The following Fedora 39 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-9a74d212f8 slurm-22.05.11-2.fc39
The following Fedora 39 Critical Path updates have yet to be approved: Age URL 63 https://bodhi.fedoraproject.org/updates/FEDORA-2023-60969403d0 go-rpm-macros-3.3.0-1.fc39 go2rpm-1.10.0-1.fc39 28 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0a947db1d0 mock-core-configs-39.3-1.fc39 21 https://bodhi.fedoraproject.org/updates/FEDORA-2023-8fd0890f05 dnf5-5.1.9-1.fc39 19 https://bodhi.fedoraproject.org/updates/FEDORA-2023-68ad6ada3b podman-4.8.2-1.fc39 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-ae7f558922 guestfs-tools-1.51.7-1.fc39 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-db59cf7cee libphonenumber-8.13.27-1.fc39 11 https://bodhi.fedoraproject.org/updates/FEDORA-2023-2cfc4d36f1 libguestfs-1.51.10-1.fc39 9 https://bodhi.fedoraproject.org/updates/FEDORA-2023-212cdaad25 brltty-6.6-9.fc39 9 https://bodhi.fedoraproject.org/updates/FEDORA-2023-c12a2a84a4 toolbox-0.0.99.5-1.fc39 8 https://bodhi.fedoraproject.org/updates/FEDORA-2023-1874834244 dhcpcd-10.0.6-1.fc39 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-33bc615d45 edk2-20231122-14.fc39 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bd19e87a3 llvm-17.0.6-2.fc39 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-f13cd1514c python-rpds-py-0.16.2-1.fc39 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e6d91821ae libqalculate-4.9.0-1.fc39 qalculate-gtk-4.9.0-1.fc39 qalculate-qt-4.9.0-1.fc39 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3108bed60d xfce4-settings-4.18.4-1.fc39 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-7dc41db148 aom-3.8.0-1.fc39 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e95ec9541e distribution-gpg-keys-1.99-1.fc39
The following builds have been pushed to Fedora 39 updates-testing
ibus-typing-booster-2.24.10-1.fc39 perl-Spreadsheet-ParseExcel-0.6600-1.fc39 python-aiohttp-3.9.1-1.fc39 python-datalad-0.19.5-1.fc39 python-gbulb-0.6.4-1.fc39 python-pygls-1.2.1-1.fc39 python-pysqueezebox-0.5.5-11.fc39 python-qudida-0.0.4-1.fc39 python-wled-0.4.4-11.fc39 simpleini-4.22-1.fc39 timew-1.7.0-1.fc39 wl-mirror-0.15.0-1.fc39 xarchiver-0.5.4.22-1.fc39
Details about builds:
================================================================================ ibus-typing-booster-2.24.10-1.fc39 (FEDORA-2023-0450d1b7e5) A completion input method -------------------------------------------------------------------------------- Update Information:
Update to 2.24.10 Update the preedit to empty right after deleting surrounding text when reopening a preedit (Resolves: https://github.com/mike-fabian/ibus- typing-booster/issues/474) Improve do_reset() (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/473) (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/474) Fix _record_in_database_and_push_context() Avoid updating the preedit to empty or hiding it if the preedit is already hidden or empty Do not pass through a key release event if the corresponding key press event was handled Remove two probably redundant calls to get_surrounding_text() Hide and clear lookup table and aux in _update_ui_empty_input_try_completion() if no candidates are found Make self._ibus_event_sleep_seconds settable via gsettings Avoid more duplicate calls of _update_preedit() (Resolves: https://github.com/mike-fabian/ibus- typing-booster/issues/473) (Resolves: https://github.com/mike-fabian/ibus- typing-booster/issues/474) Fix disappearing first characters or words in the web clients of WhatsApp and Telegram used in Firefox (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/473) Update emoji annotations from CLDR -------------------------------------------------------------------------------- ChangeLog:
* Fri Dec 29 2023 Mike FABIAN mfabian@redhat.com - 2.24.10-1 - Update to 2.24.10 - Update the preedit to empty right after deleting surrounding text when reopening a preedit (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/474) - Improve do_reset() (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/473) (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/474) - Fix _record_in_database_and_push_context() - Avoid updating the preedit to empty or hiding it if the preedit is already hidden or empty - Do not pass through a key release event if the corresponding key press event was handled - Remove two probably redundant calls to get_surrounding_text() - Hide and clear lookup table and aux in _update_ui_empty_input_try_completion() if no candidates are found - Make self._ibus_event_sleep_seconds settable via gsettings - Avoid more duplicate calls of _update_preedit() (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/473) (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/474) - Fix disappearing first characters or words in the web clients of WhatsApp and Telegram used in Firefox (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/473) - Update emoji annotations from CLDR --------------------------------------------------------------------------------
================================================================================ perl-Spreadsheet-ParseExcel-0.6600-1.fc39 (FEDORA-2023-921f6975c2) Extract information from an Excel file -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability). -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 Paul Howarth paul@city-fan.org - 0.6600-1 - Update to 0.66 - Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability) https://github.com/runrig/spreadsheet-parseexcel/issues/33 - Use author-independent source URL - Use SPDX-format license tag - No longer need to fix document file permissions - Fix permissions verbosely - Don't assume "pm" suffix on manpage files -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2255871 - CVE-2023-7101 perl-Spreadsheet-ParseExcel: unvalidated input can lead to arbitrary code execution vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2255871 --------------------------------------------------------------------------------
================================================================================ python-aiohttp-3.9.1-1.fc39 (FEDORA-2023-a04cc349e1) Python HTTP client/server for asyncio -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 3.9.1-1 - Update to 3.9.1 (fix RHBZ#2252236, fix RHBZ#2252249) - Fixes CVE-2023-49081 and CVE-2023-49082 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2252236 - TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252236 [ 2 ] Bug #2252249 - TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252249 [ 3 ] Bug #2253439 - python-pysqueezebox: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253439 [ 4 ] Bug #2253440 - python-wled: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253440 [ 5 ] Bug #2254945 - deprecation warning: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal https://bugzilla.redhat.com/show_bug.cgi?id=2254945 --------------------------------------------------------------------------------
================================================================================ python-datalad-0.19.5-1.fc39 (FEDORA-2023-85da80bf09) Keep code, data, containers under control with git and git-annex -------------------------------------------------------------------------------- Update Information:
Update to 0.19.5: https://github.com/datalad/datalad/releases/tag/0.19.5 -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 28 2023 Packit hello@packit.dev - 0.19.5-1 - [packit] 0.19.5 upstream release - Resolves rhbz#2256119 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2256119 - python-datalad-0.19.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256119 --------------------------------------------------------------------------------
================================================================================ python-gbulb-0.6.4-1.fc39 (FEDORA-2023-4f46460444) GLib event loop for tulip (PEP 3156) -------------------------------------------------------------------------------- Update Information:
Initial import; Fixes: RHBZ#2195957 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 Davide Cavalca dcavalca@fedoraproject.org - 0.6.4-1 - Initial import; Fixes: RHBZ#2195957 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2195957 - Review Request: python-gbulb - GLib event loop for tulip (PEP 3156) https://bugzilla.redhat.com/show_bug.cgi?id=2195957 --------------------------------------------------------------------------------
================================================================================ python-pygls-1.2.1-1.fc39 (FEDORA-2023-068a471c93) A pythonic generic language server -------------------------------------------------------------------------------- Update Information:
update -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 topazus topazus@outlook.com - 1.2.1-1 - initial import; rhbz#2256187 --------------------------------------------------------------------------------
================================================================================ python-pysqueezebox-0.5.5-11.fc39 (FEDORA-2023-a04cc349e1) Python library to control Logitech Media Server -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 2 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.5.5-11 - Add explicit async-timeout dependency -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2252236 - TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252236 [ 2 ] Bug #2252249 - TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252249 [ 3 ] Bug #2253439 - python-pysqueezebox: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253439 [ 4 ] Bug #2253440 - python-wled: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253440 [ 5 ] Bug #2254945 - deprecation warning: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal https://bugzilla.redhat.com/show_bug.cgi?id=2254945 --------------------------------------------------------------------------------
================================================================================ python-qudida-0.0.4-1.fc39 (FEDORA-2023-8bf20ff3be) QuDiDA (QUick and DIrty Domain Adaptation) -------------------------------------------------------------------------------- Update Information:
``` * Sat Dec 30 2023 Onuralp Sezer thunderbirdtr@fedoraproject.org - 0.0.4-1 - initial package ``` -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 Onuralp Sezer thunderbirdtr@fedoraproject.org - 0.0.4-1 - initial package --------------------------------------------------------------------------------
================================================================================ python-wled-0.4.4-11.fc39 (FEDORA-2023-a04cc349e1) Python client for WLED -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 2 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.4.4-11 - Backport ���Replace async_timeout with asyncio.timeout���, PR#1163 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2252236 - TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252236 [ 2 ] Bug #2252249 - TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252249 [ 3 ] Bug #2253439 - python-pysqueezebox: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253439 [ 4 ] Bug #2253440 - python-wled: Please merge rawhide back to f39 and f38 https://bugzilla.redhat.com/show_bug.cgi?id=2253440 [ 5 ] Bug #2254945 - deprecation warning: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal https://bugzilla.redhat.com/show_bug.cgi?id=2254945 --------------------------------------------------------------------------------
================================================================================ simpleini-4.22-1.fc39 (FEDORA-2023-017da9b302) Cross-platform C++ library to read and write INI-style configuration files -------------------------------------------------------------------------------- Update Information:
update -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 topazus topazus@outlook.com - 4.22-1 - initial import; rhbz#2256266 --------------------------------------------------------------------------------
================================================================================ timew-1.7.0-1.fc39 (FEDORA-2023-db76db05ff) Timewarrior tracks and reports time -------------------------------------------------------------------------------- Update Information:
Update to 1.7.0: https://github.com/GothenburgBitFactory/timewarrior/blob/v1.7.0/ChangeLog -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 24 2023 Packit hello@packit.dev - 1.7.0-1 - [packit] 1.7.0 upstream release - Resolves rhbz#2255777 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2255777 - timew-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2255777 --------------------------------------------------------------------------------
================================================================================ wl-mirror-0.15.0-1.fc39 (FEDORA-2023-dd3b5342c8) Simple Wayland output mirror client -------------------------------------------------------------------------------- Update Information:
Update to 0.15.0 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 Aleksei Bavshin alebastr@fedoraproject.org - 0.15.0-1 - Update to 0.15.0 --------------------------------------------------------------------------------
================================================================================ xarchiver-0.5.4.22-1.fc39 (FEDORA-2023-7581a3540a) Archive manager for Xfce -------------------------------------------------------------------------------- Update Information:
- update fixing some bugs including a security relevant bug -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 30 2023 Fedora Release Monitoring release-monitoring@fedoraproject.org - 0.5.4.22-1 - Update to 0.5.4.22 (rhbz#2256261) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2256261 - xarchiver-0.5.4.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256261 --------------------------------------------------------------------------------
test-reports@lists.fedoraproject.org