The following Fedora 34 Security updates need testing: Age URL 76 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6aba96e1b8 radare2-5.6.4-1.fc34 28 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2022-9ce9716352 thunderbird-91.9.0-1.fc34 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8277bef335 curl-7.76.1-16.fc34 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-256d559f0c dotnet6.0-6.0.105-1.fc34 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-44f5e9e219 php-openpsa-universalfeedcreator-1.8.4.1-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1cf3c9578f plib-1.8.5-30.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-7846cac830 ignition-2.14.0-1.fc34 The following Fedora 34 Critical Path updates have yet to be approved: Age URL 406 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 128 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3b891fe11 gdb-11.1-7.fc34 76 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8f3103b973 hwdata-0.357-1.fc34 58 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dab75a01b8 gnome-shell-40.10-1.fc34 gnome-shell-extensions-40.7-1.fc34 mutter-40.10-1.fc34 44 https://bodhi.fedoraproject.org/updates/FEDORA-2022-eb1d10aba3 libldb-2.3.3-1.fc34 samba-4.14.13-0.fc34 28 https://bodhi.fedoraproject.org/updates/FEDORA-2022-63de6726ce libinput-1.19.4-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2022-9ce9716352 thunderbird-91.9.0-1.fc34 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-9434036d03 firefox-100.0-4.fc34 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8277bef335 curl-7.76.1-16.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-b9a676a6de libretls-3.5.2-1.fc34 netcat-1.218-5.fc34 rpki-client-7.8-2.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f0b4a4d73 linux-firmware-20220509-132.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-43cfd2bbc1 rsync-3.2.4-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-9ea855c65c gnutls-3.7.5-1.fc34 The following builds have been pushed to Fedora 34 updates-testing ardour6-6.9.0-10.fc34 clash-1.6.5-2.fc34 linux-system-roles-1.18.1-2.fc34 moodle-3.11.7-1.fc34 syncthing-1.20.1-1.fc34 vim-8.2.4975-1.fc34 Details about builds: ================================================================================ ardour6-6.9.0-10.fc34 (FEDORA-2022-02dc9982b5) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: This update moves the backend plugins into the main package and fixes default search paths for VST plugins on 64-bit architectures. -------------------------------------------------------------------------------- ChangeLog: * Wed May 18 2022 Nils Philippsen <nils@xxxxxxxxx> 6.9.0-10 - Look for VST plugins in lib64 paths on 64-bit * Wed May 18 2022 BrunoVernay <BrunoVern.a@xxxxxxxxx> 6.9.0-9 - Use HTTPS links * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-8 - Drop ardour6-backend-pulseaudio - include the PulseAudio backend in the main package. * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-7 - Drop ardour6-backend-jack - include the JACK backend in the main package. * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-6 - Drop ardour6-backend-alsa - include the ALSA backend in the main package. * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-5 - Drop ardour6-backend-dummy - include the dummy backend in the main package. * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-4 - Generate explicit %exclude for /usr/lib/ardour6/backends/* * Tue May 17 2022 Mads Kiilerich <mads@xxxxxxxxxxxxx> 6.9.0-3 - Drop ardour5 upgrades - Fedora 33 is very dead * Wed Jan 19 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> 6.9.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1972105 - Add /usr/lib64/vst and vst3 path in the list of paths to plugins https://bugzilla.redhat.com/show_bug.cgi?id=1972105 -------------------------------------------------------------------------------- ================================================================================ clash-1.6.5-2.fc34 (FEDORA-2022-a49babed75) A rule-based tunnel in Go -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-28327 CVE-2022-24675 -------------------------------------------------------------------------------- ChangeLog: * Mon May 16 2022 Qiyu Yan <yanqiyu@xxxxxxxxxxxxxxxxx> - 1.6.5-2 - rebuild to fix CVE-2022-28327 #(2084888) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2084708 - CVE-2022-24675 clash: golang: encoding/pem: fix stack overflow in Decode [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2084708 [ 2 ] Bug #2084888 - CVE-2022-28327 clash: golang: crypto/elliptic: panic caused by oversized scalar [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2084888 -------------------------------------------------------------------------------- ================================================================================ linux-system-roles-1.18.1-2.fc34 (FEDORA-2022-7d8a0bf693) Set of interfaces for unified system management -------------------------------------------------------------------------------- Update Information: sshd - recurse into tests and examples sub-directories when replacing string in files the sshd role latest version added sub-directories under tests that need role name replacement - so just use find ---- storage - mount_options fix; sshd - include directory handling -------------------------------------------------------------------------------- ChangeLog: * Wed May 18 2022 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.18.1-2 - sshd - recurse into tests and examples sub-directories when replacing string in files the sshd role latest version added sub-directories under tests that need role name replacement - so just use find * Mon May 16 2022 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.18.1-1 - sshd - sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf" Resolves: rhbz#2086934 (8.7.0) Resolves: rhbz#2052081 (9.1.0) - sshd - sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9 Resolves: rhbz#2086935 (8.7.0) Resolves: rhbz#2052086 (9.1.0) - storage - storage role cannot set mount_options for volumes Resolves: rhbz#2083378 (8.7.0) Resolves: rhbz#2083376 (9.1.0) -------------------------------------------------------------------------------- ================================================================================ moodle-3.11.7-1.fc34 (FEDORA-2022-bd4457bcc4) A Course Management System -------------------------------------------------------------------------------- Update Information: Multiple CVE fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed May 18 2022 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.11.7-1 - 3.11.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2087632 - CVE-2022-30596 moodle: Stored XSS in assignment bulk marker allocation form via user ID number [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2087632 [ 2 ] Bug #2087633 - CVE-2022-30597 moodle: Description field hidden by user policies (hiddenuserfields) is still visible [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2087633 [ 3 ] Bug #2087634 - CVE-2022-30599 moodle: SQL injection risk in badge award criteria [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2087634 [ 4 ] Bug #2087635 - CVE-2022-30600 moodle: Failed login attempts counted incorrectly [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2087635 [ 5 ] Bug #2087636 - CVE-2022-30598 moodle: global search results reveal authors of content unexpectedly for some activities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2087636 -------------------------------------------------------------------------------- ================================================================================ syncthing-1.20.1-1.fc34 (FEDORA-2022-09d6914607) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 1.20.1. Release notes: - 1.20.0: https://github.com/syncthing/syncthing/releases/tag/v1.20.0 - 1.20.1: https://github.com/syncthing/syncthing/releases/tag/v1.20.1 -------------------------------------------------------------------------------- ChangeLog: * Wed May 18 2022 Fabio Valentini <decathorpe@xxxxxxxxx> 1.20.1-1 - Update to version 1.20.1; Fixes RHBZ#2081813 -------------------------------------------------------------------------------- ================================================================================ vim-8.2.4975-1.fc34 (FEDORA-2022-d044e7e0b4) The VIM editor -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2022-1769, CVE-2022-1733, CVE-2022-1674 -------------------------------------------------------------------------------- ChangeLog: * Wed May 18 2022 Zdenek Dohnal <zdohnal@xxxxxxxxxx> - 2:8.2.4975-1 - patchlevel 4975 * Tue May 17 2022 Zdenek Dohnal <zdohnal@xxxxxxxxxx> - 2:8.2.4969-1 - patchlevel 4969 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2085393 - CVE-2022-1674 vim: NULL pointer dereference in vim_regexec_string() of regexp.c https://bugzilla.redhat.com/show_bug.cgi?id=2085393 [ 2 ] Bug #2087594 - CVE-2022-1769 vim: a buffer over-read found in scriptfile.c https://bugzilla.redhat.com/show_bug.cgi?id=2087594 [ 3 ] Bug #2087600 - CVE-2022-1733 vim: Heap-based Buffer Overflow in cindent.c https://bugzilla.redhat.com/show_bug.cgi?id=2087600 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
