR to ansible-core. -------------------------------------------------------------------------------- ================================================================================ chromium-100.0.4896.127-1.fc36 (FEDORA-2022-59297c8fcd) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: 100 Chromium releases! Of course, at the rate they release now, we'll probably be at 150 before the end of the year. Anyway, here's the update. Fixes: CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-1364 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 21 2022 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 100.0.4896.127-1 - update to 100.0.4896.127 * Tue Apr 5 2022 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 100.0.4896.75-1 - update to 100.0.4896.75 * Sat Apr 2 2022 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 100.0.4896.60-1 - update to 100.0.4896.60 * Sun Mar 27 2022 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 99.0.4844.84-1 - update to 99.0.4844.84 - package up libremoting_core.so* for chrome-remote-desktop - strip all the .so files (and binaries) * Sat Mar 19 2022 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 99.0.4844.74-1 - update to 99.0.4844.74 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2071876 - CVE-2022-1232 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2071876 [ 2 ] Bug #2074371 - CVE-2022-1305 chromium-browser: Use after free in storage https://bugzilla.redhat.com/show_bug.cgi?id=2074371 [ 3 ] Bug #2074372 - CVE-2022-1306 chromium-browser: Inappropriate implementation in compositing https://bugzilla.redhat.com/show_bug.cgi?id=2074372 [ 4 ] Bug #2074373 - CVE-2022-1307 chromium-browser: Inappropriate implementation in full screen https://bugzilla.redhat.com/show_bug.cgi?id=2074373 [ 5 ] Bug #2074374 - CVE-2022-1308 chromium-browser: Use after free in BFCache https://bugzilla.redhat.com/show_bug.cgi?id=2074374 [ 6 ] Bug #2074375 - CVE-2022-1309 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=2074375 [ 7 ] Bug #2074376 - CVE-2022-1310 chromium-browser: Use after free in regular expressions https://bugzilla.redhat.com/show_bug.cgi?id=2074376 [ 8 ] Bug #2074377 - CVE-2022-1311 chromium-browser: Use after free in Chrome OS shell https://bugzilla.redhat.com/show_bug.cgi?id=2074377 [ 9 ] Bug #2074378 - CVE-2022-1312 chromium-browser: Use after free in storage https://bugzilla.redhat.com/show_bug.cgi?id=2074378 [ 10 ] Bug #2074379 - CVE-2022-1313 chromium-browser: Use after free in tab groups https://bugzilla.redhat.com/show_bug.cgi?id=2074379 [ 11 ] Bug #2074380 - CVE-2022-1314 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2074380 [ 12 ] Bug #2076274 - CVE-2022-1364 Chromium-browser: Type Confusion in V8. https://bugzilla.redhat.com/show_bug.cgi?id=2076274 -------------------------------------------------------------------------------- ================================================================================ claws-mail-4.1.0-1.fc36 (FEDORA-2022-cf006221a1) Email client and news reader based on GTK+ -------------------------------------------------------------------------------- Update Information: Update from 3.18.0 to 3.19.0 for Fedora 34. Update from 4.0.0 to 4.1.0 for Fedora 35/36. https://www.claws-mail.org/news.php -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 23 2022 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 4.1.0-1 - Update to 4.1.0. - New keyword_warner plugin. - pdf_viewer patch not needed anymore. -------------------------------------------------------------------------------- ================================================================================ dotnet3.1-3.1.418-1.fc36 (FEDORA-2022-ba11e56204) .NET Core Runtime and SDK -------------------------------------------------------------------------------- Update Information: # Update to .NET Core SDK 3.1.418 and Runtime3.1.24 .NET Core SDK 3.1.418 and Runtime 3.1.24 were recently released by Microsoft: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.24/3.1.24.md This is a bugfix release that updates the version in Fedora to the upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 21 2022 Omair Majid <omajid@xxxxxxxxxx> - 3.1.418-1 - Update to .NET SDK 3.1.418 and Runtime 3.1.24 -------------------------------------------------------------------------------- ================================================================================ golang-github-pelletier-toml-2-2.0.0~beta.8-3.fc36 (FEDORA-2022-eeb810dce7) Go library for the TOML file format -------------------------------------------------------------------------------- Update Information: Backport patch that fixes test on i686 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 24 2022 W. Michael Petullo <mike@xxxxxxxx> 2.0.0~beta.8-3 - Backport patch that fixes test on i686 * Sun Apr 24 2022 W. Michael Petullo <mike@xxxxxxxx> 2.0.0~beta.8-2 - Deactivate a test that fail on i686 (see https://github.com/pelletier/go- toml/issues/760) * Tue Apr 19 2022 W. Michael Petullo <mike@xxxxxxxx> 2.0.0~beta.8-1 - Initial import (fedora#2031226) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2031226 - Review Request: golang-github-pelletier-toml-2 - Go library for the toml language https://bugzilla.redhat.com/show_bug.cgi?id=2031226 -------------------------------------------------------------------------------- ================================================================================ python-dmidecode-3.12.2-27.20210630gitf0a089a1.fc36 (FEDORA-2022-83e0745840) Python module to access DMI data -------------------------------------------------------------------------------- Update Information: - Build commit #f0a089a1 (include covscan error fixes) -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 24 2022 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 3.12.2-27.20210630gitf0a089a1 - Build commit #f0a089a1 (include covscan error fixes) -------------------------------------------------------------------------------- ================================================================================ rust-nix0.22-0.22.3-1.fc36 (FEDORA-2022-85781b9528) Rust friendly bindings to *nix APIs -------------------------------------------------------------------------------- Update Information: Update the package for nix crate versions 0.22.x to version 0.22.3. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 24 2022 Fabio Valentini <decathorpe@xxxxxxxxx> 0.22.3-1 - Update to version 0.22.3 -------------------------------------------------------------------------------- ================================================================================ zxing-cpp-1.2.0-4.fc36 (FEDORA-2022-e22f1a8c17) C++ port of the ZXing ("Zebra Crossing") barcode scanning library -------------------------------------------------------------------------------- Update Information: - rebuild for CVE-2022-28041 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 23 2022 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.2.0-4 - Security fix for CVE-2022-28041 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure