The following Fedora 34 Security updates need testing: Age URL 59 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6aba96e1b8 radare2-5.6.4-1.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-64b2c02d29 xen-4.14.5-1.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec66ee6b59 xz-5.2.5-9.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fef374d46f zchunk-1.2.2-1.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2fec5f30be git-2.34.3-1.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5e637f6cc6 podman-3.4.7-1.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-17aa1c62da chromium-100.0.4896.127-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b0a47f8060 freerdp-2.7.0-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a2f0201723 suricata-6.0.5-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-82a9edac27 ruby-3.0.4-153.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a0a4c7eb31 redis-6.2.7-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d6aaab56e maven-shared-utils-3.2.1-0.9.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5cfe372ab7 mariadb-10.5.15-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc5776b142 curl-7.76.1-14.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-9cc421562b java-1.8.0-openjdk-1.8.0.332.b09-1.fc34 java-11-openjdk-11.0.15.0.10-1.fc34 java-17-openjdk-17.0.3.0.7-1.fc34 java-latest-openjdk-18.0.1.0.10-1.rolling.fc34 The following Fedora 34 Critical Path updates have yet to be approved: Age URL 389 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 110 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3b891fe11 gdb-11.1-7.fc34 59 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8f3103b973 hwdata-0.357-1.fc34 40 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dab75a01b8 gnome-shell-40.10-1.fc34 gnome-shell-extensions-40.7-1.fc34 mutter-40.10-1.fc34 26 https://bodhi.fedoraproject.org/updates/FEDORA-2022-eb1d10aba3 libldb-2.3.3-1.fc34 samba-4.14.13-0.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec66ee6b59 xz-5.2.5-9.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-14b4ccfa1f gdisk-1.0.9-1.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-64b2c02d29 xen-4.14.5-1.fc34 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-eaef082697 container-selinux-2.173.1-2.fc34 flatpak-1.10.7-2.fc34 osbuild-54-2.fc34 selinux-policy-34.27-1.fc34 snapd-2.55.3-2.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2fec5f30be git-2.34.3-1.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fef374d46f zchunk-1.2.2-1.fc34 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-86a5792181 webkit2gtk3-2.36.1-1.fc34 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c91c9fef langtable-0.0.58-1.fc34 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-41e16c6c1e annobin-9.79-5.fc34 gcc-11.3.1-2.fc34 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-681d2ee7ea rtkit-0.11-28.fc34 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c17b776b17 inih-55-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b0a47f8060 freerdp-2.7.0-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-095ac0abfb livecd-tools-30.0-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-47554f7728 gnutls-3.7.4-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dcdafa6b5c kernel-5.17.5-100.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc5776b142 curl-7.76.1-14.fc34 The following builds have been pushed to Fedora 34 updates-testing cifs-utils-6.15-1.fc34 fbrnch-1.1-2.fc34 mold-1.2.1-1.fc34 theme-switcher-2.0.4-10.fc34 w3m-0.5.3-55.git20220429.fc34 Details about builds: ================================================================================ cifs-utils-6.15-1.fc34 (FEDORA-2022-34de4f833d) Utilities for mounting and managing CIFS mounts -------------------------------------------------------------------------------- Update Information: This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Both issues were originally reported and fixed by Jeffrey Bencteux. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 30 2022 Alexander Bokovoy <abokovoy@xxxxxxxxxx> - 6.15-1 - Upstream release 6.15 - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing - Fixes: rhbz#2080525 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2080525 - cifs-utils-6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080525 -------------------------------------------------------------------------------- ================================================================================ fbrnch-1.1-2.fc34 (FEDORA-2022-98899d6be9) Fedora packager tool to build package branches -------------------------------------------------------------------------------- Update Information: https://hackage.haskell.org/package/fbrnch-1.1/changelog -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 30 2022 Jens Petersen <petersen@xxxxxxxxxx> - 1.1-2 - https://hackage.haskell.org/package/fbrnch-1.1/changelog -------------------------------------------------------------------------------- ================================================================================ mold-1.2.1-1.fc34 (FEDORA-2022-a1fdbdb1dd) A Modern Linker -------------------------------------------------------------------------------- Update Information: Bump version to 1.2.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 30 2022 Christoph Erhardt <fedora@xxxxxxxxxxx> - 1.2.1-1 - Bump version to 1.2.1 - Drop upstreamed patch - Add support for 32-bit x86 and Arm -------------------------------------------------------------------------------- References: [ 1 ] Bug #2080023 - mold-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080023 -------------------------------------------------------------------------------- ================================================================================ theme-switcher-2.0.4-10.fc34 (FEDORA-2022-78b3040ad4) Switch dark/light GTK theme automatically during day/night -------------------------------------------------------------------------------- Update Information: build: Add dep gnome-terminal | GH#13 -------------------------------------------------------------------------------- ChangeLog: * Sun May 1 2022 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 2.0.4-10 - build: Add dep gnome-terminal | GH#13 * Sat Jan 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.4-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint <python-maint@xxxxxxxxxx> - 2.0.4-7 - Rebuilt for Python 3.10 -------------------------------------------------------------------------------- ================================================================================ w3m-0.5.3-55.git20220429.fc34 (FEDORA-2022-ffb2da2d75) Pager with Web browsing abilities -------------------------------------------------------------------------------- Update Information: # w3m 0.5.3+git20220429 ## New features - Support kitty's APC G graphics protocol with ImageMagick's `convert` - Support iTerm2's OSC 1337 graphics protocol - New option inline_img_protocol to select the graphics protocol (0: w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G) - New option `ssl_cipher` to specify TLSv1.2 ciphers, e.g. `DEFAULT:@SECLEVEL=2` - New option `ssl_min_version` for OpenSSL 1.1 - New option `-insecure` to use insecure SSL config options - New option `ssl_ca_default`, explicitly use OpenSSL default paths by default - New option `cross_origin_referer`, use origin only Referer when cross origin - New option `localhost_only `to restrict connections only to localhost - New option `disable_center` to disable center alignment - Support brotli content encoding - Ignore the `-` option to accept `w3m -` as "read from stdin" - New `configure` option `--with-cafile` to detect CA bundle file - Support auto-detection for `configure --with-migemo` - Add fuzzer for OSS-Fuzz - Add Italian translation - Add Swedish translation ## Bug fixes - Prevent index overflow and huge allocation due to Str, libwc, and table - Prevent integer overflow due to fontstat - Prevent StrStream memory leak - Prevent GC warnings of repeated allocation - Prevent buffer overflow in shiftAnchorPosition - Prevent buffer overflow READ when parsing Gopher URLs - Prevent buffer overflow in gotoLine and gotoRealLine - Prevent warnings when `-Wnull- dereference`, enabled by default - Prevent warnings when `-Wall`, enabled by default - Prevent warnings from `cppcheck` - Avoid zero length arrays even when GCC - Fix fail to render over 32767 lines in a table cell - Disable `<section>` behaves as `<hr>` - Disable TLSv1.0 and TLSv1.1 by default - Mention a workaround for SSL error - Fix manipulation of `ASN1_STRING` - Don't include username in Referer - Don't set Referer when data URI scheme - Fix broken anchor with link number at EOL - Fix incorrect query string for `w3mman 7z` - Drop `imlib2-config`, use `pkg-config` - Improve named character references - Improve `<dl>` rendering - Prefer Imlib2 over GTK2 by default - Replace encodeB with `base64_encode` to encode null bytes - Wording fixes for `configure --help` -------------------------------------------------------------------------------- ChangeLog: * Sun May 1 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.5.3-55.git20220429 - Rebase to latest upstream gitrev 20220429 (#2080136) * Sat Jan 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-54.git20210102 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad <sahana@xxxxxxxxxx> - 0.5.3-53.git20210102 - Rebuilt with OpenSSL 3.0.0 * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-52.git20210102 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.5.3-51.git20210102 - Perl 5.34 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2080136 - w3m-0.5.3+git20220429 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080136 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
