The following Fedora 35 Security updates need testing:
Age URL
286
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
17
https://bodhi.fedoraproject.org/updates/FEDORA-2022-de515f765f
nodejs-16.18.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f44dd1bec2
python3.10-3.10.8-3.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e733724edb
freerdp-2.8.1-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-003403ec6b
samba-4.15.12-0.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14f11bfc73
ntfs-3g-2022.10.3-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-927df621df
thunderbird-102.5.0-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53a4a5dd11 xen-4.15.4-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-73e61f4c0b
drupal7-i18n-1.31-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-42723b43fe
python-virtualbmc-3.0.0-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-333df1c4aa
galera-26.4.13-1.fc35 mariadb-10.5.18-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cbbd105d08
heimdal-7.7.1-3.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-07dd239d6c
admesh-0.98.5-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-df2f4923ea
libetpan-1.9.4-9.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-269b27bdbc
firefox-107.0-3.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ce9378e90 grub2-2.06-14.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
104
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
68
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a
libblockdev-2.28-2.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-43fa48ce4e
python-rpmautospec-0.3.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-08abe36a9e
linux-firmware-20221109-144.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f700faae4 glibc-2.34-49.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e733724edb
freerdp-2.8.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f44dd1bec2
python3.10-3.10.8-3.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53a4a5dd11 xen-4.15.4-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-927df621df
thunderbird-102.5.0-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-14f11bfc73
ntfs-3g-2022.10.3-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-003403ec6b
samba-4.15.12-0.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b402a5ebdf
libxcrypt-4.4.33-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7184211fc4 koji-1.31.0-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b29661d86 vim-9.0.915-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-32e69d01a9
libbsd-0.11.7-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ce9378e90 grub2-2.06-14.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9fde12c816 gcc-11.3.1-4.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-269b27bdbc
firefox-107.0-3.fc35
The following builds have been pushed to Fedora 35 updates-testing
advancecomp-2.4-1.fc35
aime-8.20221121-1.fc35
castxml-0.4.8-1.fc35
chatterino2-2.3.5-6.fc35
fedora-license-data-1.8-1.fc35
gns3-server-2.2.34-1.fc35.1
hplip-3.22.10-1.fc35
ibus-typing-booster-2.19.8-2.fc35
langtable-0.0.61-1.fc35
minigalaxy-1.2.2-2.fc35
parallel-20221122-1.fc35
pcm-202211-0.fc35
qatengine-0.6.17-1.fc35
qatlib-22.07.2-1.fc35
qatzip-1.1.0-1.fc35
qownnotes-22.11.8-2.fc35
rust-rpm-sequoia-1.2.0-1.fc35
rust-sequoia-openpgp-1.11.0-1.fc35
rust-sequoia-policy-config-0.5.0-1.fc35
sane-backends-1.1.1-9.fc35
Details about builds:
================================================================================
advancecomp-2.4-1.fc35 (FEDORA-2022-99c00af79f)
Recompression utilities for .png, .mng, .zip and .gz files
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.4-1
- Update to 2.4 (close RHBZ#2145023)
- Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016,
CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-5
- Identify bundled 7-Zip as ���7zip��� rather than ���7z���
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-4
- Add a comment about upstream tests
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-3
- Stricter file globs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2127376 - CVE-2022-35014 advancecomp: SEGV via invalid read address
https://bugzilla.redhat.com/show_bug.cgi?id=2127376
[ 2 ] Bug #2127378 - CVE-2022-35015 advancecomp: heap-buffer-overflow in
le_uint32_read() in lib/endianrw.h
https://bugzilla.redhat.com/show_bug.cgi?id=2127378
[ 3 ] Bug #2127380 - CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in
data.cc
https://bugzilla.redhat.com/show_bug.cgi?id=2127380
[ 4 ] Bug #2127383 - CVE-2022-35017 advancecomp: heap-buffer-overflow in
mng_delta_addition() in mng.c
https://bugzilla.redhat.com/show_bug.cgi?id=2127383
[ 5 ] Bug #2127386 - CVE-2022-35018 advancecomp: SEGV via invalid read memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127386
[ 6 ] Bug #2127389 - CVE-2022-35019 advancecomp: SEGV via invalid write memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127389
[ 7 ] Bug #2127394 - CVE-2022-35020 advancecomp: heap buffer overflow via the component
inflate()
https://bugzilla.redhat.com/show_bug.cgi?id=2127394
--------------------------------------------------------------------------------
================================================================================
aime-8.20221121-1.fc35 (FEDORA-2022-2aa8c99bac)
An application embeddable programming language interpreter
--------------------------------------------------------------------------------
Update Information:
- Update to 8.20221121 fixes rhbz#2145128
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Filipe Rosset <rosset.filipe(a)gmail.com> - 8.20221121-1
- Update to 8.20221121 fixes rhbz#2145128
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2145128 - aime-8.20221121 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2145128
--------------------------------------------------------------------------------
================================================================================
castxml-0.4.8-1.fc35 (FEDORA-2022-9ad41754fe)
C-family abstract syntax tree XML output tool
--------------------------------------------------------------------------------
Update Information:
CastXML 0.4.8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.4.8-1
- Update to version 0.4.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2145095 - castxml-0.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2145095
--------------------------------------------------------------------------------
================================================================================
chatterino2-2.3.5-6.fc35 (FEDORA-2022-3430d423d7)
Chat client for twitch.tv
--------------------------------------------------------------------------------
Update Information:
build: Add Requires: qt5-qtsvg
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 2.3.5-6
- build: ExcludeArch: %{ix86}
* Thu Nov 24 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 2.3.5-5
- build: Add Requires: qt5-qtsvg
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 4 2022 Thomas Rodgers <trodgers(a)redhat.com> - 2.3.5-2
- Rebuilt for Boost 1.78
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.8-1.fc35 (FEDORA-2022-8408d01cdb)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add Public Domain license text used in libselinux - Make LicenseRef for GPLv2
with UPX exception more SPDX-confrmant - Add the equivalent LicenseRef-UPX and
LicenseRef-GPL-2.0-or-later WITH UPX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.8-1
- Add Public Domain license text used in libselinux (plautrba(a)redhat.com)
- Make LicenseRef for GPLv2 with UPX exception more SPDX-confrmant
(rfontana(a)redhat.com)
- Add the equivalent LicenseRef-UPX and LicenseRef-GPL-2.0-or-later WITH UPX
(rfontana(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
gns3-server-2.2.34-1.fc35.1 (FEDORA-2022-edab3bc08f)
Graphical Network Simulator 3
--------------------------------------------------------------------------------
Update Information:
Fix installation on f35
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Nicolas Chauvet <kwizart(a)gmail.com> - 2.2.34-1.1
- Fix req for f35
--------------------------------------------------------------------------------
================================================================================
hplip-3.22.10-1.fc35 (FEDORA-2022-d4eb64c740)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
2139309 - hplip-3.22.10 is available
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.22.10-1
- 2139309 - hplip-3.22.10 is available
* Wed Oct 19 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.22.6-5
- distutils will be removed in Python3.12, use setuptools now
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139309 - hplip-3.22.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139309
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.19.8-2.fc35 (FEDORA-2022-2b4dc14004)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Migrate license tag to SPDX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Mike FABIAN <mfabian(a)redhat.com> - 2.19.8-2
- Migrate license tag to SPDX
--------------------------------------------------------------------------------
================================================================================
langtable-0.0.61-1.fc35 (FEDORA-2022-7d00240a55)
Guessing reasonable defaults for locale, keyboard layout, territory, and language.
--------------------------------------------------------------------------------
Update Information:
Update to 0.0.61 Add mnw_MM.UTF-8 and ckb_IQ.UTF-8 Do not run test cases using
Python2 anymore Add bih Add more translations from CLDR Migrate license tag to
SPDX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Mike FABIAN <mfabian(a)redhat.com> - 0.0.61-1
- Update to 0.0.61
- Add mnw_MM.UTF-8 and ckb_IQ.UTF-8
- Do not run test cases using Python2 anymore
- Add bih
- Add more translations from CLDR
- Migrate license tag to SPDX
--------------------------------------------------------------------------------
================================================================================
minigalaxy-1.2.2-2.fc35 (FEDORA-2022-01e0d93da7)
GOG client for Linux that lets you download and play your GOG Linux games
--------------------------------------------------------------------------------
Update Information:
build: Recommends: innoextract
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 1.2.2-2
- build: Recommends: innoextract
--------------------------------------------------------------------------------
================================================================================
parallel-20221122-1.fc35 (FEDORA-2022-0a38aa7b91)
Shell tool for executing jobs in parallel
--------------------------------------------------------------------------------
Update Information:
- updated to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Filipe Rosset <rosset.filipe(a)gmail.com> 20221122-1
- updated to latest version
--------------------------------------------------------------------------------
================================================================================
pcm-202211-0.fc35 (FEDORA-2022-2f848c47a0)
Intel(r) Performance Counter Monitor
--------------------------------------------------------------------------------
Update Information:
update to 202211
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Roman Dementiev <roman.dementiev(a)intel.com> 0.1-10
- Update to new upstream repository location and the name
- Update to version 202211
--------------------------------------------------------------------------------
================================================================================
qatengine-0.6.17-1.fc35 (FEDORA-2022-8e20921b45)
Intel QuickAssist Technology (QAT) OpenSSL Engine
--------------------------------------------------------------------------------
Update Information:
Update to qatengine v0.6.17
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Yogaraj Alamenda <yogarajx.alamenda(a)intel.com> - 0.6.17-1
- Update to qatengine v0.6.17
--------------------------------------------------------------------------------
================================================================================
qatlib-22.07.2-1.fc35 (FEDORA-2022-c64f915e14)
Intel QuickAssist user space library
--------------------------------------------------------------------------------
Update Information:
Update QAT packages: * qatlib-22.07.2-1 * qatzip-1.1.0-1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 15 2022 Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> - 22.07.2-1
- Update to qatlib 22.07.2
* Thu Oct 20 2022 Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> - 22.07.1-1
- Update to qatlib 22.07.1
--------------------------------------------------------------------------------
================================================================================
qatzip-1.1.0-1.fc35 (FEDORA-2022-c64f915e14)
Intel QuickAssist Technology (QAT) QATzip Library
--------------------------------------------------------------------------------
Update Information:
Update QAT packages: * qatlib-22.07.2-1 * qatzip-1.1.0-1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Vladis Dronov <vdronov(a)redhat.com> - 1.1.0-1
- Rebuild for qatzip v1.1.0
--------------------------------------------------------------------------------
================================================================================
qownnotes-22.11.8-2.fc35 (FEDORA-2022-2be7cc925d)
Plain-text file markdown note taking with Nextcloud integration
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 22.11.8-2
- build: ExcludeArch:��%{ix86}
* Thu Nov 24 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 22.11.8-1
- chore: Update to 22.11.8 (#2143091)
--------------------------------------------------------------------------------
================================================================================
rust-rpm-sequoia-1.2.0-1.fc35 (FEDORA-2022-73af81313d)
Implementation of the RPM PGP interface using Sequoia
--------------------------------------------------------------------------------
Update Information:
- Update rpm-sequoia to version 1.2.0. - Update sequoia-policy-config to version
0.5.0. - Update the sequoia-openpgp crate to version 1.11.0. This update
includes v3 Signature support, which is required for the Sequoia PGP backend in
RPM.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.2.0-1
- Update to version 1.2.0; Fixes RHBZ#2145244
* Wed Nov 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.1.2-2
- Rebuild for sequoia-openpgp 1.11.0
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-openpgp-1.11.0-1.fc35 (FEDORA-2022-73af81313d)
OpenPGP data types and associated machinery
--------------------------------------------------------------------------------
Update Information:
- Update rpm-sequoia to version 1.2.0. - Update sequoia-policy-config to version
0.5.0. - Update the sequoia-openpgp crate to version 1.11.0. This update
includes v3 Signature support, which is required for the Sequoia PGP backend in
RPM.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.11.0-1
- Update to version 1.11.0; Fixes RHBZ#2143959
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 1.10.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-policy-config-0.5.0-1.fc35 (FEDORA-2022-73af81313d)
Configure Sequoia using a configuration file
--------------------------------------------------------------------------------
Update Information:
- Update rpm-sequoia to version 1.2.0. - Update sequoia-policy-config to version
0.5.0. - Update the sequoia-openpgp crate to version 1.11.0. This update
includes v3 Signature support, which is required for the Sequoia PGP backend in
RPM.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.5.0-1
- Update to version 0.5.0; Fixes RHBZ#2145245
--------------------------------------------------------------------------------
================================================================================
sane-backends-1.1.1-9.fc35 (FEDORA-2022-601d4b35e8)
Scanner access software
--------------------------------------------------------------------------------
Update Information:
2139882 - Plustek 8100 and 7600i VID:PID are missing in genesys.conf
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.1.1-9
- 2139882 - Plustek 8100 and 7600i VID:PID are missing in genesys.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139882 - Plustek 8100 and 7600i VID:PID are missing in genesys.conf
https://bugzilla.redhat.com/show_bug.cgi?id=2139882
--------------------------------------------------------------------------------