The following Fedora 38 Security updates need testing: Age URL 120 https://bodhi.fedoraproject.org/updates/FEDORA-2023-aaa2b3d20b containerd-1.6.23-1.fc38 33 https://bodhi.fedoraproject.org/updates/FEDORA-2023-13b03a90f9 python-pillow-9.5.0-2.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-ec02e360af tigervnc-1.13.1-9.fc38 xorg-x11-server-1.20.14-28.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0583eedde7 python3-docs-3.11.7-1.fc38 python3.11-3.11.7-2.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-d01f8a69b4 python3.10-3.10.13-2.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-8085628fff python3.9-3.9.18-3.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-f96ff39b59 python3.8-3.8.18-3.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-c0bf8c0c4e python3.12-3.12.1-2.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-7d223ee343 python3.7-3.7.17-4.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b245e992ea python3.6-3.6.15-22.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-cb8c606fbb podman-tui-0.15.0-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-6317eaa767 squid-6.6-1.fc38 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b87ec6cf47 proftpd-1.3.8b-1.fc38 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-52ba628e03 xerces-c-3.2.5-1.fc38 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-55800423a8 libssh-0.10.6-2.fc38

The following Fedora 38 Critical Path updates have yet to be approved: Age URL 58 https://bodhi.fedoraproject.org/updates/FEDORA-2023-06dd18eecb go-rpm-macros-3.3.0-1.fc38 go2rpm-1.10.0-1.fc38 16 https://bodhi.fedoraproject.org/updates/FEDORA-2023-cf471b70ab dnf5-5.1.9-1.fc38 13 https://bodhi.fedoraproject.org/updates/FEDORA-2023-adae9be596 podman-4.8.2-1.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-2526905ef1 kobo-0.35.0-1.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-7b5c84e67a mock-5.3-1.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-8c2dac6ed9 tomcat-9.0.83-1.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-ec02e360af tigervnc-1.13.1-9.fc38 xorg-x11-server-1.20.14-28.fc38 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-49ceece9f0 pungi-4.6.0-1.fc38 python-productmd-1.38-1.fc38 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a7c3351b3e osinfo-db-20231215-1.fc38 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e5cedffde1 cups-2.4.7-5.fc38 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-1bbf4060ec cockpit-307-1.fc38 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-d2fed10480 pyproject-rpm-macros-1.11.0-1.fc38 9 https://bodhi.fedoraproject.org/updates/FEDORA-2023-152a43be70 bluez-5.71-1.fc38 iwd-2.11-1.fc38 libell-0.61-1.fc38 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-aeccf7b447 selinux-policy-38.31-1.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-6fe52eb932 bubblewrap-0.8.0-1.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b9c9759573 zchunk-1.4.0-1.fc38 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0583eedde7 python3-docs-3.11.7-1.fc38 python3.11-3.11.7-2.fc38 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e0f7ba1715 java-17-openjdk-17.0.9.0.9-3.fc38 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-55800423a8 libssh-0.10.6-2.fc38

The following builds have been pushed to Fedora 38 updates-testing

cppcheck-2.13.0-1.fc38 gstreamer1-plugins-bad-free-1.22.8-2.fc38 gstreamer1-plugins-ugly-free-1.22.8-2.fc38 mate-media-1.26.2-1.fc38 nanoflann-1.5.3-1.fc38 nsd-4.8.0-1.fc38 openhmd-0.3.0^20230112gite64708b-1.fc38 partclone-0.3.27-2.fc38 poedit-3.4.2-1.fc38 qmapshack-1.17.1-1.fc38 slurm-22.05.11-2.fc38 texstudio-4.7.2-1.fc38

Details about builds:

================================================================================ cppcheck-2.13.0-1.fc38 (FEDORA-2023-3cad84ff03) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information:

Update to 2.13.0 -------------------------------------------------------------------------------- ChangeLog:

* Sat Dec 23 2023 Wolfgang St��ggl c72578@yahoo.de - 2.13.0-1 - Update to 2.13.0 --------------------------------------------------------------------------------

================================================================================ gstreamer1-plugins-bad-free-1.22.8-2.fc38 (FEDORA-2023-b36c0fa1f0) GStreamer streaming media framework "bad" plugins -------------------------------------------------------------------------------- Update Information:

* Enable dvbsuboverlay and siren plugins in -bad-free * Enable avtp, dtsdec, and flite plugins in -bad-free-extras * Enable asfdemux, dvdlpcmdec, dvdsub, and realmedia plugins in -ugly-free Please note that by definition, conflicts with third-party repositories need to be fixed there, and are not bugs in Fedora itself. -------------------------------------------------------------------------------- ChangeLog:

* Wed Dec 20 2023 Yaakov Selkowitz yselkowi@redhat.com - 1.22.8-2 - Enable dvbsuboverlay and siren plugins - Enable avtp, dtsdec, and flite plugins in extras --------------------------------------------------------------------------------

================================================================================ gstreamer1-plugins-ugly-free-1.22.8-2.fc38 (FEDORA-2023-b36c0fa1f0) GStreamer streaming media framework "ugly" plugins -------------------------------------------------------------------------------- Update Information:

* Enable dvbsuboverlay and siren plugins in -bad-free * Enable avtp, dtsdec, and flite plugins in -bad-free-extras * Enable asfdemux, dvdlpcmdec, dvdsub, and realmedia plugins in -ugly-free Please note that by definition, conflicts with third-party repositories need to be fixed there, and are not bugs in Fedora itself. -------------------------------------------------------------------------------- ChangeLog:

* Wed Dec 20 2023 Yaakov Selkowitz yselkowi@redhat.com - 1.22.8-2 - Enable asfdemux, dvdlpcmdec, dvdsub, and realmedia plugins - Disable AMR plugins in RHEL builds - Resolves: rhbz#2236889 --------------------------------------------------------------------------------

================================================================================ mate-media-1.26.2-1.fc38 (FEDORA-2023-71b4ecc846) MATE media programs -------------------------------------------------------------------------------- Update Information:

- update to 1.26.2 - fix German translation -------------------------------------------------------------------------------- ChangeLog:

* Mon Dec 25 2023 Wolfgang Ulbrich fedora@raveit.de - 1.26.2-1 - update to 1.26.2 - fix german translation --------------------------------------------------------------------------------

================================================================================ nanoflann-1.5.3-1.fc38 (FEDORA-2023-7ce99fe40d) A C++11 header-only library for Nearest Neighbor (NN) search with KD-trees -------------------------------------------------------------------------------- Update Information:

update -------------------------------------------------------------------------------- ChangeLog:

* Mon Dec 25 2023 topazus topazus@outlook.com - 1.5.3-1 - initial import; rhbz#2255796 --------------------------------------------------------------------------------

================================================================================ nsd-4.8.0-1.fc38 (FEDORA-2023-81f7f3e4f1) Fast and lean authoritative DNS Name Server -------------------------------------------------------------------------------- Update Information:

Update to 4.8.0 -------------------------------------------------------------------------------- ChangeLog:

* Mon Dec 25 2023 Fabio Alessandro Locati fale@fedoraproject.org - 4.8.0-1 - Update to 4.8.0 - Resolves: rhbz#2252122 * Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 4.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ openhmd-0.3.0^20230112gite64708b-1.fc38 (FEDORA-2023-2da7ee8b5b) Free and Open Source API and drivers for immersive technology -------------------------------------------------------------------------------- Update Information:

Initial import; Fixes: RHBZ#2244983 -------------------------------------------------------------------------------- ChangeLog:

* Sun Dec 24 2023 Davide Cavalca dcavalca@fedoraproject.org - 0.3.0^20230112gite64708b-1 - Initial import; Fixes: RHBZ#2244983 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2244983 - Review Request: openhmd - Free and Open Source API and drivers for immersive technology https://bugzilla.redhat.com/show_bug.cgi?id=2244983 --------------------------------------------------------------------------------

================================================================================ partclone-0.3.27-2.fc38 (FEDORA-2023-dc8735c1c8) Utility to clone and restore a partition -------------------------------------------------------------------------------- Update Information:

- Build `fail-mbr.bin` on all architectures (using cross-compile) -------------------------------------------------------------------------------- ChangeLog:

* Mon Dec 25 2023 Robert Scheck robert@fedoraproject.org 0.3.27-2 - Build fail-mbr.bin on all architectures (using cross-compile) --------------------------------------------------------------------------------

================================================================================ poedit-3.4.2-1.fc38 (FEDORA-2023-caa8b56052) GUI editor for GNU gettext .po files -------------------------------------------------------------------------------- Update Information:

New upstream version 3.4.2 -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Wolfgang St��ggl c72578@yahoo.de - 3.4.2-1 - New upstream version --------------------------------------------------------------------------------

================================================================================ qmapshack-1.17.1-1.fc38 (FEDORA-2023-ba4c51face) GPS mapping and management tool -------------------------------------------------------------------------------- Update Information:

- updated to 1.17.1 - see https://github.com/Maproom/qmapshack/blob/dev/changelog.txt for details -------------------------------------------------------------------------------- ChangeLog:

* Thu Dec 14 2023 Fedora Release Monitoring release-monitoring@fedoraproject.org - 1.17.1-1 - Update to 1.17.1 (rhbz#2254510) * Wed Nov 15 2023 Sandro Mani manisandro@gmail.com - 1.17.0-2 - Rebuild (gdal) * Fri Jul 21 2023 Fedora Release Monitoring release-monitoring@fedoraproject.org - 1.17.0-1 - Update to 1.17.0 (rhbz#2224655) * Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 1.16.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue May 23 2023 Sandro Mani manisandro@gmail.com - 1.16.1-14 - Rebuild (alglib) * Thu May 11 2023 Sandro Mani manisandro@gmail.com - 1.16.1-13 - Rebuild (gdal) * Fri May 5 2023 Nicolas Chauvet kwizart@gmail.com - 1.16.1-12 - Rebuilt for quazip 1.4 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2254510 - qmapshack-1.17.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2254510 --------------------------------------------------------------------------------

================================================================================ slurm-22.05.11-2.fc38 (FEDORA-2023-540de58d84) Simple Linux Utility for Resource Management -------------------------------------------------------------------------------- Update Information:

- Update to 22.05.11 - Closes CVE-2023-49933 through CVE-2023-49938 -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Neil Hanlon neil@fedoraproject.org - 22.05.11-1 - Update to 22.05.11 (#2155310) - Closes CVE-2023-49933 through CVE-2023-49938; RHBZ bugs: - #2254496, #2254499, #2254502, #2254505, #2254507, #2254509 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2155310 - slurm-23.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2155310 [ 2 ] Bug #2254496 - CVE-2023-49938 slurm: incorrect access control [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254496 [ 3 ] Bug #2254499 - CVE-2023-49937 slurm: double free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254499 [ 4 ] Bug #2254502 - CVE-2023-49936 slurm: null pointer dereference [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254502 [ 5 ] Bug #2254505 - CVE-2023-49935 slurm: Incorrect Access Control [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254505 [ 6 ] Bug #2254507 - CVE-2023-49934 slurm: SQL injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254507 [ 7 ] Bug #2254509 - CVE-2023-49933 slurm: Improper Enforcement of Message Integrity [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254509 --------------------------------------------------------------------------------

================================================================================ texstudio-4.7.2-1.fc38 (FEDORA-2023-5898adebb6) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information:

- update to 4.7.2 - https://github.com/texstudio- org/texstudio/blob/master/utilities/manual/source/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog:

* Mon Dec 25 2023 Johannes Lips hannes@fedoraproject.org 4.7.2-1 - update to 4.7.2 --------------------------------------------------------------------------------