The following Fedora 29 Security updates need testing: Age URL 262 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1 asterisk-16.2.1-1.fc29 248 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c84f291592 WALinuxAgent-2.2.38-1.fc29 243 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7528388823 chicken-5.0.0-2.fc29 203 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9839aded3f python-gnupg-0.4.4-1.fc29 199 https://bodhi.fedoraproject.org/updates/FEDORA-2019-35cb5a4785 kubernetes-1.13.5-1.fc29 137 https://bodhi.fedoraproject.org/updates/FEDORA-2019-32f7cd9b66 dosbox-0.74.3-2.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf8b97d604 koji-1.19.1-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a16af2158 thunderbird-68.2.2-1.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a931c8eec oniguruma-6.9.1-3.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-941d57ed72 thunderbird-enigmail-2.1.3-4.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-52445dce42 rubygem-rubyzip-1.1.7-10.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6dd4da1ba5 chromium-78.0.3904.97-1.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7debdd1807 ghostscript-9.27-2.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c5628ced32 libidn2-2.3.0-1.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-28d3cd20c0 mingw-libidn2-2.3.0-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 174 https://bodhi.fedoraproject.org/updates/FEDORA-2019-06a2d1c7fb anaconda-29.24.7-3.fc29 172 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cefd3161a nfs-utils-2.3.3-4.rc2.fc29 146 https://bodhi.fedoraproject.org/updates/FEDORA-2019-583d9d5a56 mutter-3.30.2-3.fc29 132 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6f13c38d0d python-urllib3-1.24.3-2.fc29 129 https://bodhi.fedoraproject.org/updates/FEDORA-2019-62e681b68b ipset-7.2-1.fc29 24 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3bdedf56fb sssd-2.2.2-3.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf8b97d604 koji-1.19.1-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-46ca6c1f90 libosinfo-1.2.0-9.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5caa3975e6 osinfo-db-20191108-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a16af2158 thunderbird-68.2.2-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3c974c4e2a satyr-0.29-2.fc29 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d7fa47fd5 python-pip-18.1-2.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-14dc54e0d6 firefox-70.0.1-4.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c5628ced32 libidn2-2.3.0-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
libarchive-3.3.3-7.fc29 microcode_ctl-2.1-34.fc29 nordugrid-arc-nagios-plugins-2.0.0-1.fc29 pcre2-10.33-16.fc29 perl-DateTime-TimeZone-2.38-1.fc29 python-pycryptodomex-3.9.3-1.fc29 vdr-epg2vdr-1.1.101-2.fc29 whois-5.5.3-1.fc29
Details about builds:
================================================================================ libarchive-3.3.3-7.fc29 (FEDORA-2019-fd2a963f4b) A library for handling streaming archive formats -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2019-18408 RAR reader: fix use after free If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed to continue with next archive headers. We need to set rar->start_new_table after the ppmd7_context got freed, otherwise it won't be allocated again. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Ondrej Dubaj odubaj@redhat.com - 3.3.3-7 - fixed use after free in rar (#1769980) - fixed zstd test -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1769980 - CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data in archive_read_support_format_rar.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1769980 --------------------------------------------------------------------------------
================================================================================ microcode_ctl-2.1-34.fc29 (FEDORA-2019-a9b7178716) Tool to transform and deploy CPU microcode update for x86 -------------------------------------------------------------------------------- Update Information:
Update to upstream 2.1-25. 20191115 -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Anton Arapov aarapov@redhat.com 2:2.1-34 - Update to upstream 2.1-25. 20191115 --------------------------------------------------------------------------------
================================================================================ nordugrid-arc-nagios-plugins-2.0.0-1.fc29 (FEDORA-2019-622dd87580) Nagios plugins for ARC -------------------------------------------------------------------------------- Update Information:
* ARC nagios plugins 2.0.0 -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Mattias Ellert mattias.ellert@physics.uu.se - 2.0.0-1 - Version 2.0.0 * Thu Oct 3 2019 Mattias Ellert mattias.ellert@physics.uu.se - 2.0.0~rc2-1 - Version 2.0.0 rc2 - This version uses python 3 * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1.9.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Mar 12 2019 Mattias Ellert mattias.ellert@physics.uu.se - 1.9.1-9 - Update sphinx BR * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.9.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Nov 22 2018 Mattias Ellert mattias.ellert@physics.uu.se - 1.9.1-7 - Fix python shebangs --------------------------------------------------------------------------------
================================================================================ pcre2-10.33-16.fc29 (FEDORA-2019-f0e074754a) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information:
This release fixes an mismatch if the first character in a caseless pattern was in an assertion, was non-ASCII, its other case started with a different code unit and optimizations were enabled. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Petr Pisar ppisar@redhat.com - 10.33-16 - Fix optimized caseless matching of non-ASCII characters in assertions (upstream bug #2466) --------------------------------------------------------------------------------
================================================================================ perl-DateTime-TimeZone-2.38-1.fc29 (FEDORA-2019-fe25c0f06c) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information:
Updated to the latest version. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Jitka Plesnikova jplesnik@redhat.com - 2.38-1 - 2.38 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1773104 - perl-DateTime-TimeZone-2.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1773104 --------------------------------------------------------------------------------
================================================================================ python-pycryptodomex-3.9.3-1.fc29 (FEDORA-2019-66a29699d9) A self-contained cryptographic library for Python -------------------------------------------------------------------------------- Update Information:
#3.9.3 (12 November 2019) Resolved issues --------------- * GH#308: Align stack of functions using SSE2 intrinsics to avoid crashes, when compiled with gcc on 32-bit x86 platforms. #3.9.2 (10 November 2019) New features ------------ * Add Python 3.8 wheels for Mac. Resolved issues --------------- * GH#308: Avoid allocating arrays of ``__m128i`` on the stack, to cope with buggy compilers. * GH#322: Remove blanket ``-O3`` optimization for gcc and clang, to cope with buggy compilers. * GH#337: Fix typing stubs for signatures. * GH#338: Deal with gcc installations that don't have ``x86intrin.h``. #3.9.1 (1 November 2019) New features ------------ * Add Python 3.8 wheels for Linux and Windows. Resolved issues --------------- * GH#328: minor speed-up when importing RSA. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 15 2019 Mohamed El Morabity melmorabity@fedoraproject.org - 3.9.3-1 - Update to 3.9.3 * Fri Nov 15 2019 Mohamed El Morabity melmorabity@fedoraproject.org - 3.9.2-1 - Update to 3.9.2 - Spec cleanup -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1768052 - python-pycryptodomex-3.9.3x is available https://bugzilla.redhat.com/show_bug.cgi?id=1768052 --------------------------------------------------------------------------------
================================================================================ vdr-epg2vdr-1.1.101-2.fc29 (FEDORA-2019-f17f2c877d) A plugin to retrieve EPG data from a mysql database into VDR -------------------------------------------------------------------------------- Update Information:
- Add %%{name}-py38.patch -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Martin Gansser martinkg@fedoraproject.org - 1.1.101-2 - Add %{name}-py38.patch --------------------------------------------------------------------------------
================================================================================ whois-5.5.3-1.fc29 (FEDORA-2019-073e8e9932) Improved WHOIS client -------------------------------------------------------------------------------- Update Information:
This release adds a record for a new 2630:0000::/12 network and for a new cpa. TLD. It also updates a record for xxx. TLD. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 18 2019 Petr Pisar ppisar@redhat.com - 5.5.3-1 - 5.5.3 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1773405 - whois-5.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1773405 --------------------------------------------------------------------------------