The following Fedora 33 Security updates need testing: Age URL 45 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ceb9db8de0 upx-3.96-9.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a4ee3426c4 slapi-nis-0.56.7-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1b6848f31c python-pip-20.2.2-2.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f3ad34aa9f php-symfony3-3.4.49-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2eb67ba3c2 runc-1.0.0-378.rc95.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-121edb82dd php-symfony4-4.4.24-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b950000d2b libxml2-2.9.12-2.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-98720f3785 python2.7-2.7.18-11.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-bfbc1088b6 java-1.8.0-openjdk-aarch32-1.8.0.292.b10-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a4c0a91884 rxvt-unicode-9.26-1.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1ec3c5ed63 opendmarc-1.4.1-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8b85b2de05 eterm-0.9.6-26.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e8cab459ab cflow-1.6-8.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-454a0f6f76 gnutls-3.6.16-1.fc33
The following Fedora 33 Critical Path updates have yet to be approved: Age URL 63 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b331c0278 wpebackend-fdo-1.8.4-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-efdc2e7167 chrony-4.1-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e7f17262ce libidn2-2.3.1-1.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-25202922d4 systemd-246.14-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae71327f68 libtirpc-1.2.6-4.rc4.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5cc6457b38 rpcbind-1.2.6-0.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2021-55fc591f26 tpm2-tss-3.0.4-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b1189d72ea dracut-054-12.git20210521.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-aca3c7bb56 koji-1.25.0-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b950000d2b libxml2-2.9.12-2.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b2b5636c1a livecd-tools-28.1-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cd029398ef mpfr-4.1.0-7.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-35759ad8d3 openssh-8.4p1-6.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-454a0f6f76 gnutls-3.6.16-1.fc33 The following builds have been pushed to Fedora 33 updates-testing centpkg-0.6.5-1.fc33 chromium-90.0.4430.212-1.fc33 composer-2.0.14-1.fc33 exfatprogs-1.1.2-1.fc33 exiv2-0.27.3-7.fc33 gap-pkg-cryst-4.1.24-1.fc33 golang-github-aliyun-cli-3.0.75-1.s20210525git0551d8f.fc33 gsi-openssh-8.4p1-8.fc33 kcolorpicker-0.1.6-1.fc33 kf5-kirigami2-addons-21.05-1.fc33 kimageannotator-0.5.0-1.fc33 klog-1.5.3-1.fc33 kmod-29-2.fc33 ksnip-1.9.0-1.fc33 libolm-3.2.3-1.fc33 libretls-3.3.3p1-1.fc33 mapserver-7.4.5-1.fc33 mingw-djvulibre-3.5.27-11.fc33 mingw-python-pillow-7.2.0-6.fc33 mkdocs-markdownextradata-plugin-0.2.4-2.fc33 mozilla-noscript-11.2.8-1.fc33 nbdkit-1.24.4-1.fc33 nginx-1.20.1-1.fc33 openhantek-3.2.3-1.fc33 php-composer-semver3-3.2.5-1.fc33 php-friendsofphp-proxy-manager-lts-1.0.5-1.fc33 python-networkmanager-2.2-1.fc33 python-pillow-7.2.0-6.fc33 qbittorrent-4.3.5-1.fc33 rb_libtorrent-1.2.13-1.fc33 redhat-lsb-4.1-53.fc33 rng-tools-6.12-3.fc33 slurm-20.11.7-3.fc33 tigervnc-1.11.0-11.fc33 vdr-epgsearch-2.4.1-1.fc33 wsjtx-2.4.0-1.fc33 Details about builds: ================================================================================ centpkg-0.6.5-1.fc33 (FEDORA-2021-81f8262930) CentOS utility for working with dist-git -------------------------------------------------------------------------------- Update Information: Latest upstream 0.6.5 -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Carl George <carl@george.computer> - 0.6.5-1 - Latest upstream -------------------------------------------------------------------------------- ================================================================================ chromium-90.0.4430.212-1.fc33 (FEDORA-2021-7190a83164) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 90.0.4430.212. Fixes: CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 -------------------------------------------------------------------------------- ChangeLog: * Tue May 18 2021 Tom Callaway <s...@fedoraproject.org> - 90.0.4430.212-1 - update to 90.0.4430.212 -------------------------------------------------------------------------------- ================================================================================ composer-2.0.14-1.fc33 (FEDORA-2021-d4f6a361cb) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.0.14** - 2021-05-21 * Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3 * Fixed handling of inline-update-constraints with references or stability flags (#9847) * Fixed async processes erroring in an unclear way when they failed to start (#9808) * Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library (#9896) * Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present (#9621) * Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages (#9627) * Fixed type annotations for the InstalledVersions class * Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData (#9816) -------------------------------------------------------------------------------- ChangeLog: * Sat May 22 2021 Remi Collet <r...@remirepo.net> - 2.0.14-1 - update to 2.0.14 - switch to composer/xdebug-handler v2 -------------------------------------------------------------------------------- ================================================================================ exfatprogs-1.1.2-1.fc33 (FEDORA-2021-41a52e2e0a) Userspace utilities for exFAT filesystems -------------------------------------------------------------------------------- Update Information: Update to bugfix release 1.1.2. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Simone Caronni <negativ...@gmail.com> - 1.1.2-1 - Update to 1.1.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1962822 - exfatprogs-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1962822 -------------------------------------------------------------------------------- ================================================================================ exiv2-0.27.3-7.fc33 (FEDORA-2021-8917c5d9d2) Exif and Iptc metadata manipulation library -------------------------------------------------------------------------------- Update Information: Fix security issues. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Jan Grulich <jgrul...@redhat.com> - 0.27.3-6 - CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion -------------------------------------------------------------------------------- References: [ 1 ] Bug #1961652 - CVE-2021-29623 exiv2: a read of uninitialized memory may lead to information leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1961652 [ 2 ] Bug #1961692 - CVE-2021-32617 exiv2: DoS due to quadratic complexity in ProcessUTF8Portion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1961692 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-cryst-4.1.24-1.fc33 (FEDORA-2021-ac38d95c1b) GAP support for crystallographic groups -------------------------------------------------------------------------------- Update Information: Changes in cryst 4.1.24: - Catch another trivial case in `IntSolutionMat`. - Turn `RowEchelonForm` into an attribute, to make it read-only. - Switch to GitHub Actions CI. - Test CrystCat functionality only when CrystCat is available. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Jerry James <loganje...@gmail.com> - 4.1.24-1 - Version 4.1.24 * Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 4.1.23-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1964387 - gap-pkg-cryst-4.1.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1964387 -------------------------------------------------------------------------------- ================================================================================ golang-github-aliyun-cli-3.0.75-1.s20210525git0551d8f.fc33 (FEDORA-2021-802d96004d) Alibaba Cloud (Aliyun) CLI -------------------------------------------------------------------------------- Update Information: Update to version 3.0.75 (Fixes rhbz#1964195) -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Brandon Perkins <bperk...@redhat.com> - 3.0.75-1 - Update to version 3.0.75 (Fixes rhbz#1964195) - Update to aliyun-openapi-meta to commit 0551d8f554c1b062f603f81c490cfb0cfc51d3d6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1964195 - golang-github-aliyun-cli-3.0.75 is available https://bugzilla.redhat.com/show_bug.cgi?id=1964195 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-8.4p1-8.fc33 (FEDORA-2021-5a9b525f97) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Synch with openssh package. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Mattias Ellert <mattias.ell...@physics.uu.se> - 8.4p1-8 - Based on openssh-8.4p1-5.fc33 -------------------------------------------------------------------------------- ================================================================================ kcolorpicker-0.1.6-1.fc33 (FEDORA-2021-ce7959b27f) QToolButton control with color popup menu -------------------------------------------------------------------------------- Update Information: Updated to version 1.9.0. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Vitaly Zaitsev <vit...@easycoding.org> - 0.1.6-1 - Updated to version 0.1.6. -------------------------------------------------------------------------------- ================================================================================ kf5-kirigami2-addons-21.05-1.fc33 (FEDORA-2021-42942836a4) Convergent visual components ("widgets") for Kirigami-based applications -------------------------------------------------------------------------------- Update Information: ``` * Sat May 15 2021 Onuralp SEZER <thunderbir...@fedoraproject.org> - 21.05-1 - initial version of package% ``` -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ kimageannotator-0.5.0-1.fc33 (FEDORA-2021-ce7959b27f) Library and a tool for annotating images -------------------------------------------------------------------------------- Update Information: Updated to version 1.9.0. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Vitaly Zaitsev <vit...@easycoding.org> - 0.5.0-1 - Updated to version 0.5.0. -------------------------------------------------------------------------------- ================================================================================ klog-1.5.3-1.fc33 (FEDORA-2021-710a8a663b) A Ham radio logging program for KDE -------------------------------------------------------------------------------- Update Information: May 2021 - 1.5.3 * Bugfix: Fixes the DataBase update process to add the Q65 mode. * Bugfix: Unexpected Setup dialog behavior. (Closes issue #178) (TNX foldynl) * Bugfix: Time is not in UTC when "Log in real time" is uncheck. (Closes issue #179) (TNX foldynl) * Bugfix: Missing translation in SoftwareUpdateDialog. (Closes issue #180) (TNX foldynl) * Bugfix: Inconsistency text in Tip#2. (Closes issue #182) (TNX foldynl) * Bugfix: Missing Translation string in SetupPageMisc::createUI. (Closes issue #185) (TNX foldynl) * Bugfix: When LoTW service was no enabled, KLog insisted to show the QSOs to be exported. * Bugfix: Setup->Satellites did not show a correct Short name. (Closes issue #192) (TNX foldynl) * Bugfix: Removal DX Cluster unexpected disconnection. (TNX foldynl) * Bugfix: Tip #21 was not shown. (Closes issue #184) (TNX foldynl) * Bugfix: TQSL was not properly found on macOS. (Closes issue #195) (TNX K0JM) * Enhancement: Improved the readability of the DX Cluster window. (TNX foldynl) * Updated the KLog tips. * Translation: Czech (TNX OK1MLG), Spanish. -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Richard Shaw <hobbes1...@gmail.com> - 1.5.3-1 - Update to 1.5.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1963418 - klog-1.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1963418 -------------------------------------------------------------------------------- ================================================================================ kmod-29-2.fc33 (FEDORA-2021-fa3657ac97) Linux kernel module management utilities -------------------------------------------------------------------------------- Update Information: kmod-29-2 drops the weak-modules script for Fedora which can cause issues as we do not support CONFIG_MODVERSIONS in kernel. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Justin M. Forbes <jfor...@fedoraproject.org> - 29-2 - Rebuild for weak-modules drop in Fedora * Mon May 24 2021 Justin M. Forbes <jfor...@fedoraproject.org> - Remove weak-modules for Fedora as it causes problems. * Fri May 14 2021 Josh Boyer <jwbo...@fedoraproject.org> - 29-1 - New upstream v29 - Resolves: rhbz#1962980 * Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Jan 7 2021 Josh Boyer <jwbo...@fedoraproject.org> - 28-1 - New upstream v28 - Enable zstd support - Resolves: rhbz#1913949 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1962841 - kmod should not ship /usr/sbin/weak-modules because it is useless and dangerous for DKMS modules https://bugzilla.redhat.com/show_bug.cgi?id=1962841 -------------------------------------------------------------------------------- ================================================================================ ksnip-1.9.0-1.fc33 (FEDORA-2021-ce7959b27f) Qt based cross-platform screenshot tool -------------------------------------------------------------------------------- Update Information: Updated to version 1.9.0. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Vitaly Zaitsev <vit...@easycoding.org> - 1.9.0-1 - Updated to version 1.9.0. -------------------------------------------------------------------------------- ================================================================================ libolm-3.2.3-1.fc33 (FEDORA-2021-3a35165f8c) Double Ratchet cryptographic library -------------------------------------------------------------------------------- Update Information: Updated to version 3.2.3. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Vitaly Zaitsev <vit...@easycoding.org> - 3.2.3-1 - Updated to version 3.2.3. -------------------------------------------------------------------------------- ================================================================================ libretls-3.3.3p1-1.fc33 (FEDORA-2021-8939f1c4a2) Port of libtls from LibreSSL to OpenSSL -------------------------------------------------------------------------------- Update Information: - Upgrade to 3.3.3p1 (#1964579) -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Robert Scheck <rob...@fedoraproject.org> 3.3.3p1-1 - Upgrade to 3.3.3p1 (#1964579) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1964579 - libretls-3.3.3p1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1964579 -------------------------------------------------------------------------------- ================================================================================ mapserver-7.4.5-1.fc33 (FEDORA-2021-faab70f09a) Environment for building spatially-enabled internet applications -------------------------------------------------------------------------------- Update Information: Update to 7.4.5. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Sandro Mani <manisan...@gmail.com> - 7.4.5-1 - Update to 7.4.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1957873 - CVE-2021-32062 mapserver: flaw in CGI mapfile loading that makes it possible to bypass security controls [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1957873 -------------------------------------------------------------------------------- ================================================================================ mingw-djvulibre-3.5.27-11.fc33 (FEDORA-2021-81e58c86b2) MinGW Windows djvulibre library -------------------------------------------------------------------------------- Update Information: Apply fix for CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493 -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Sandro Mani <manisan...@gmail.com> - 3.5.27-11 - Apply fix for CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493 * Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 3.5.27-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1958172 - CVE-2021-32490 mingw-djvulibre: djvulibre: Out of bounds write in function DJVU::filter_bv() via crafted djvu file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958172 [ 2 ] Bug #1958176 - CVE-2021-32491 mingw-djvulibre: djvulibre: Integer overflow in function render() in tools/ddjvu via crafted djvu file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958176 [ 3 ] Bug #1958178 - CVE-2021-32492 mingw-djvulibre: djvulibre: Out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958178 [ 4 ] Bug #1958180 - CVE-2021-32493 mingw-djvulibre: djvulibre: Heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958180 -------------------------------------------------------------------------------- ================================================================================ mingw-python-pillow-7.2.0-6.fc33 (FEDORA-2021-77756994ba) MinGW Windows Python pillow library -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2021-28675 - CVE-2021-28678, CVE-2021-25287-CVE-2021-25288 -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Sandro Mani <manisan...@gmail.com> - 7.2.0-6 - Backport fix for CVE-2021-28675 - CVE-2021-28678, CVE-2021-25287-CVE-2021-25288 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1958228 - CVE-2021-25287 python-pillow: out-of-bounds read in J2kDecode in j2ku_graya_la [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958228 [ 2 ] Bug #1958230 - CVE-2021-25287 mingw-python-pillow: python-pillow: out-of-bounds read in J2kDecode in j2ku_graya_la [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958230 [ 3 ] Bug #1958232 - CVE-2021-25288 python-pillow: out-of-bounds read in J2kDecode in j2ku_gray_i [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958232 [ 4 ] Bug #1958235 - CVE-2021-25288 mingw-python-pillow: python-pillow: out-of-bounds read in J2kDecode in j2ku_gray_i [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958235 [ 5 ] Bug #1958241 - CVE-2021-28675 python-pillow: DoS in PsdImagePlugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958241 [ 6 ] Bug #1958244 - CVE-2021-28675 mingw-python-pillow: python-pillow: DoS in PsdImagePlugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958244 [ 7 ] Bug #1958253 - CVE-2021-28676 python-pillow: infinite loop in FliDecode.c can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958253 [ 8 ] Bug #1958256 - CVE-2021-28676 mingw-python-pillow: python-pillow: infinite loop in FliDecode.c can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958256 [ 9 ] Bug #1958259 - CVE-2021-28677 python-pillow: DoS in the open phase via a malicious EPS file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958259 [ 10 ] Bug #1958261 - CVE-2021-28677 mingw-python-pillow: python-pillow: DoS in the open phase via a malicious EPS file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958261 [ 11 ] Bug #1958264 - CVE-2021-28678 python-pillow: improper check in BlpImagePlugin can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958264 [ 12 ] Bug #1958267 - CVE-2021-28678 mingw-python-pillow: python-pillow: improper check in BlpImagePlugin can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958267 -------------------------------------------------------------------------------- ================================================================================ mkdocs-markdownextradata-plugin-0.2.4-2.fc33 (FEDORA-2021-80f253d65f) MkDocs plugin that injects mkdocs.yml extra variables -------------------------------------------------------------------------------- Update Information: Fix python Provides -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.2.4-2 - Fix python Provides -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-11.2.8-1.fc33 (FEDORA-2021-0d73ca4fce) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Quiet down unnecessary debug logging (issue #191) * [L10n] Updated he, de * Fix meta refresh sometimes ignored on Firefox 78 ESR (issue #192, thanks hackerncoder for report) * Chromium-specific build-time customizations -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Dominik Mierzejewski <r...@greysector.net> - 11.2.8-1 - update to 11.2.8 (#1962394) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1962394 - mozilla-noscript-11.2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1962394 -------------------------------------------------------------------------------- ================================================================================ nbdkit-1.24.4-1.fc33 (FEDORA-2021-637caa26ec) NBD server -------------------------------------------------------------------------------- Update Information: New upstream stable version 1.24.4. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Richard W.M. Jones <rjo...@redhat.com> - 1.24.4-1 - New upstream stable version 1.24.4. -------------------------------------------------------------------------------- ================================================================================ nginx-1.20.1-1.fc33 (FEDORA-2021-6bf77566c9) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017). -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Felix Kaechele <hef...@fedoraproject.org> - 1:1.20.1-1 - update to 1.20.1 (fixes CVE-2021-23017) * Fri May 21 2021 Jitka Plesnikova <jples...@redhat.com> - 1:1.20.0-4 - Perl 5.34 rebuild * Fri Apr 30 2021 Lubos Uhliarik <luhli...@redhat.com> - 1:1.20.0-3 - Related: #1636235 - centralizing default index.html on nginx -------------------------------------------------------------------------------- ================================================================================ openhantek-3.2.3-1.fc33 (FEDORA-2021-7dc8a1cc2f) Hantek and compatible USB digital signal oscilloscope -------------------------------------------------------------------------------- Update Information: Update to 3.2.3. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Vasiliy Glazov <vasc...@gmail.com> - 3.2.3-1 - Update to 3.2.3 -------------------------------------------------------------------------------- ================================================================================ php-composer-semver3-3.2.5-1.fc33 (FEDORA-2021-937857aabd) Semver library version 3 -------------------------------------------------------------------------------- Update Information: **Version 3.2.5** 2021-05-24 * Fixed: issue comparing disjunctive MultiConstraints to conjunctive ones (#127) * Fixed: added complete type information using phpstan annotations -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Remi Collet <r...@remirepo.net> - 3.2.5-1 - update to 3.2.5 -------------------------------------------------------------------------------- ================================================================================ php-friendsofphp-proxy-manager-lts-1.0.5-1.fc33 (FEDORA-2021-76b5437896) OOP proxy wrappers utilities -------------------------------------------------------------------------------- Update Information: **Version 1.0.5** * Fix compat with Composer 2.0.14 ---- **Version 1.0.4** * fix compat with Symfony 6 -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Remi Collet <r...@remirepo.net> - 1.0.5-1 - update to 1.0.5 * Thu May 20 2021 Remi Collet <r...@remirepo.net> - 1.0.4-1 - update to 1.0.4 -------------------------------------------------------------------------------- ================================================================================ python-networkmanager-2.2-1.fc33 (FEDORA-2021-622a4a2f11) Easy communication with NetworkManager -------------------------------------------------------------------------------- Update Information: Updated to version 2.2. -------------------------------------------------------------------------------- ChangeLog: * Sun May 9 2021 Vitaly Zaitsev <vit...@easycoding.org> - 2.2-1 - Updated to version 2.2. - Performed SPEC cleanup. * Wed Jan 27 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 2.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1572616 - python-networkmanager-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1572616 -------------------------------------------------------------------------------- ================================================================================ python-pillow-7.2.0-6.fc33 (FEDORA-2021-77756994ba) Python image processing library -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2021-28675 - CVE-2021-28678, CVE-2021-25287-CVE-2021-25288 -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Sandro Mani <manisan...@gmail.com> - 7.2.0-6 - Backport fix for CVE-2021-28675 - CVE-2021-28678, CVE-2021-25287-CVE-2021-25288 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1958228 - CVE-2021-25287 python-pillow: out-of-bounds read in J2kDecode in j2ku_graya_la [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958228 [ 2 ] Bug #1958230 - CVE-2021-25287 mingw-python-pillow: python-pillow: out-of-bounds read in J2kDecode in j2ku_graya_la [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958230 [ 3 ] Bug #1958232 - CVE-2021-25288 python-pillow: out-of-bounds read in J2kDecode in j2ku_gray_i [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958232 [ 4 ] Bug #1958235 - CVE-2021-25288 mingw-python-pillow: python-pillow: out-of-bounds read in J2kDecode in j2ku_gray_i [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958235 [ 5 ] Bug #1958241 - CVE-2021-28675 python-pillow: DoS in PsdImagePlugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958241 [ 6 ] Bug #1958244 - CVE-2021-28675 mingw-python-pillow: python-pillow: DoS in PsdImagePlugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958244 [ 7 ] Bug #1958253 - CVE-2021-28676 python-pillow: infinite loop in FliDecode.c can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958253 [ 8 ] Bug #1958256 - CVE-2021-28676 mingw-python-pillow: python-pillow: infinite loop in FliDecode.c can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958256 [ 9 ] Bug #1958259 - CVE-2021-28677 python-pillow: DoS in the open phase via a malicious EPS file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958259 [ 10 ] Bug #1958261 - CVE-2021-28677 mingw-python-pillow: python-pillow: DoS in the open phase via a malicious EPS file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958261 [ 11 ] Bug #1958264 - CVE-2021-28678 python-pillow: improper check in BlpImagePlugin can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958264 [ 12 ] Bug #1958267 - CVE-2021-28678 mingw-python-pillow: python-pillow: improper check in BlpImagePlugin can lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1958267 -------------------------------------------------------------------------------- ================================================================================ qbittorrent-4.3.5-1.fc33 (FEDORA-2021-c84051a9d2) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Leigh Scott <leigh123li...@gmail.com> - 1:4.3.5-1 - Update to 4.3.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1956333 - qbittorrent-4.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1956333 -------------------------------------------------------------------------------- ================================================================================ rb_libtorrent-1.2.13-1.fc33 (FEDORA-2021-c84051a9d2) A C++ BitTorrent library aiming to be the best alternative -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Leigh Scott <leigh123li...@gmail.com> - 1.2.13-1 - Upgrade to 1.2.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1956333 - qbittorrent-4.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1956333 -------------------------------------------------------------------------------- ================================================================================ redhat-lsb-4.1-53.fc33 (FEDORA-2021-ab17af3027) Implementation of Linux Standard Base specification -------------------------------------------------------------------------------- Update Information: This update addresses an error message, `/var/tmp/rpm-tmp.lXnUeF: line 5: /sbin/sln: No such file or directory`, during updates of the `glibc` package. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Florian Weimer <fwei...@redhat.com> - 4.1-53 - Do not call non-existing lsn program on glibc updates (#1625584) * Wed Jan 27 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 4.1-52 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1625584 - redhat-lsb: %triggerpostun uses /sbin/sln, which no longer exists https://bugzilla.redhat.com/show_bug.cgi?id=1625584 -------------------------------------------------------------------------------- ================================================================================ rng-tools-6.12-3.fc33 (FEDORA-2021-23733dde1f) Random number generator related utilities -------------------------------------------------------------------------------- Update Information: Update the rngd.service file and fix 3 issues -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Vladis Dronov <vdro...@redhat.com> - 6.12-3 - Update the rngd.service file - Add 3 small upstream patches fixing issues * Wed Apr 28 2021 Vladis Dronov <vdro...@redhat.com> - 6.12-2 - There is no need to hardcode _sbindir anymore, also the old value is incorrect -------------------------------------------------------------------------------- ================================================================================ slurm-20.11.7-3.fc33 (FEDORA-2021-a4c9f84323) Simple Linux Utility for Resource Management -------------------------------------------------------------------------------- Update Information: Move auth_jwt.so plugin to base package -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Philip Kovacs <pk...@fedoraproject.org> - 20.11.7-3 - Move auth_jwt.so plugin to base package (#1947878) * Fri May 21 2021 Jitka Plesnikova <jples...@redhat.com> - 20.11.7-2 - Perl 5.34 rebuild -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.11.0-11.fc33 (FEDORA-2021-f2a21a0e9e) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: SELinux improvements and additional fixes backported from CentOS. -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Jan Grulich <jgrul...@redhat.com> - 1.11.0-11 - SELinux improvements - Backport some CentOS changes * Wed Jan 27 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 1.11.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ vdr-epgsearch-2.4.1-1.fc33 (FEDORA-2021-6de6745e3c) Powerful schedules menu replacement plugin for VDR -------------------------------------------------------------------------------- Update Information: Update to 2.4.1-1 -------------------------------------------------------------------------------- ChangeLog: * Tue May 25 2021 Martin Gansser <marti...@fedoraproject.org> - 2.4.1-1 - Update to 2.4.1 * Mon Apr 26 2021 Martin Gansser <marti...@fedoraproject.org> - 2.4.0-18 - Rebuilt for new VDR API version -------------------------------------------------------------------------------- ================================================================================ wsjtx-2.4.0-1.fc33 (FEDORA-2021-fd75e2ee45) Weak Signal communication by K1JT -------------------------------------------------------------------------------- Update Information: Release: WSJT-X 2.4.0 May 24, 2021 --------------------- WSJT-X 2.4.0 General Availability Release adds new Q65 mode functionality and decoder optimizations and repairs several defects and regressions discovered in the RC4 and v2.3.1 GA releases. Since the release candidates documented below this final release includes the following enhancements and defect repairs. - On MS Windows WSJT-X now ships with a DLL version of the Hamlib library, specifically Hamlib version 4.2. This should allow Hamlib bug fixes to resolved by the user replacing the DLL with an updated version. - Repair a defect with own call decode highlighting when callsigns with a common root are decoded. - Q65 message averaging correctly disabled as be menu option. - Repair a regression with missing timestamps in AlL.TXT for the MSK144 mode. - Repair a defect in the selection of working frequencies matching the current band and mode combination. - WSPR band hopping mode now generates a tune up tone for bands where it is scheduled to transmit. - Repair a long standing defect per band tune and Tx power level memories. - More flexibility for inputting calls into the DX Call field, leading and trailing white space characters are allowed but ignored. Release: WSJT-X 2.4.0-rc4 Mar 26, 2021 ------------------------- WSJT-X 2.4.0 Release Candidate 4 adds new Q65 mode functionality and decoder optimizations and repairs several defects and regressions discovered in the RC3 and v2.3.0 GA releases. - Correct a problem with display of Q65 sync curves for submodes Q65-120x and Q65-300x. - Audio frequency and decoded message are now saved for up to 100 most recent Q65 decodes. Subsequent double-click on waterfall will search the list for the clicked frequency +/- 10 Hz, recover "DXCall" from the mosr recent decode there, and attempt a decode at that frequency with full "q3" sensitivity. - Use new ADIF recommendations for Q65: mode=MFSK, submode=Q65. - If "Single decode" is unchecked, look for Q65 decodes from accumulated average even after obtaining a single-sequence decode at selected Rx Freq. - For data read from .wav files, display the original UTC (derived from file name) on the waterfall instead of current UTC. - Protect against bounds errors caused by unusual settings on the Wide Graph. - Correct a problem with Split operation in FT4 mode. Thanks to JG1APX. Release: WSJT-X 2.4.0-rc3 Mar 15, 2021 ------------------------- WSJT-X 2.4.0 Release Candidate 3 adds new Q65 mode functionality and decoder optimizations; repairs defects and regressions discovered in the RC2 and v2.3.0 GA releases. - Repaired a memory corruption related to display of Q65_Sync, particularly nasty on macOS. - Q65 now dissplays two sync curves: orange for the current sequence, red for the accumulated average. - Behavior of "Save decoded" has been corrected. - Repaired a defect that caused crash when displaying the Wide Graph with lower frequency limit set to 0. - Program no longer terminates a transmission when Settings is closed. - Program no longer forces TxFreq to 700 or 1000 Hz when entering Q65 mode or closing Settings. Instead, it highlights TxFreq with red background when its value should be 700 Hz but is not. - Program displays a warning label if a contest mode is active in Q65 mode. - Many updates to User Guide, mostly related to Q65. - Repaired a regression that disallowed a new QSO initiation after an abandoned QSO. Release: WSJT-X 2.4.0-rc2 Mar 6, 2021 ------------------------- WSJT-X 2.4.0 Release Candidate 2 adds new Q65 mode functionality and decoder optimizations; repairs defects and regressions discovered in the RC1 release. - Q65 sample .WAV files added. - Repair a defect that caused WSJT-X to crash when launched from an icon on macOS. - Repair a crash when using the JT4 mode. - Sequencing improvements to hold transmitted signal report fixed during a QSO. - UI translation updates tnx to Sze-to, VR2UPU, and Michael, 5P1KZX. - Enable the "Call 1st" option for Q65. - Improved Q65 message averaging that linearly averages the first 4 sequences and averages exponentially thereafter using a time-constant of 4 sequences. - Improved macOS post-install instructions, tnx to John, G4KLA. - Enhanced Q65 simulator that generates file names compatible with message averaging, tnx Charlie, G3WDG. - Q65 simulator option to generate single tone waveforms, tnx to Charlie, G3WDG. - Better suppression of birdies in the Q65 decoder. - Blank Q65 decode messages removed. - Automatic low Tx audio offset for the widest Q65 modes to keep Tx signal in transmitter passband, tnx to Charlie, G3WDG. - Improved SNR estimates for Q65 mode. - Decode depths Fast/Normal/Deep are now identical in Q65 mode. - "Save decoded" is now enabled for Q65 mode. - The obsolete ISCAT mode has been removed. -------------------------------------------------------------------------------- ChangeLog: * Mon May 24 2021 Richard Shaw <hobbes1...@gmail.com> - 2.4.0-1 - Update to 2.4.0. * Tue Mar 30 2021 Jonathan Wakely <jwak...@redhat.com> - 2.3.1-2 - Rebuilt for removed libstdc++ symbol (#1937698) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1964006 - wsjtx-2.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1964006 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
