The following Fedora 37 Security updates need testing:
Age URL
45 https://bodhi.fedoraproject.org/updates/FEDORA-2023-6bdc769313 cutter-re-2.2.0-1.fc37 rizin-0.5.1-1.fc37
4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-749cb1a0d5 apptainer-1.1.8-1.fc37
The following Fedora 37 Critical Path updates have yet to be approved:
Age URL
138 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf8feea173 lorax-37.10-1.fc37
12 https://bodhi.fedoraproject.org/updates/FEDORA-2023-734593f163 edk2-20230301gitf80f052277c8-3.fc37
10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b892930b88 mariadb-connector-c-3.3.4-2.fc37
10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-363cf1cea2 cockpit-290-1.fc37
9 https://bodhi.fedoraproject.org/updates/FEDORA-2023-34a075d304 llvm-15.0.7-2.fc37
5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-acfbdb28cd bind-9.18.14-1.fc37 bind-dyndb-ldap-11.10-13.fc37
5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-82734f264d onboard-1.4.1-30.fc37
5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-bb53b89e8a libmediainfo-23.03-2.fc37 libzen-0.4.41-1.fc37 mediainfo-23.03-2.fc37
4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-cd5d0e8f18 nautilus-43.4-1.fc37
4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a4ed654b20 glibmm2.4-2.66.6-1.fc37
3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-13093d1386 selinux-policy-37.20-1.fc37
3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a88a701820 gnome-shell-43.5-1.fc37 mutter-43.5-1.fc37
3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-44868fd669 389-ds-base-2.2.7-2.fc37
3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-319b7f56ac xorg-x11-server-1.20.14-23.fc37
3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e743a79041 perl-5.36.1-493.fc37 polymake-4.9-2.fc37
2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-66697036e9 audit-3.1.1-1.fc37
2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0db7d5ea15 dracut-059-2.fc37
2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-2d90d74c3a xorg-x11-server-Xwayland-22.1.9-2.fc37
2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de6457ef5 abrt-2.16.1-1.fc37 libreport-2.17.9-1.fc37 satyr-0.42-1.fc37
1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-48d1193166 elfutils-0.189-2.fc37
1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-32d08f02af java-17-openjdk-17.0.7.0.7-1.fc37 java-latest-openjdk-20.0.1.0.9-4.rolling.fc37
1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d6585a3ab python-dogpile-cache-1.1.8-1.fc37
The following builds have been pushed to Fedora 37 updates-testing
bodhi-client-7.2.0-1.fc37
bodhi-messages-7.2.0-1.fc37
bodhi-server-7.2.0-1.fc37
foot-1.14.0-2.fc37
galera-26.4.14-1.fc37
java-11-openjdk-portable-11.0.19.0.7-2.fc37
jello-1.6.0-1.fc37
libopenmpt-0.6.10-1.fc37
mariadb-10.5.19-2.fc37
perl-User-Identity-1.02-1.fc37
python-formulaic-0.5.2-7.fc37
python-meson-python-0.13.1-3.fc37
python-nose2-0.13.0-1.fc37
rakudo-2023.04-2.fc37
rubygem-redcarpet-3.3.2-26.fc37
rust-anyhow-1.0.71-1.fc37
rust-matrixmultiply-0.3.5-1.fc37
rust-quoted_printable-0.4.8-1.fc37
rust-uuid-1.3.2-1.fc37
Details about builds:
================================================================================
bodhi-client-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860)
Bodhi client
--------------------------------------------------------------------------------
Update Information:
Update to 7.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Mattia Verga <mattia.verga(a)proton.me> - 7.2.0-1
- Update to 7.2.0
--------------------------------------------------------------------------------
================================================================================
bodhi-messages-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860)
JSON schema for messages sent by Bodhi
--------------------------------------------------------------------------------
Update Information:
Update to 7.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Mattia Verga <mattia.verga(a)proton.me> - 7.2.0-1
- Update to 7.2.0
--------------------------------------------------------------------------------
================================================================================
bodhi-server-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860)
Bodhi server
--------------------------------------------------------------------------------
Update Information:
Update to 7.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Mattia Verga <mattia.verga(a)proton.me> - 7.2.0-1
- Update to 7.2.0
--------------------------------------------------------------------------------
================================================================================
foot-1.14.0-2.fc37 (FEDORA-2023-962e3da4e4)
Fast, lightweight and minimalistic Wayland terminal emulator
--------------------------------------------------------------------------------
Update Information:
Use correct dock and window switcher icons in GNOME
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 29 2023 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.14.0-2
- Use correct dock and window switcher icons in GNOME
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2188908 - Issue in Gnome app switcher
https://bugzilla.redhat.com/show_bug.cgi?id=2188908
--------------------------------------------------------------------------------
================================================================================
galera-26.4.14-1.fc37 (FEDORA-2023-49ceccb273)
Synchronous multi-master wsrep provider (replication engine)
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.5.19 & Galera 26.4.14** Release notes:
https://mariadb.com/kb/en/mariadb-10-5-19-release-notes/
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 29 2023 Michal Schorm <mschorm(a)redhat.com> - 26.4.14-1
- Rebase to 26.4.14
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> - 26.4.13-3
- Rebuilt for Boost 1.81
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 26.4.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2177093 - galera-26.4.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2177093
--------------------------------------------------------------------------------
================================================================================
java-11-openjdk-portable-11.0.19.0.7-2.fc37 (FEDORA-2023-0ab3a5423f)
OpenJDK 11 Runtime Environment portable edition
--------------------------------------------------------------------------------
Update Information:
Updatings portables to ajva April security update, with few enhancements be
properly repacked.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 29 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:11.0.19.0.7-0.2.ea
- removed steps which belongs to integrating rpms or done elsewhere:
- - systemtaps, staticlibs, symlinks, icons, desktop files
- moved remaning steps to proepr place:
- - man pages encoding fix, legal, permissions fix, javadocs
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.19.0.7-0.1.ea
- Update to jdk-11.0.19.0+7
- Update release notes to 11.0.19.0+7
- Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Rebase FIPS support against 11.0.19+6
- Rebase RH1750419 alt-java patch against 11.0.19+6
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
--------------------------------------------------------------------------------
================================================================================
jello-1.6.0-1.fc37 (FEDORA-2023-a89eeec210)
Query JSON at the command line with Python syntax
--------------------------------------------------------------------------------
Update Information:
### `jello` 20230423 v1.6.0 - Add the ability to directly use a JSON file or
JSON Lines files as data input (`-f`) - Add the ability to load a query from a
file (`-q`) - Add the empty data option (`-e`) - Fix user-defined functions in`
~/.jelloconf` initialization file
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.6.0-1
- Update to 1.6.0 (close RHBZ#2192142)
--------------------------------------------------------------------------------
================================================================================
libopenmpt-0.6.10-1.fc37 (FEDORA-2023-39720f2961)
C/C++ library to decode tracker music module (MOD) files
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.10 -- https://lib.openmpt.org/libopenmpt/2023/04/15/releases-
0.6.10-0.5.24-0.4.36-0.3.44/
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Michael Schwendt <mschwendt(a)fedoraproject.org> - 0.6.10-1
- update to 0.6.10
--------------------------------------------------------------------------------
================================================================================
mariadb-10.5.19-2.fc37 (FEDORA-2023-49ceccb273)
A very fast and robust SQL database server
--------------------------------------------------------------------------------
Update Information:
**MariaDB 10.5.19 & Galera 26.4.14** Release notes:
https://mariadb.com/kb/en/mariadb-10-5-19-release-notes/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 28 2023 Siddhesh Poyarekar <siddhesh(a)redhat.com> - 3:10.5.19-2
- Use _fortify_level to disable fortification in debug builds.
* Fri Apr 28 2023 Michal Schorm <mschorm(a)redhat.com> - 3:10.5.19-1
- Rebase to 10.5.19
* Tue Apr 11 2023 Florian Weimer <fweimer(a)redhat.com> - 3:10.5.18-3
- Port to C99
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3:10.5.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2177093 - galera-26.4.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2177093
--------------------------------------------------------------------------------
================================================================================
perl-User-Identity-1.02-1.fc37 (FEDORA-2023-8fa5e08386)
Maintains info about a physical person
--------------------------------------------------------------------------------
Update Information:
Update perl-User-Identity to 1.02 (#2187275)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 S��rgio Basto <sergio(a)serjux.com> - 1.02-1
- Update perl-User-Identity to 1.02 (#2187275)
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.01-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2187275 - perl-User-Identity-1.02 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2187275
--------------------------------------------------------------------------------
================================================================================
python-formulaic-0.5.2-7.fc37 (FEDORA-2023-e8f5d5d013)
A high-performance implementation of Wilkinson formulas
--------------------------------------------------------------------------------
Update Information:
Confirm License is SPDX MIT; add missing ���arrow��� and ���calculus��� extras
metapackages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.5.2-7
- Drop ���arrow��� extra metapackage on i686
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.5.2-6
- Confirm License is SPDX MIT
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.5.2-5
- Add missing ���arrow��� and ���calculus��� extras metapackages
--------------------------------------------------------------------------------
================================================================================
python-meson-python-0.13.1-3.fc37 (FEDORA-2023-d2a51f2737)
Meson Python build backend (PEP 517)
--------------------------------------------------------------------------------
Update Information:
Initial package for F37
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.13.1-3
- Depend on the system patchelf
- This avoids generating dependencies on python3dist(patchelf).
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.13.1-2
- Let the dist-git branches diverge; drop the spec-file conditionals
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.13.1-1
- Initial package (close RHBZ#2192109)
--------------------------------------------------------------------------------
================================================================================
python-nose2-0.13.0-1.fc37 (FEDORA-2023-9ee8973cd2)
The successor to nose, based on unittest2
--------------------------------------------------------------------------------
Update Information:
### `nose2` 0.13.0 (2023-04-29) - Remove support for python2 and older python3
versions - Fix support for python3.12 to avoid warnings about `addDuration`. -
`nose2` package metadata is converted to pyproject.toml format, using
`setuptools`. Building `nose2` packages from source now requires
`setuptools>=61.0.0` or a PEP 517 compatible build frontend (e.g. `build`). -
`nose2` license metadata has been corrected in format and content to be
distributed in the sdist and wheel distributions correctly.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.13.0-1
- Update to 0.13.0 (close RHBZ#2192205)
* Sun Apr 30 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.0-3
- Don���t assume %_smp_mflags is -j%_smp_build_ncpus
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.0-2
- Update License to SPDX
--------------------------------------------------------------------------------
================================================================================
rakudo-2023.04-2.fc37 (FEDORA-2023-ac73ee36a2)
Raku on MoarVM, JVM, and JS
--------------------------------------------------------------------------------
Update Information:
Fix failed tests
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 29 2023 topazus <topazus(a)outlook.com> - 2023.04-2
- Fix failed tests
* Fri Apr 28 2023 topazus <topazus(a)outlook.com> - 2023.04-1
- Update to 2023.04
--------------------------------------------------------------------------------
================================================================================
rubygem-redcarpet-3.3.2-26.fc37 (FEDORA-2023-8682a0e17d)
A fast, safe and extensible Markdown to (X)HTML parser
--------------------------------------------------------------------------------
Update Information:
A security flow was found on redcarpet that escaping html was not properly done
even if requested on some cases which may cause XSS vulnerability. This issue is
now assigned as CVE-2020-26298. This new rpm should fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 3.3.2-26
- Bacckport upstream patch for CVE-2020-26298 (bug 1915370)
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.2-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 4 2023 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 3.3.2-24
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1915371 - CVE-2020-26298 rubygem-redcarpet: does not escape HTML when processing quotes which could result in XSS vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1915371
--------------------------------------------------------------------------------
================================================================================
rust-anyhow-1.0.71-1.fc37 (FEDORA-2023-73dee7b282)
Flexible concrete Error type built on std::error::Error
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.71.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.71-1
- Update to version 1.0.71; Fixes RHBZ#2192129
--------------------------------------------------------------------------------
================================================================================
rust-matrixmultiply-0.3.5-1.fc37 (FEDORA-2023-6901453605)
General matrix multiplication for f32 and f64 matrices
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.5.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.5-1
- Update to version 0.3.5; Fixes RHBZ#2191693
--------------------------------------------------------------------------------
================================================================================
rust-quoted_printable-0.4.8-1.fc37 (FEDORA-2023-63a6c7238e)
Simple encoder/decoder for quoted-printable data
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.8-1
- Update to version 0.4.8; Fixes RHBZ#2192096
--------------------------------------------------------------------------------
================================================================================
rust-uuid-1.3.2-1.fc37 (FEDORA-2023-e674fe1b4b)
Library to generate and parse UUIDs
--------------------------------------------------------------------------------
Update Information:
Update to version 1.3.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.3.2-1
- Update to version 1.3.2; Fixes RHBZ#2192075
--------------------------------------------------------------------------------