The following Fedora 38 Security updates need testing: Age URL 38 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3dc1f9ba12 cutter-re-2.2.1-1.fc38 rizin-0.5.2-1.fc38.2 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-c7f63322b5 kubernetes-1.26.6-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-7e952959f8 suricata-6.0.13-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3ca351353f moodle-4.1.4-1.fc38 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b86fd9ad80 pcs-0.11.6-1.fc38 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-ac947ec260 sysstat-12.7.4-1.fc38
The following Fedora 38 Critical Path updates have yet to be approved: Age URL 51 https://bodhi.fedoraproject.org/updates/FEDORA-2023-fb366d5ed5 binutils-2.39-12.fc38 13 https://bodhi.fedoraproject.org/updates/FEDORA-2023-1b6672bbe1 uboot-tools-2023.04-2.fc38 13 https://bodhi.fedoraproject.org/updates/FEDORA-2023-ef3b10d387 netcat-1.225-1.fc38 12 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0ac8519750 lxsession-0.5.5-10.D20210419git82580e45.fc38 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-32b5bc8bdf python3-docs-3.11.4-1.fc38 python3.11-3.11.4-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-5e2f30babb perl-Net-HTTP-6.23-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-4cdf4fe0e5 libburn-1.5.6-1.fc38 libisoburn-1.5.6-1.fc38 libisofs-1.5.6-1.fc38 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a4c4cb92bb tomcat-9.0.76-2.fc38 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-9b7e08901a kernel-6.3.9-200.fc38
The following builds have been pushed to Fedora 38 updates-testing
apache-commons-text-1.10.0-1.fc38 apache-ivy-2.5.1-3.fc38 bluez-5.66-6.fc38 ccdciel-0.9.84-1.fc38 ckb-next-0.6.0-1.fc38 corsix-th-0.67~beta1-1.fc38 flmsg-4.0.22-1.fc38 golang-github-schollz-croc-9.6.4-2.fc38 golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38 jc-1.23.3-1.fc38 kjournald-23.04.2-1.fc38 python-trailrunner-1.4.0-1.fc38 qflipper-1.3.2-1.fc38 recoll-1.34.7-1.fc38 samba-4.18.3-4.fc38 sddm-0.20.0-1.fc38
Details about builds:
================================================================================ apache-commons-text-1.10.0-1.fc38 (FEDORA-2023-b8fe73ea37) Apache Commons Text is a library focused on algorithms working on strings -------------------------------------------------------------------------------- Update Information:
**Changelog** ``` * Sat Jun 24 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 1.10.0-1 - Update to version 1.10.0 - Disable tests ``` -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 24 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 1.10.0-1 - Update to version 1.10.0 - Disable tests * Sat Apr 29 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 1.9-5 - migrated to SPDX license --------------------------------------------------------------------------------
================================================================================ apache-ivy-2.5.1-3.fc38 (FEDORA-2023-35f775fd6e) Java-based dependency manager -------------------------------------------------------------------------------- Update Information:
**Changelog** ``` * Sun Jun 25 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 2.5.1-3 - Build with ivy instead of maven ``` -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 2.5.1-3 - Build with ivy instead of maven * Sat Apr 29 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 2.5.1-2 - migrated to SPDX license * Wed Feb 22 2023 Didik Supriadi didiksupriadi41@fedoraproject.org - 2.5.1-1 - Update to version 2.5.1 - Remove alias for jayasoft:ivy -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2140083 - apache-ivy-2.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2140083 [ 2 ] Bug #2154282 - CVE-2022-37866 apache-ivy: : Apache Ivy: Ivy Path traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154282 [ 3 ] Bug #2182189 - CVE-2022-37865 apache-ivy: Directory Traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2182189 --------------------------------------------------------------------------------
================================================================================ bluez-5.66-6.fc38 (FEDORA-2023-deb7bffeb8) Bluetooth utilities -------------------------------------------------------------------------------- Update Information:
This update fixes some devices not being visible when discovering them in GNOME's Bluetooth Settings. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Bastien Nocera bnocera@redhat.com - 5.66-6 - Add patch that fixes some devices not being discoverable in GNOME's Bluetooth Settings --------------------------------------------------------------------------------
================================================================================ ccdciel-0.9.84-1.fc38 (FEDORA-2023-9b9be3b417) CCD capture software -------------------------------------------------------------------------------- Update Information:
- Update to 0.9.84 - i686 builds have been disabled -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Mattia Verga mattia.verga@proton.me - 0.9.84-1 - Update to 0.9.84 (fedora#2216231) * Sun Feb 19 2023 Mattia Verga mattia.verga@proton.me - 0.9.82-1 - Update to 0.9.82 (fedora#2167168) --------------------------------------------------------------------------------
================================================================================ ckb-next-0.6.0-1.fc38 (FEDORA-2023-c6a18f2390) Unofficial driver for Corsair RGB keyboards -------------------------------------------------------------------------------- Update Information:
Update to v0.6.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Artur Frenszek-Iwicki fedora@svgames.pl - 0.6.0-1 - Update to v0.6.0 - Drop Patch0 (buffer overflow fix - backported from this release) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2216986 - ckb-next-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2216986 --------------------------------------------------------------------------------
================================================================================ corsix-th-0.67~beta1-1.fc38 (FEDORA-2023-9130c1c729) Open source clone of Theme Hospital -------------------------------------------------------------------------------- Update Information:
Update to 0.67-beta1 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Artem Polishchuk ego.cordatus@gmail.com - 0.67~beta1-1 - chore: Update to 0.67-beta1 --------------------------------------------------------------------------------
================================================================================ flmsg-4.0.22-1.fc38 (FEDORA-2023-663580766c) Fast Light Message Amateur Radio Forms Manager -------------------------------------------------------------------------------- Update Information:
Version 4.0.22 * maintenance release . 7b2f12e7: Expert dialog window bar . 1c7a02ee: RAFAC F126 . 3fc1ac5a: fltk-1.4 mods Expert dialog window bar * correct window bar name corruption RAFAC F126 * add RAFAC F126 form fltk-1.4 mods Version 4.0.21 * maintenance release Main Window Icon * Fix Fltk transpareny bug for flrig icon. KNAME * correct KNAME define 64 build * update for 64 bit build -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Richard Shaw hobbes1069@gmail.com - 4.0.22-1 - Update to 2.0.22. - Update license tag to SPDX format. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2217249 - flmsg-4.0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=2217249 --------------------------------------------------------------------------------
================================================================================ golang-github-schollz-croc-9.6.4-2.fc38 (FEDORA-2023-ac4651c9b2) Easily and securely send things from one computer to another -------------------------------------------------------------------------------- Update Information:
croc 9.6.4 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Davide Cavalca dcavalca@fedoraproject.org - 9.6.4-2 - Gate out broken test on s390x for f38 * Fri May 19 2023 Mikel Olasagasti Uranga mikel@olasagasti.info - 9.6.4-1 - Update to 9.6.4 - Closes rhbz#2208585 rhbz#2171537 rhbz#2163218 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 9.5.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 9.5.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Maxwell G gotmax@e.email - 9.5.2-2 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2163218 - CVE-2022-41717 golang-github-schollz-croc: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163218 [ 2 ] Bug #2171537 - golang-github-schollz-croc: FTBFS in Fedora rawhide/f38 https://bugzilla.redhat.com/show_bug.cgi?id=2171537 [ 3 ] Bug #2208585 - golang-github-schollz-croc-9.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2208585 --------------------------------------------------------------------------------
================================================================================ golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38 (FEDORA-2023-ac4651c9b2) Method for encoding binary data into a sequence of words -------------------------------------------------------------------------------- Update Information:
croc 9.6.4 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 19 2023 Mikel Olasagasti Uranga mikel@olasagasti.info - 1.0.1-6 - Update to latest git -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2163218 - CVE-2022-41717 golang-github-schollz-croc: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2163218 [ 2 ] Bug #2171537 - golang-github-schollz-croc: FTBFS in Fedora rawhide/f38 https://bugzilla.redhat.com/show_bug.cgi?id=2171537 [ 3 ] Bug #2208585 - golang-github-schollz-croc-9.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2208585 --------------------------------------------------------------------------------
================================================================================ jc-1.23.3-1.fc38 (FEDORA-2023-225960da3c) Serialize the output of CLI tools and file-types to structured JSON -------------------------------------------------------------------------------- Update Information:
Update to v1.23.3 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Artur Frenszek-Iwicki fedora@svgames.pl - 1.23.3-1 - Update to v1.23.3 * Wed Jun 14 2023 Python Maint python-maint@redhat.com - 1.23.2-2 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2216587 - jc-1.23.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2216587 --------------------------------------------------------------------------------
================================================================================ kjournald-23.04.2-1.fc38 (FEDORA-2023-42882354bc) Framework for interacting with systemd-journald -------------------------------------------------------------------------------- Update Information:
Initial release -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 8 2023 Steve Cossette farchord@gmail.com - 23.04.2-1 - Initial release --------------------------------------------------------------------------------
================================================================================ python-trailrunner-1.4.0-1.fc38 (FEDORA-2023-2d2bd98256) Walk paths and run things -------------------------------------------------------------------------------- Update Information:
Update to 1.4.0; Fixes: RHBZ#2181995 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Davide Cavalca dcavalca@fedoraproject.org - 1.4.0-1 - Update to 1.4.0; Fixes: RHBZ#2181995 * Thu Jun 15 2023 Python Maint python-maint@redhat.com - 1.3.0-3 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2181995 - python-trailrunner-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2181995 --------------------------------------------------------------------------------
================================================================================ qflipper-1.3.2-1.fc38 (FEDORA-2023-f0067422b1) Desktop application for updating Flipper Zero firmware via PC -------------------------------------------------------------------------------- Update Information:
Update to 1.3.2; Fixes: RHBZ#2209837 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Davide Cavalca dcavalca@fedoraproject.org - 1.3.2-1 - Update to 1.3.2; Fixes: RHBZ#2209837 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2209837 - qflipper-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2209837 --------------------------------------------------------------------------------
================================================================================ recoll-1.34.7-1.fc38 (FEDORA-2023-40af5dcf67) Desktop full text search tool with Qt GUI -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release recoll 1.34.7. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 25 2023 Terje Rosten terje.rosten@ntnu.no - 1.34.7-1 - 1.34.7 - Add patch from upstream to fix bz#2213017 and bz#2203626 * Tue Jun 13 2023 Python Maint python-maint@redhat.com - 1.34.6-2 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2203626 - [abrt] recoll: module(): rclaspell-sugg.py:54:<module>:aspell.AspellSpellerError: The file "/home/christian/.recoll/aspdict.de.rws" can not be opened for reading. https://bugzilla.redhat.com/show_bug.cgi?id=2203626 [ 2 ] Bug #2213017 - [abrt] recoll: module(): rclaspell-sugg.py:54:<module>:aspell.AspellSpellerError: The file "/home/aaron/.recoll/aspdict.en.rws" can not be opened for reading. https://bugzilla.redhat.com/show_bug.cgi?id=2213017 --------------------------------------------------------------------------------
================================================================================ samba-4.18.3-4.fc38 (FEDORA-2023-dea6c15882) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
This update makes the libwbclient %pre script that was added in the previous update only run on updates (not fresh installs), avoiding a problem when it's ordered before the installation of coreutils on fresh installs. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 26 2023 Adam Williamson awilliam@redhat.com - 4.18.3-4 - Only run libwbclient %pre on upgrade, not fresh install --------------------------------------------------------------------------------
================================================================================ sddm-0.20.0-1.fc38 (FEDORA-2023-d555175828) QML based desktop and login manager -------------------------------------------------------------------------------- Update Information:
Update to final 0.20.0 version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 23 2023 Neal Gompa ngompa@fedoraproject.org - 0.20.0-1 - Update to 0.20.0 final -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2217151 - sddm-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2217151 --------------------------------------------------------------------------------
test-reports@lists.fedoraproject.org
-
updates@fedoraproject.org