The following Fedora 33 Security updates need testing:
Age URL
187
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae829e54ab
httpd-2.4.51-1.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ff1c8680d
libopenmpt-0.4.24-1.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c24b515a72
firefox-93.0-2.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9c737bb848
gfbgraph-0.2.4-1.fc33
2
https://bodhi.fedoraproject.org/updates/FEDORA-2021-449a2bdaf3
rust-coreos-installer-0.10.1-2.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5a9c85737
flatpak-1.10.5-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-45b7585d65
watchdog-5.16-2.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
Age URL
206
https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb
PackageKit-1.2.3-1.fc33
141
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33
libreport-2.15.1-1.fc33 satyr-0.37-2.fc33
57
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed
gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-66109fb131 audit-3.0.6-1.fc33
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-77ae3066b2
gnome-software-3.38.2-4.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b61d7caf9e gjs-1.66.2-10.fc33
mozjs78-78.15.0-1.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1742d200f1
hwdata-0.352-1.fc33
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5a3272b373 pungi-4.3.0-2.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-50faf017ce bc-1.07.1-14.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c24b515a72
firefox-93.0-2.fc33
6
https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b48e0d8cb
tzdata-2021c-1.fc33
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5d0f71681e
btrfs-progs-5.14.2-1.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-269ba2a5f1
perl-Encode-3.08-461.fc33
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-edc35b2812 koji-1.26.1-1.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-0c00a90e34
kernel-5.14.12-100.fc33
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5a9c85737
flatpak-1.10.5-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
bottles-2021.10.14-1.fc33
gdb-10.2-4.fc33
httpie-2.6.0-1.fc33
libzapojit-0.0.3-19.fc33
mozilla-ublock-origin-1.38.6-1.fc33
nodejs-14.18.1-1.fc33
oval-graph-1.3.2-1.fc33
packit-0.39.0-1.fc33
pcp-5.3.4-2.fc33
perl-Authen-Credential-1.2-1.fc33
python-pdfminer-20200517-10.fc33
python-pyopencl-2021.2.8-1.fc33
python-strictyaml-1.1.1-3.fc33
python-tox-3.24.4-1.fc33
quisk-4.1.90-1.fc33
rhino-1.7.13-7.fc33
uronode-2.14-1.fc33
vdr-live-3.0.12-1.fc33
vim-8.2.3512-1.fc33
wget-1.21.2-1.fc33
yash-2.52-1.fc33
Details about builds:
================================================================================
bottles-2021.10.14-1.fc33 (FEDORA-2021-f41ff2630c)
Easily manage Wine prefix in a new way
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2021.10.14-1
- chore(update): 2021.10.14
--------------------------------------------------------------------------------
================================================================================
gdb-10.2-4.fc33 (FEDORA-2021-54093e2d55)
A stub package for GNU source-level debugger
--------------------------------------------------------------------------------
Update Information:
Fix RHBZ 1874275 by modifying gdb-6.6-buildid-locate-rpm.patch (Alexandra
H��jkov��).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 11 2021 Alexandra H��jkov�� <ahajkova(a)redhat.com> - 10.2-4
- Fix RHBZ 1874275 by modifying gdb-6.6-buildid-locate-rpm.patch (Alexandra H��jkov��).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1874275 - please make GDB advise to use dnf debuginfo-install filename
instead dnf --enablerepo='*debug*' install filename
https://bugzilla.redhat.com/show_bug.cgi?id=1874275
--------------------------------------------------------------------------------
================================================================================
httpie-2.6.0-1.fc33 (FEDORA-2021-94c5c96844)
A Curl-like tool for humans
--------------------------------------------------------------------------------
Update Information:
httpie 2.6.0. See [
changelog](https://github.com/httpie/httpie/blob/master/CHANG
ELOG.md#260-2021-10-14).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Miro Hron��ok <mhroncok(a)redhat.com> - 2.6.0-1
- Update to 2.6.0
- Fixes: rhbz#2014022
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014022 - httpie-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2014022
--------------------------------------------------------------------------------
================================================================================
libzapojit-0.0.3-19.fc33 (FEDORA-2021-7f5a82ef57)
GLib/GObject wrapper for the OneDrive and Hotmail REST APIs
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-39360
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Debarshi Ray <rishi(a)fedoraproject.org> - 0.0.3-19
- Guard against invalid SSL certificates (CVE-2021-39360)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1997152 - CVE-2021-39360 libzapojit: missing TLS certificate verification
https://bugzilla.redhat.com/show_bug.cgi?id=1997152
--------------------------------------------------------------------------------
================================================================================
mozilla-ublock-origin-1.38.6-1.fc33 (FEDORA-2021-cb196d5cb6)
An efficient blocker for Firefox
--------------------------------------------------------------------------------
Update Information:
* Fix broken twitch.tv functionality * Update twitch-videoad scriptlet *
Regression with `important` filter option * Weird issues with `removeparam` and
negated types
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.38.6-1
- update to 1.38.6 (#2009380)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009380 - mozilla-ublock-origin-1.38.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2009380
--------------------------------------------------------------------------------
================================================================================
nodejs-14.18.1-1.fc33 (FEDORA-2021-cbad295a90)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a
security release. ### Notable changes * **CVE-2021-22959**: HTTP Request
Smuggling due to spaced in headers (Medium) * The http parser accepts
requests with a space (SP) right after the header name before the colon. This
can lead to HTTP Request Smuggling (HRS). More details will be available at
[
CVE-2021-22959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2...
after publication. * **CVE-2021-22960**: HTTP Request Smuggling when parsing the
body (Medium) * The parse ignores chunk extensions when parsing the body of
chunked requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions. More details will be available at
[
CVE-2021-22960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2...
after publication.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:14.18.1-1
- Update to security release 14.18.1
-
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.m...
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014059 - CVE-2021-22960 llhttp: HTTP Request Smuggling when parsing the
body
https://bugzilla.redhat.com/show_bug.cgi?id=2014059
--------------------------------------------------------------------------------
================================================================================
oval-graph-1.3.2-1.fc33 (FEDORA-2021-cde1b21b52)
Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
1.3.2 (Jan Rodak)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Packit Service <user-cont-team+packit-service(a)redhat.com> -
1.3.2-1
- 1.3.2 (Jan Rodak)
- Create test for fix (Jan Rodak)
- Fix bugzilla 2011382 (Jan Rodak)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2011382 - arf-to-graph, arf-to-json, json-to-graph | Help-sections refer to
'oval-graph' as main command
https://bugzilla.redhat.com/show_bug.cgi?id=2011382
--------------------------------------------------------------------------------
================================================================================
packit-0.39.0-1.fc33 (FEDORA-2021-f41565c0c1)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.39.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2021 Packit Service <user-cont-team+packit-service(a)redhat.com> -
0.39.0-1
- Bug in Packit causing issues with local build when the branch was named with prefix rpm
has been fixed. (#1380)
- We have added a new option to Packit CLI when creating Bodhi updates, you can use `-b`
or `--resolve-bugzillas` and specify IDs (separated by comma, e.g. `-b 1` or `-b 1,2,3`)
of bugzillas that are being closed by the update. (#1383)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963155 - local_build of a git branch which starts with "rpm"
fails: utils.py ERROR RPM was created successfully, but can't be found
https://bugzilla.redhat.com/show_bug.cgi?id=1963155
--------------------------------------------------------------------------------
================================================================================
pcp-5.3.4-2.fc33 (FEDORA-2021-4655d0ae40)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
fix pmlogger manual start failure when service is disabled ---- Update to
latest PCP sources.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Mark Goodwin <mgoodwin(a)redhat.com> - 5.3.4-2
- fix pmlogger manual start failure when service is disabled
* Fri Oct 8 2021 Nathan Scott <nathans(a)redhat.com> - 5.3.4-1
- Update to latest PCP sources.
--------------------------------------------------------------------------------
================================================================================
perl-Authen-Credential-1.2-1.fc33 (FEDORA-2021-06e158dc46)
Abstraction of a credential
--------------------------------------------------------------------------------
Update Information:
Updated to upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Lionel Cons <lionel.cons(a)cern.ch> 1.2-1
- Updated to 1.2 (rhbz #2014407)
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.1-18
- Perl 5.34 rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014407 - perl-Authen-Credential-1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2014407
--------------------------------------------------------------------------------
================================================================================
python-pdfminer-20200517-10.fc33 (FEDORA-2021-22ef61b85b)
Tool for extracting information from PDF documents
--------------------------------------------------------------------------------
Update Information:
Comprehensive packaging improvements - Build PDF documentation in a new -doc
subpackage (instead of simply distributing the documentation sources) - Correct
License field from ���MIT��� to ���MIT and Public Domain and APAFML and BSD��� - Add
man pages for command-line tools
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 20200517-10
- Use adobe_mappings_rootpath macro
* Thu Oct 14 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 20200517-9
- Add BSD to the base License field; make -doc MIT only
* Thu Oct 14 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 20200517-8
- Comprehensive packaging improvements
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
20200517-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 20200517-4
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
20200517-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pyopencl-2021.2.8-1.fc33 (FEDORA-2021-2e87329f88)
Python wrapper for OpenCL
--------------------------------------------------------------------------------
Update Information:
pyopencl 2021.2.8:
https://github.com/inducer/pyopencl/releases/tag/v2021.2.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 2021.2.8-1
- Update to v2021.2.8
--------------------------------------------------------------------------------
================================================================================
python-strictyaml-1.1.1-3.fc33 (FEDORA-2021-1bf84b7104)
Parses and validates a restricted subset of YAML
--------------------------------------------------------------------------------
Update Information:
Fix strictyaml.__version__
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.1.1-3
- Fix strictyaml.__version__
--------------------------------------------------------------------------------
================================================================================
python-tox-3.24.4-1.fc33 (FEDORA-2021-95df80d27c)
Virtualenv-based automation of test activities
--------------------------------------------------------------------------------
Update Information:
Update to 3.24.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 13 2021 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 3.24.4-1
- Update to 3.24.4
--------------------------------------------------------------------------------
================================================================================
quisk-4.1.90-1.fc33 (FEDORA-2021-b2987ba5b5)
Software Defined Radio (SDR) software
--------------------------------------------------------------------------------
Update Information:
This is new version of quisk.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.1.90-1
- New version
Resolves: rhbz#2014612
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014612 - quisk-4.1.90 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2014612
--------------------------------------------------------------------------------
================================================================================
rhino-1.7.13-7.fc33 (FEDORA-2021-19c290b5f9)
JavaScript for Java
--------------------------------------------------------------------------------
Update Information:
Automatic update for rhino-1.7.13-7 **Changelog** ``` * Fri Oct 15 2021 Didik
Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-7 - Add compatibility:
rhino:js, %{_javadir}/rhino.jar ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-7
- Add compatibility: rhino:js, %{_javadir}/rhino.jar
* Mon Oct 11 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-6
- Add requires: javapackages-tools
- Fix manifest attributes
* Fri Oct 8 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-5
- Fix surefire plugin
- Don't reuse processes to execute tests
* Thu Oct 7 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-4
- Fix some tests and include test262
* Wed Oct 6 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-3
- Disable failed tests
* Tue Oct 5 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-2
- Enable singleton packaging: rhino, rhino-engine, and rhino-runtime
- Fix %files to be more specific
* Fri Sep 24 2021 Didik Supriadi <didiksupriadi41(a)fedoraproject.org> - 1.7.13-1
- Update to version 1.7.13
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.7.7.1-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.7.7.1-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Dec 14 2020 Jerry James <loganjerry(a)gmail.com> - 1.7.7.1-13
- Change jline dep to jline2 and jansi dep to jansi1
* Sun Aug 30 2020 Fabio Valentini <decathorpe(a)gmail.com> - 1.7.7.1-12
- Remove unnecessary dependency on parent POM.
--------------------------------------------------------------------------------
================================================================================
uronode-2.14-1.fc33 (FEDORA-2021-516b45329c)
Alternative packet radio system for Linux
--------------------------------------------------------------------------------
Update Information:
This is new version of uronode.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.14-1
- New version
Resolves: rhbz#2014224
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.13-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 2.13-3
- Rebuilt for updated systemd-rpm-macros
See
https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.13-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014224 - uronode-2.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2014224
--------------------------------------------------------------------------------
================================================================================
vdr-live-3.0.12-1.fc33 (FEDORA-2021-3a35f04383)
An interactive web interface with HTML5 live stream support for VDR
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.12-1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 3.0.12-1
- Update to 3.0.12
--------------------------------------------------------------------------------
================================================================================
vim-8.2.3512-1.fc33 (FEDORA-2021-84f4cf3244)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
The newest upstream commit Security fix for CVE-2021-3778 Security fix for
CVE-2021-3796
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.3512-1
- patchlevel 3512
* Thu Oct 14 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.3404-2
- adjust test suite to Python 3.10
* Thu Oct 14 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.3404-2
- remove filetype plugin from virc - it doesn't work with vi
* Mon Oct 11 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.3404-2
- set system vimrc via compiler macros
* Thu Sep 23 2021 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.3404-2
- remove downstream patch vim-8.0-copypaste.patch - put mouse settings into defaults.vim
again
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2004621 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in
mbyte.c
https://bugzilla.redhat.com/show_bug.cgi?id=2004621
[ 2 ] Bug #2004728 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c
https://bugzilla.redhat.com/show_bug.cgi?id=2004728
--------------------------------------------------------------------------------
================================================================================
wget-1.21.2-1.fc33 (FEDORA-2021-25d5612d53)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
New version 1.21.1 Fix for bug #2010039
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2021 Michal Ruprich <mruprich(a)redhat.com> - 1.21.2-1
- New version 1.21.2
- Fix for #2010039 - [abrt] wget: find_cell(): wget killed by SIGSEGV
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2010039 - [abrt] wget: find_cell(): wget killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2010039
--------------------------------------------------------------------------------
================================================================================
yash-2.52-1.fc33 (FEDORA-2021-61815ce6ab)
Yet Another SHell
--------------------------------------------------------------------------------
Update Information:
New version 2.52 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2021 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 2.52-1
- 2.52
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.51-1.2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jan 28 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.51-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------