The following Fedora 33 Security updates need testing: Age URL 18 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 13 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c56a213327 skopeo-1.2.3-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ab6e2a0828 p7zip-16.02-20.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4a17f0225d ansible-2.9.20-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f925ef1e2a pngcheck-2.4.0-8.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cfdc434610 libtpms-0.8.2-0.20210426git729fc6a4ca.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-88d24aa32b perl-Image-ExifTool-12.16-3.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-90b4716992 axel-2.17.10-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d4149ff7fb libmicrohttpd-0.9.73-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-dd62918333 python-yara-4.1.0-1.fc33 yara-4.1.0-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-05a145ee27 php-7.4.18-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3f975f68c8 python-pygments-2.6.1-6.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b9093bc6c6 java-latest-openjdk-16.0.1.0.9-1.rolling.fc33
The following Fedora 33 Critical Path updates have yet to be approved: Age URL 37 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 20 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e8f2b4555f libbluray-1.3.0-1.fc33 14 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0fcde60f54 xdg-desktop-portal-1.8.1-2.fc33 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-447fb19490 createrepo_c-0.17.2-1.fc33 dnf-4.7.0-1.fc33 dnf-plugins-core-4.0.21-1.fc33 libdnf-0.62.0-1.fc33 librepo-1.14.0-1.fc33 microdnf-3.8.0-1.fc33 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a5cba1894e mtools-4.0.27-1.fc33 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e50f4a64ac plymouth-0.9.5-2.20210331git1ea1020.fc33 7 https://bodhi.fedoraproject.org/updates/FEDORA-2021-45b9b30892 evolution-data-server-3.38.4-2.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-604697bc65 gnome-online-accounts-3.38.2-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f1f18d78a6 nfs-utils-2.5.3-2.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-56ab6d4bcc osinfo-db-20210426-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6761b1adac shadow-utils-4.8.1-6.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-988350dcad poppler-0.90.0-7.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-353ac32f40 xdg-utils-1.1.3-9.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-610deea5b8 pipewire-0.3.26-2.fc33 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea13091639 gnome-software-3.38.2-2.fc33 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-55842d68c9 kernel-5.11.17-200.fc33 0 https://bodhi.fedoraproject.org/updates/FEDORA-2021-050d4e8def selinux-policy-3.14.6-37.fc33
The following builds have been pushed to Fedora 33 updates-testing
ardour6-6.6.0-1.fc33 dcfldd-1.7-1.fc33 dd_rescue-1.99.11-1.fc33 dialog-1.3-29.20210117.fc33 exiv2-0.27.3-6.fc33 fedora-repos-33-5 fedora-upgrade-34.3-1.fc33 iaito-5.2.2-1.fc33 kirigami-gallery-21.04.0-1.fc33 php-laminas-cache-2.10.2-1.fc33 php-pear-Net-Sieve-1.4.5-1.fc33 pungi-4.2.9-1.fc33 qt5-qtwayland-5.15.2-6.fc33 rpm-ostree-2021.4-3.fc33 samba-4.13.8-0.fc33 stalld-1.10-1.fc33 vdr-osdteletext-2.1.1-1.fc33
Details about builds:
================================================================================ ardour6-6.6.0-1.fc33 (FEDORA-2021-ab9406e9e1) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information:
Upstream bugfix and enhancement release. For details, refer to the [upstream release announcement](https://discourse.ardour.org/t/ardour-6-6-is- released/105521). -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 24 2021 Guido Aulisi guido.aulisi@gmail.com - 6.6.0-1 - Version 6.6.0 - Fix FTBFS with GCC 11 * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 6.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ dcfldd-1.7-1.fc33 (FEDORA-2021-7b305028ce) Improved dd, useful for forensics and security -------------------------------------------------------------------------------- Update Information:
switch to fork https://github.com/resurrecting-open-source-projects/dcfldd -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 28 2021 Michal Ambroz <rebus at, seznam.cz> - 1.7-1 - switch to fork https://github.com/resurrecting-open-source-projects/dcfldd - bump to version 1.7 * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.3.4.1-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1955105 - dcfldd-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1955105 --------------------------------------------------------------------------------
================================================================================ dd_rescue-1.99.11-1.fc33 (FEDORA-2021-75087c3782) Fault tolerant "dd" utility for rescuing data from bad media -------------------------------------------------------------------------------- Update Information:
bump to 1.99.11 ---- Update to dd_rescue-1.99.10, keeping dd_rhelp-0.3.0. ---- Update to dd_rescue-1.99.9, keeping dd_rhelp-0.3.0. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Michal Ambroz <rebus AT seznam dot cz> - 1.99.11-1 - bump to 1.99.11 * Mon Mar 8 2021 Hans Ulrich Niedermann hun@n-dimensional.de - 1.99.10-14 - Update to dd_rescue-1.99.10 and dd_rhelp-0.3.0 * Sat Feb 27 2021 Hans Ulrich Niedermann hun@n-dimensional.de - 1.99.9-13 - Update to dd_rescue-1.99.9 and dd_rhelp-0.3.0 * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.99.8-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Sep 28 2020 Jeff Law law@redhat.com - 1.99.8-12 - Re-enable LTO as upstream GCC target/96939 has been fixed -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1933416 - dd_rescue-1.99.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1933416 [ 2 ] Bug #1936356 - dd_rescue-1.99.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1936356 [ 3 ] Bug #1955030 - dd_rescue-1.99.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1955030 --------------------------------------------------------------------------------
================================================================================ dialog-1.3-29.20210117.fc33 (FEDORA-2021-011a6f4562) A utility for creating TTY dialog boxes -------------------------------------------------------------------------------- Update Information:
Update to a newer upstream release, which fixes a bug with the --pause option. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 18 2021 Miroslav Lichvar mlichvar@redhat.com - 1.3-29.20210117 - update to 1.3-20210117 * Fri Nov 27 2020 Miroslav Lichvar mlichvar@redhat.com - 1.3-28.20201126 - update to 1.3-20201126 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1954883 - Version: 1.3-20200327 has bug with --pause option. https://bugzilla.redhat.com/show_bug.cgi?id=1954883 --------------------------------------------------------------------------------
================================================================================ exiv2-0.27.3-6.fc33 (FEDORA-2021-be94728b95) Exif and Iptc metadata manipulation library -------------------------------------------------------------------------------- Update Information:
Exiv2 update fixing security issues. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Jan Grulich jgrulich@redhat.com - 0.27.3-6 - CVE-2021-3482: Fix heap-based buffer overflow in Jp2Image::readMetadata() CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 0.27.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1946315 - CVE-2021-3482 exiv2: heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1946315 [ 2 ] Bug #1952608 - CVE-2021-29458 exiv2: out-of-bounds read in Exiv2::Internal::CrwMap::encode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1952608 [ 3 ] Bug #1952613 - CVE-2021-29457 exiv2: heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1952613 [ 4 ] Bug #1953709 - CVE-2021-29470 exiv2: out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1953709 [ 5 ] Bug #1954066 - CVE-2021-29473 exiv2: out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1954066 --------------------------------------------------------------------------------
================================================================================ fedora-repos-33-5 (FEDORA-2021-1fa34fec98) Fedora package repositories -------------------------------------------------------------------------------- Update Information:
Enable archived repository in non rawhide releases -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 28 2021 Dusty Mabe dusty@dustymabe.com - 33-5 - Enable the updates archive repo on non-rawhide. --------------------------------------------------------------------------------
================================================================================ fedora-upgrade-34.3-1.fc33 (FEDORA-2021-34ba18015f) Upgrade Fedora to next version using dnf upgrade (unofficial tool) -------------------------------------------------------------------------------- Update Information:
removed prerelease test for F34 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Miroslav Such�� msuchy@redhat.com 34.3-1 - remove prerelease test for F34 --------------------------------------------------------------------------------
================================================================================ iaito-5.2.2-1.fc33 (FEDORA-2021-7582a9f7f3) GUI for radare2 reverse engineering framework -------------------------------------------------------------------------------- Update Information:
bump to 5.2.2 ---- bump to 5.2.1 -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1954370 - iaito-5.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1954370 --------------------------------------------------------------------------------
================================================================================ kirigami-gallery-21.04.0-1.fc33 (FEDORA-2021-ba4f2b390f) Gallery application built using Kirigami -------------------------------------------------------------------------------- Update Information:
``` * Wed Apr 28 2021 Rex Dieter rdieter@fedoraproject.org - 21.04.0-1 - 21.04.0 ``` -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 28 2021 Rex Dieter rdieter@fedoraproject.org - 21.04.0-1 - 21.04.0 * Mon Apr 12 2021 Onuralp SEZER thunderbirdtr@fedoraproject.org 21.03.90-3 - requirement : breeze-icon-theme added. * Mon Apr 12 2021 Onuralp SEZER thunderbirdtr@fedoraproject.org 21.03.90-2 - F35FailsToInstall fix (#1948402) * Sat Apr 10 2021 Onuralp SEZER thunderbirdtr@fedoraproject.org 21.03.90-1 - 21.03.90 (#1943793) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1952648 - kirigami-gallery-21.04.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1952648 --------------------------------------------------------------------------------
================================================================================ php-laminas-cache-2.10.2-1.fc33 (FEDORA-2021-1b6968848d) Laminas Framework Cache component -------------------------------------------------------------------------------- Update Information:
**Version 2.10.2** Fixed * The decorator for PSR-6 CacheItemPool assumed that a deletion was successful even if the underlying storage failed to delete these items. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Remi Collet remi@remirepo.net - 2.10.2-1 - update to 2.10.2 - update laminas-cache-storage-adapter-filesystem to 1.1.1 - update laminas-cache-storage-adapter-memcached to 1.1.0 - update laminas-cache-storage-adapter-memory to 1.1.0 - update laminas-cache-storage-adapter-test to 1.1.1 --------------------------------------------------------------------------------
================================================================================ php-pear-Net-Sieve-1.4.5-1.fc33 (FEDORA-2021-db0498f712) Handles talking to a sieve server -------------------------------------------------------------------------------- Update Information:
**Version 1.4.5** * Support XOAUTH2 authorization method -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Remi Collet remi@remirepo.net - 1.4.5-1 - update to 1.4.5 --------------------------------------------------------------------------------
================================================================================ pungi-4.2.9-1.fc33 (FEDORA-2021-9af76fe9fa) Distribution compose tool -------------------------------------------------------------------------------- Update Information:
New upstream release 4.2.9 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 onosek - 4.2.9-1 - New upstream release 4.2.9 - Fix can't link XDEV using repos as pkgset_sources (romain.forlot) - Updated the deprecated ks argument name (to the current inst.ks) (lveyde) - gather: Adjust reusing with lookaside (hlin) - hybrid: Optimize getting lookaside packages (lsedlar) - gather: Copy old logs when reusing gather result (hlin) - Cancel koji tasks when pungi terminated (hlin) - Add Dockerfile for building testing image (hlin) - image_container: Fix incorrect arch processing (lsedlar) - runroot: Adjust permissions always (hlin) - Format code (hlin) - pkgset: Fix meaning of retries (lsedlar) - pkgset: Store module tag only if module is used (lsedlar) - Store extended traceback for gather errors (lsedlar) --------------------------------------------------------------------------------
================================================================================ qt5-qtwayland-5.15.2-6.fc33 (FEDORA-2021-d6696fafa9) Qt5 - Wayland platform support and QtCompositor module -------------------------------------------------------------------------------- Update Information:
Include fixes from invent.kde.org repo -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 27 2021 Rex Dieter rdieter@fedoraproject.org - 5.15.2-6 - Pull in latest fixes from https://invent.kde.org/qt/qt/qtwayland -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1940968 - Diacritics cannot be type using dead keys under Wayland https://bugzilla.redhat.com/show_bug.cgi?id=1940968 --------------------------------------------------------------------------------
================================================================================ rpm-ostree-2021.4-3.fc33 (FEDORA-2021-b724063bdc) Hybrid image/package system -------------------------------------------------------------------------------- Update Information:
For https://pagure.io/fedora-infrastructure/issue/9909 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 28 2021 Colin Walters walters@verbum.org - 2021.4-3 - Backport another patch for https://pagure.io/fedora-infrastructure/issue/9909 * Tue Apr 27 2021 Colin Walters walters@verbum.org - 2021.4-2 - Backport patch for https://pagure.io/fedora-infrastructure/issue/9909 --------------------------------------------------------------------------------
================================================================================ samba-4.13.8-0.fc33 (FEDORA-2021-1d0807008b) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information:
Update to Samba 4.13.8 - Security fixes for CVE-2021-20254 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Guenther Deschner gdeschner@redhat.com - 4.13.8-0 - Update to Samba 4.13.8 - resolves: #1949442, #1955027 - Security fixes for CVE-2021-20254 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1949442 - CVE-2021-20254 samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token https://bugzilla.redhat.com/show_bug.cgi?id=1949442 --------------------------------------------------------------------------------
================================================================================ stalld-1.10-1.fc33 (FEDORA-2021-ab5498a047) Daemon that finds starving tasks and gives them a temporary boost -------------------------------------------------------------------------------- Update Information:
* Tue Apr 27 2021 Clark Williams williams@redhat.com - 1.10-1 - utils: Fix bounds check on cpu and end_cpu variables - stalld: Support denylisting of tasks in stalld - src/utils: use right argument for warning printf -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 27 2021 Clark Williams williams@redhat.com - 1.10-1 - utils: Fix bounds check on cpu and end_cpu variables - stalld: Support denylisting of tasks in stalld - src/utils: use right argument for warning printf * Tue Mar 2 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 1.9-2 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --------------------------------------------------------------------------------
================================================================================ vdr-osdteletext-2.1.1-1.fc33 (FEDORA-2021-349ce2f443) OSD teletext plugin for VDR -------------------------------------------------------------------------------- Update Information:
Update to 2.1.1-1 ---- Update to 2.1.0-1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 29 2021 Martin Gansser martinkg@fedoraproject.org - 2.1.1-1 - Udate to 2.1.1 * Sat Apr 24 2021 Martin Gansser martinkg@fedoraproject.org - 2.1.0-1 - Use correct release tag for 2.1.0 --------------------------------------------------------------------------------