The following Fedora 32 Security updates need testing:
Age URL
100
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c8458e373
containernetworking-plugins-0.9.1-1.fc32
96
https://bodhi.fedoraproject.org/updates/FEDORA-2021-16d1596c42
buildah-1.19.4-1.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2021-158a237d4a bind-9.11.31-1.fc32
bind-dyndb-ldap-11.3-6.fc32 dnsperf-2.3.4-6.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-38e1f87ac3
thunderbird-78.10.1-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-179f2fbb88
mariadb-10.4.19-1.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4
firefox-88.0.1-1.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb
kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-498be8f560
prosody-0.11.9-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6e540b85b9
ceph-14.2.21-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899
kernel-5.11.21-100.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-38e1f87ac3
thunderbird-78.10.1-1.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9e79d2e147
hwdata-0.347-1.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2021-19cdc5683f
libmodulemd-2.12.1-1.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fd2a21f94
python3-3.8.10-1.fc32 python3-docs-3.8.10-1.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-276b0013e8
gnome-terminal-3.36.3-1.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-151dc7fd1b
vte291-0.60.4-1.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a2ee549bcb
xorg-x11-drv-nouveau-1.0.17-1.fc32
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-f438908573
btrfs-progs-5.11.1-1.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-14d0195ff8
linux-firmware-20210511-120.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fa36519bb
kernel-5.11.20-100.fc32 kernel-headers-5.11.20-100.fc32 kernel-tools-5.11.20-100.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4f06d202d4
firefox-88.0.1-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4d58314a3e
libidn2-2.3.1-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-816eecc358 zstd-1.5.0-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-8832eab899
kernel-5.11.21-100.fc32
The following builds have been pushed to Fedora 32 updates-testing
chatterino2-2.3.2-1.fc32
composer-1.10.22-1.fc32
copr-backend-1.148-1.fc32
golang-github-lestrrat-apache-logformat-2.0.6-2.fc32
golang-github-lestrrat-envload-0-0.2.20210517gita3eb8dd.fc32
golang-github-lestrrat-strftime-1.0.4-2.fc32
golang-github-rodaine-hclencoder-0-0.2.20210517gitaaa140e.fc32
golang-tinygo-x-llvm-0-0.18.20210513gite7b8519.fc32
ibus-table-chinese-1.8.3-3.fc32
mkdocs-markdownextradata-plugin-0.2.4-1.fc32
mozilla-noscript-11.2.7-1.fc32
opentype-sanitizer-8.1.4-1.fc32
perl-CPAN-Perl-Releases-5.20210515-1.fc32
php-horde-Horde-Imap-Client-2.30.2-1.fc32
php-symfony3-3.4.48-1.fc32
tinygo-0.18.0-1.fc32
wordpress-5.7.2-1.fc32
Details about builds:
================================================================================
chatterino2-2.3.2-1.fc32 (FEDORA-2021-25e7400199)
Chat client for twitch.tv
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.3.2-1
- build(update): 2.3.2
--------------------------------------------------------------------------------
================================================================================
composer-1.10.22-1.fc32 (FEDORA-2021-7aa58932f5)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.10.22** 2021-04-27 * Security: Fixed command injection
vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and
downloaders (GHSA-h5h8-pc6h-jvvx / **CVE-2021-29472**)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 27 2021 Remi Collet <remi(a)remirepo.net> - 1.10.22-1
- update to 1.10.22
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1955727 - CVE-2021-29472 composer: Specifically crafted URL values allow code
to be executed in the HgDriver
https://bugzilla.redhat.com/show_bug.cgi?id=1955727
--------------------------------------------------------------------------------
================================================================================
copr-backend-1.148-1.fc32 (FEDORA-2021-d450a21354)
Backend for Copr
--------------------------------------------------------------------------------
Update Information:
work with builders over ipv6, too
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Pavel Raiskup <praiskup(a)redhat.com> 1.148-1
- work with builders also over ipv6
--------------------------------------------------------------------------------
================================================================================
golang-github-lestrrat-apache-logformat-2.0.6-2.fc32 (FEDORA-2021-224081b602)
Port of Perl5's Apache::LogFormat::Compiler to golang
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.6 (Fixes rhbz#1960880)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960880 - Review Request: golang-github-lestrrat-apache-logformat - Port of
Perl5's Apache::LogFormat::Compiler to golang
https://bugzilla.redhat.com/show_bug.cgi?id=1960880
--------------------------------------------------------------------------------
================================================================================
golang-github-lestrrat-envload-0-0.2.20210517gita3eb8dd.fc32 (FEDORA-2021-9365fec031)
Restore and load environment variables
--------------------------------------------------------------------------------
Update Information:
Update to git commit a3eb8dd (Fixes rhbz#1960878)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960878 - Review Request: golang-github-lestrrat-envload - Restore and load
environment variables
https://bugzilla.redhat.com/show_bug.cgi?id=1960878
--------------------------------------------------------------------------------
================================================================================
golang-github-lestrrat-strftime-1.0.4-2.fc32 (FEDORA-2021-6f1dbc1ccc)
Fast strftime for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.4 (Fixes rhbz#1960879)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960879 - Review Request: golang-github-lestrrat-strftime - Fast strftime for
Go
https://bugzilla.redhat.com/show_bug.cgi?id=1960879
--------------------------------------------------------------------------------
================================================================================
golang-github-rodaine-hclencoder-0-0.2.20210517gitaaa140e.fc32 (FEDORA-2021-5d4bcb8f32)
HCL Encoder/Marshaller - Convert Go Types into HCL files
--------------------------------------------------------------------------------
Update Information:
Update to git commit aaa140e (Fixes rhbz#1960876)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960876 - Review Request: golang-github-rodaine-hclencoder - HCL
Encoder/Marshaller - Convert Go Types into HCL files
https://bugzilla.redhat.com/show_bug.cgi?id=1960876
--------------------------------------------------------------------------------
================================================================================
golang-tinygo-x-llvm-0-0.18.20210513gite7b8519.fc32 (FEDORA-2021-6d56d05fa0)
Go bindings to a system-installed LLVM
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> -
0-0.18.20210513gite7b8519
- Update to commit e7b85195e81cf864a886c203c928997658c6f83a
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960058 - tinygo-0.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1960058
--------------------------------------------------------------------------------
================================================================================
ibus-table-chinese-1.8.3-3.fc32 (FEDORA-2021-e5a6bc2c4e)
Chinese input tables for IBus
--------------------------------------------------------------------------------
Update Information:
Correct misplaced non-alphabetic symbol in wubi-jidian table
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 16 2021 Mike FABIAN <mfabian(a)redhat.com> - 1.8.3-3
- Correct misplaced non-alphabetic symbol in wubi-jidian table
- Resolves:
https://github.com/definite/ibus-table-chinese/pull/16
--------------------------------------------------------------------------------
================================================================================
mkdocs-markdownextradata-plugin-0.2.4-1.fc32 (FEDORA-2021-5671bdeb91)
MkDocs plugin that injects mkdocs.yml extra variables
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960859 - Review Request: mkdocs-markdownextradata-plugin - MkDocs plugin
that injects mkdocs.yml extra variables
https://bugzilla.redhat.com/show_bug.cgi?id=1960859
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-11.2.7-1.fc32 (FEDORA-2021-5f3479aaf3)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* Better prompt layout (no accidental scrollbar) * [nscl] Fix regression causing
media patches to break some pages (thanks l0drex for report, issue #189) *
[nscl] Various webgl blocking enhancements * Remove also sticky-positioned
elements with click+DEL on scriptless pages (thanks skriptimaahinen for RFE) *
[L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb,
nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW * Fixed race condition causing
external CSS not to be rendered sometimes when unrestricted CSS is disabled *
Avoid document rewriting for noscript meta refresh emulation in most cases *
[nscl] Fixed XHTML pages broken when served with application/xml MIME type and
no "object" capability * [nscl] Switch early content script configuration to
use
/nscl/service/DocStartInjection.js * Configurable "unrestricted CSS" capability
to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) *
[nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (thanks
barbaz for report) * [XSS] Increased sensitivity and specificity of risky
operator pre-checks
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 11.2.7-1
- update to 11.2.7 (#1956505)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1956505 - mozilla-noscript-11.2.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1956505
--------------------------------------------------------------------------------
================================================================================
opentype-sanitizer-8.1.4-1.fc32 (FEDORA-2021-43e86698cd)
Parses and serializes OpenType/WOFF/WOFF2 font files
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1959947 - Review Request: opentype-sanitizer - Parses and serializes
OpenType/WOFF/WOFF2 font files
https://bugzilla.redhat.com/show_bug.cgi?id=1959947
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-5.20210515-1.fc32 (FEDORA-2021-f73776c961)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated for v5.34.0-RC2 ---- Updated for v5.34.0-RC1
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 5.20210515-1
- 5.20210515 bump
* Tue May 11 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 5.20210505-1
- 5.20210505 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1957176 - perl-CPAN-Perl-Releases-5.20210505 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1957176
[ 2 ] Bug #1960857 - perl-CPAN-Perl-Releases-5.20210515 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1960857
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.30.2-1.fc32 (FEDORA-2021-a2cd3623bf)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.30.2** * Remove redundant array_diff that could cause
removal of emails from local message cache
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Remi Collet <remi(a)remirepo.net> - 2.30.2-1
- update to 2.30.2
--------------------------------------------------------------------------------
================================================================================
php-symfony3-3.4.48-1.fc32 (FEDORA-2021-3c013b5555)
Symfony PHP framework (version 3)
--------------------------------------------------------------------------------
Update Information:
**Version 3.4.48** (2021-05-12) * security **CVE-2021-21424**
[Security][Guard] Prevent user enumeration (chalasr)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Remi Collet <remi(a)remirepo.net> - 3.4.48-1
- update to 3.4.48
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4.47-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960631 - CVE-2021-21424 php-symfony: user enumeration in authentication
mechanisms [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1960631
--------------------------------------------------------------------------------
================================================================================
tinygo-0.18.0-1.fc32 (FEDORA-2021-6d56d05fa0)
Go compiler for small places
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.18.0-1
- Update to latest version (#1960058)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1960058 - tinygo-0.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1960058
--------------------------------------------------------------------------------
================================================================================
wordpress-5.7.2-1.fc32 (FEDORA-2021-5b1dd085c7)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
** Wordpress 5.7.2**
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 13 2021 Remi Collet <remi(a)remirepo.net> - 5.7.2-1
- WordPress 5.7.2 Security Release
--------------------------------------------------------------------------------