The following Fedora 37 Security updates need testing: Age URL 42 https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d cutter-re-2.2.1-1.fc37 rizin-0.5.2-1.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-652b6e8847 dav1d-1.2.1-1.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3b82f4aa86 python-reportlab-4.0.4-2.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-9dbd5b28d4 cups-2.4.6-1.fc37
The following Fedora 37 Critical Path updates have yet to be approved: Age URL 58 https://bodhi.fedoraproject.org/updates/FEDORA-2023-22c8575b95 glibc-2.36-10.fc37 34 https://bodhi.fedoraproject.org/updates/FEDORA-2023-84965ba750 mesa-23.0.3-2.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-652b6e8847 dav1d-1.2.1-1.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-380b6ad4f5 perl-Net-HTTP-6.23-1.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e7076d2d1b libburn-1.5.6-1.fc37 libisoburn-1.5.6-1.fc37 libisofs-1.5.6-1.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-32e5053e33 aom-3.6.1-1.fc37 7 https://bodhi.fedoraproject.org/updates/FEDORA-2023-553e2d9578 tomcat-9.0.76-2.fc37 6 https://bodhi.fedoraproject.org/updates/FEDORA-2023-9feb3be6b1 annobin-12.14-1.fc37 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3be0487f84 gdb-13.2-1.fc37 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-900143f74a sddm-0.20.0-1.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b2e2b2829b edk2-20230524-3.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-473d12a097 sssd-2.9.1-1.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-1be6532d43 perl-HTTP-Tiny-0.086-1.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-05ac97ade0 kernel-6.3.10-100.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-71977cbd52 rust-av-metrics-0.9.1-1.fc37 rust-av1-grain-0.2.2-1.fc37 rust-dav1d-sys-0.7.1-1.fc37 rust-maybe-rayon-0.1.1-1.fc37 rust-rav1e-0.6.6-1.fc37 rust-v_frame-0.3.4-1.fc37 rust-y4m-0.8.0-1.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-71a683d759 cockpit-295-1.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-9dbd5b28d4 cups-2.4.6-1.fc37
The following builds have been pushed to Fedora 37 updates-testing
aardvark-dns-1.7.0-1.fc37 firefox-114.0.2-2.fc37 giac-1.9.0.57-1.fc37 gramps-5.1.6-1.fc37 hddfancontrol-1.5.1-1.fc37 ibus-typing-booster-2.23.0-1.fc37 js8call-2.2.0-17.fc37 netavark-1.7.0-1.fc37 netdata-1.40.1-1.fc37 obs-build-20230628-426.1.1.fc37 poedit-3.3.2-1.fc37 python-aiokafka-0.8.1-1.fc37 python-diskcache-5.6.1-1.fc37 python-managesieve-0.7.1-6.fc37 python-trimesh-3.22.2-1.fc37 ruby-3.1.4-176.fc37 selinux-policy-37.22-1.fc37 webkitgtk-2.40.3-1.fc37
Details about builds:
================================================================================ aardvark-dns-1.7.0-1.fc37 (FEDORA-2023-c86444ddf6) Authoritative DNS server for A/AAAA container records -------------------------------------------------------------------------------- Update Information:
Automatic update for aardvark-dns-1.7.0-1.fc37. ##### **Changelog for aardvark- dns** ``` * Thu Jun 29 2023 Packit hello@packit.dev - 1.7.0-1 - [packit] 1.7.0 upstream release ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Packit hello@packit.dev - 1.7.0-1 - [packit] 1.7.0 upstream release --------------------------------------------------------------------------------
================================================================================ firefox-114.0.2-2.fc37 (FEDORA-2023-add3fda450) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- Enabled PGO/LTO -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 22 2023 Martin Stransky stransky@redhat.com- 114.0.2-2 - Enable PGO/LTO again. --------------------------------------------------------------------------------
================================================================================ giac-1.9.0.57-1.fc37 (FEDORA-2023-241e2dca83) Computer Algebra System, Symbolic calculus, Geometry -------------------------------------------------------------------------------- Update Information:
- Release 1.9.0 sub-57 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Antonio Trande sagitter@fedoraproject.org 1.9.0.57-1 - Update to 1.9.0 sub-57 * Wed Feb 1 2023 Antonio Trande sagitter@fedoraproject.org 1.9.0.37-1 - Update to 1.9.0 sub-37 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.9.0.35-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jan 10 2023 Antonio Trande sagitter@fedoraproject.org 1.9.0.35-1 - Update to 1.9.0 sub-35 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2150422 - Crash on start-up https://bugzilla.redhat.com/show_bug.cgi?id=2150422 [ 2 ] Bug #2217980 - giac-1.9.0.57 is available https://bugzilla.redhat.com/show_bug.cgi?id=2217980 --------------------------------------------------------------------------------
================================================================================ gramps-5.1.6-1.fc37 (FEDORA-2023-450c622942) Genealogical Research and Analysis Management Programming System -------------------------------------------------------------------------------- Update Information:
5.1.6 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Gwyn Ciesla gwync@protonmail.com - 5.1.6-1 - 5.1.6 * Thu Jun 15 2023 Python Maint python-maint@redhat.com - 5.1.5-6 - Rebuilt for Python 3.12 * Tue Feb 28 2023 Gwyn Ciesla gwync@protonmail.com - 5.1.5-5 - migrated to SPDX license * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 5.1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2218697 - gramps-5.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2218697 --------------------------------------------------------------------------------
================================================================================ hddfancontrol-1.5.1-1.fc37 (FEDORA-2023-c1a37547d3) Control system fan speed by monitoring hard drive temperature -------------------------------------------------------------------------------- Update Information:
- Update to 1.5.1 fixes rhbz#2217647 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Filipe Rosset rosset.filipe@gmail.com - 1.5.1-1 - Update to 1.5.1 fixes rhbz#2217647 * Thu Jun 15 2023 Python Maint python-maint@redhat.com - 1.5.0-6 - Rebuilt for Python 3.12 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.5.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2217647 - hddfancontrol-1.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2217647 --------------------------------------------------------------------------------
================================================================================ ibus-typing-booster-2.23.0-1.fc37 (FEDORA-2023-f63d253d37) A completion input method -------------------------------------------------------------------------------- Update Information:
Update to 2.23.0 Translation update from Weblate (de 100%, ka 100%, nl 100%, sv 100%, uk 100%) configure.ac: eadd a warning about not using /usr/local as the prefix (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/444) Add an option to convert language specific digits to ASCII (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/445) Strip entered autosettings value for boolean values Update emoji annotations from CLDR -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 28 2023 Mike FABIAN mfabian@redhat.com - 2.23.0-1 - Update to 2.23.0 - Translation update from Weblate (de 100%, ka 100%, nl 100%, sv 100%, uk 100%) - configure.ac: add a warning about not using /usr/local as the prefix (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/444) - Add an option to convert language specific digits to ASCII (Resolves: https://github.com/mike-fabian/ibus-typing-booster/issues/445) - Strip entered autosettings value for boolean values - Update emoji annotations from CLDR --------------------------------------------------------------------------------
================================================================================ js8call-2.2.0-17.fc37 (FEDORA-2023-1f04ee4977) Amateur Radio message passing using FT8 modulation -------------------------------------------------------------------------------- Update Information:
Add Appstream file for the software store. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 28 2023 Daniel Rusek mail@asciiwolf.com - 2.2.0-17 - Add an AppStream metainfo file * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 2.2.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2218205 - JS8Call has no AppStream metadata https://bugzilla.redhat.com/show_bug.cgi?id=2218205 --------------------------------------------------------------------------------
================================================================================ netavark-1.7.0-1.fc37 (FEDORA-2023-27259952f7) OCI network stack -------------------------------------------------------------------------------- Update Information:
Automatic update for netavark-1.7.0-1.fc37. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Packit hello@packit.dev - 1.7.0-1 - [packit] 1.7.0 upstream release --------------------------------------------------------------------------------
================================================================================ netdata-1.40.1-1.fc37 (FEDORA-2023-76cf1bcf13) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information:
Update from upstream -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Didier Fabert didier.fabert@gmail.com 1.40.1-1 - Update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2215364 - netdata-1.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2215364 --------------------------------------------------------------------------------
================================================================================ obs-build-20230628-426.1.1.fc37 (FEDORA-2023-7eabca8215) A generic package build script -------------------------------------------------------------------------------- Update Information:
New upstream release 20230628 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Dan ��erm��k dan.cermak@cgc-instruments.com - 20230628-1 - New upstream release 20230628, fixes rhbz#2218325 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2218325 - obs-build-20230628 is available https://bugzilla.redhat.com/show_bug.cgi?id=2218325 --------------------------------------------------------------------------------
================================================================================ poedit-3.3.2-1.fc37 (FEDORA-2023-576216ffd6) GUI editor for GNU gettext .po files -------------------------------------------------------------------------------- Update Information:
New upstream version 3.3.2 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 26 2023 Wolfgang St��ggl c72578@yahoo.de - 3.3.2-1 - New upstream version --------------------------------------------------------------------------------
================================================================================ python-aiokafka-0.8.1-1.fc37 (FEDORA-2023-251f76ed99) Asyncio client for Kafka -------------------------------------------------------------------------------- Update Information:
Update to 0.8.1 (resolve rhbz#2211696) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Roman Inflianskas rominf@aiven.io - 0.8.1-1 - Update to 0.8.1 (resolve rhbz#2211696) * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2211696 - python-aiokafka-0.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2211696 --------------------------------------------------------------------------------
================================================================================ python-diskcache-5.6.1-1.fc37 (FEDORA-2023-e4907a9426) Python disk-backed cache -------------------------------------------------------------------------------- Update Information:
Unretire package -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Benson Muite benson_muite@emailplus.org - 5.6.1-1 - Unretire package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2215710 - Review Request: python-diskcache - Python disk-backed cache https://bugzilla.redhat.com/show_bug.cgi?id=2215710 --------------------------------------------------------------------------------
================================================================================ python-managesieve-0.7.1-6.fc37 (FEDORA-2023-d797723a3e) Accessing a Sieve-Server for managing Sieve scripts -------------------------------------------------------------------------------- Update Information:
Fix use of ssl.wrap_socket() (CWE-295: Improper Certificate Validation) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Sandro devel@penguinpee.nl - 0.7.1-6 - Add missing changelog entries * Thu Jun 29 2023 Sandro devel@penguinpee.nl - 0.7.1-5 - Migrate to SPDX license * Thu Jun 29 2023 Sandro devel@penguinpee.nl - 0.7.1-4 - Fix ssl.wrap_socket AttributeError * Fri Jan 6 2023 Steve Traylen steve.traylen@cern.ch - 0.7.1-1 - Update to 0.7.1 - LICENSE file now included in release - Migrate to pyproject macros --------------------------------------------------------------------------------
================================================================================ python-trimesh-3.22.2-1.fc37 (FEDORA-2023-9753375d4e) Import, export, process, analyze and view triangular meshes -------------------------------------------------------------------------------- Update Information:
Update to 3.22.2 (close RHBZ#2218416) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Benjamin A. Beasley code@musicinmybrain.net - 3.22.2-1 - Update to 3.22.2 (close RHBZ#2218416) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2218416 - python-trimesh-3.22.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2218416 --------------------------------------------------------------------------------
================================================================================ ruby-3.1.4-176.fc37 (FEDORA-2023-7f13da96c6) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information:
* Fix another issue when resolving platform specific gems (RHBZ#2178171) -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 6 2023 Jarek Prokop jprokop@redhat.com - 3.1.4-176 - Fix bundler improperly resolving with --deployment. Resolves: rhbz#2178171 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2178171 - bundled rubygem-bundler-2.3.26: hangs on resolving dependencies when a dependency does not support current platform https://bugzilla.redhat.com/show_bug.cgi?id=2178171 --------------------------------------------------------------------------------
================================================================================ selinux-policy-37.22-1.fc37 (FEDORA-2023-e74ea79879) SELinux policy configuration -------------------------------------------------------------------------------- Update Information:
New F37 selinux-policy build -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 29 2023 Zdenek Pytela zpytela@redhat.com - 37.22-1 - Allow exim read network sysctls - Allow kernel to manage its own BPF objects - Allow plymouthd read/write X server miscellaneous devices - Allow blueman send general signals to unprivileged user domains - Allow logwatch_mail_t read network sysctls -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2101151 - plymouthd was denied reading and writing to /dev/dri/card1 while booting Rawhide in a VM https://bugzilla.redhat.com/show_bug.cgi?id=2101151 [ 2 ] Bug #2181362 - SELinux is preventing blueman-mechani from using the 'signal' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=2181362 [ 3 ] Bug #2211025 - SELinux denial on every Exim queue run https://bugzilla.redhat.com/show_bug.cgi?id=2211025 --------------------------------------------------------------------------------
================================================================================ webkitgtk-2.40.3-1.fc37 (FEDORA-2023-be1ed6a2b4) GTK web content engine library -------------------------------------------------------------------------------- Update Information:
Update to 2.40.3: * Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events. * Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-32439 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 28 2023 Michael Catanzaro mcatanzaro@redhat.com - 2.40.3-1 - Update to 2.40.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2212303 - [abrt] epiphany-runtime: std::__glibcxx_assert_fail(char const*, int, char const*, char const*)(): epiphany killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=2212303 [ 2 ] Bug #2218641 - TRIAGE-CVE-2023-32439 webkitgtk: type confusion issue leading to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2218641 --------------------------------------------------------------------------------
test-reports@lists.fedoraproject.org