The following Fedora 31 Security updates need testing:
Age URL
44
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31
nodejs-12.18.4-1.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-01dc2bc62c fastd-21-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727
kata-ksm-throttler-1.11.1-1.fc31.1
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7
kata-osbuilder-1.11.1-1.fc31.1
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44
arpwatch-2.1a15-48.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87
kata-shim-1.11.1-1.fc31.1
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889
pngcheck-2.3.0-3.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8
chromium-86.0.4240.111-1.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be
community-mysql-8.0.22-1.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1
blueman-2.1.4-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-09e4d062fe
kernel-5.8.17-100.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0ea9e2d33
mariadb-10.3.25-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf41fcdeba libntlm-1.6-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-477b00a4d8
libtpms-0.7.4-0.20201031git2452a24dab.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf266424ea
wordpress-5.5.2-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
81
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d
ceph-14.2.12-1.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156
linux-firmware-20201022-113.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-517bc29c3f
vim-8.2.1885-1.fc31
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b
nfs-utils-2.5.2-0.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-09e4d062fe
kernel-5.8.17-100.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-eeb0523bd0
mtools-4.0.25-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c635688f4e
libbluray-1.2.1-2.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-871455fdcf
firefox-82.0.2-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
Thunar-1.8.16-1.fc31
cmst-2020.11.01-1.fc31
drawing-0.6.3-1.fc31
mujs-1.0.9-1.fc31
pg-semver-0.31.0-1.fc31
python-sqlalchemy-1.3.20-1.fc31
vdr-epg-daemon-1.1.165-1.fc31
xfce4-panel-4.14.4-3.fc31
xfwm4-4.14.6-1.fc31
Details about builds:
================================================================================
Thunar-1.8.16-1.fc31 (FEDORA-2020-96de0e4e9d)
Thunar File Manager
--------------------------------------------------------------------------------
Update Information:
Update thunar to 1.8.16, xfce4-panel to 4.14.4, and xfwm4 to 4.14.6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 1.8.16-1
- Update to 1.8.16
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.15-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.15-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun May 24 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 1.8.15-1
- Update to 1.8.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885080 - Thunar spontaneously hangs; bug fixed but packages not in distro
https://bugzilla.redhat.com/show_bug.cgi?id=1885080
--------------------------------------------------------------------------------
================================================================================
cmst-2020.11.01-1.fc31 (FEDORA-2020-ffd36dc406)
A Qt based GUI front end for the connman connection manager with systemtray icon
--------------------------------------------------------------------------------
Update Information:
Update to 2020.11.01
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 2020.11.01-1
- Update to 2020.11.01-1
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
2020.05.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893502 - cmst-2020.11.01 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893502
--------------------------------------------------------------------------------
================================================================================
drawing-0.6.3-1.fc31 (FEDORA-2020-1fe693724e)
Drawing application for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.6.3-1
- build(update): 0.6.3
--------------------------------------------------------------------------------
================================================================================
mujs-1.0.9-1.fc31 (FEDORA-2020-53773f4954)
An embeddable Javascript interpreter
--------------------------------------------------------------------------------
Update Information:
A new version of mujs is now available for Fedora and EPEL. Besides generic
enhancements and bugfixes, this release also fixes three tracked security
issues: CVE-2019-11411, CVE-2019-11412 and CVE-2019-11413.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 31 2020 Petr ��abata <contyk(a)redhat.com> - 1.0.9-1
- 1.0.9 bump
- Addresses CVE-2019-11411, CVE-2019-11412 and CVE-2019-11413
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1873066 - CVE-2019-11413 mujs: DoS in regexp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873066
[ 2 ] Bug #1873067 - CVE-2019-11413 mujs: DoS in regexp.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873067
[ 3 ] Bug #1873072 - CVE-2019-11412 mujs: DoS in jscompile.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873072
[ 4 ] Bug #1873073 - CVE-2019-11412 mujs: DoS in jscompile.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873073
[ 5 ] Bug #1873077 - CVE-2019-11411 mujs: stack-based buffer overflow in jsnumber.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873077
[ 6 ] Bug #1873078 - CVE-2019-11411 mujs: stack-based buffer overflow in jsnumber.c
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873078
--------------------------------------------------------------------------------
================================================================================
pg-semver-0.31.0-1.fc31 (FEDORA-2020-e101f1dd2d)
A semantic version data type for PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.31.0 -
https://github.com/theory/pg-
semver/releases/tag/v0.31.0 Changes: ``` - Added a workaround for an LLVM
bitcode compile error. Thanks to @mark-s-a for the report (#40). - Removed
--load-language from the options for running the tests, as it has not been
needed since 9.1, we support 9.2 and higher, and it has been removed from
Postgres 13. - Fixed an a collation error on Postgres 12 and higher. Thanks to
Andrew for Marc Munro for the report and to Andrew Gierth for the fix
(pgxn/pgxn-manager#67). - Prerelease parts are now compared in ASCII sort order
as specified by the spec, no longer case-insensitively. This is a breaking
change in the sense that 1.0.0-rc1 will now be considered greater than 1.0.0-RC1
rather than equivalent, but they're both still valid. See semver/semver#176 for
the relevant discussion. Thanks to Andrew Gierth for the spot! ```
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Kutlak <mkfedora(a)fedoraproject.org> - 0.31.0-1
- Update to 0.31.0
--------------------------------------------------------------------------------
================================================================================
python-sqlalchemy-1.3.20-1.fc31 (FEDORA-2020-1577daac43)
Modular and flexible ORM library for python
--------------------------------------------------------------------------------
Update Information:
This is a bugfix and enhancement release. The upstream [announcement](https://w
ww.sqlalchemy.org/blog/2020/10/12/sqlalchemy-1.3.20-released/) summarizes and
the [
changelog](https://docs.sqlalchemy.org/en/13/changelog/changelog_13.html#ch
ange-1.3.20) contains a detailed list of changes in version 1.3.20.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Nils Philippsen <nils(a)tiptoe.de> - 1.3.20-1
- version 1.3.20
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1887611 - python-sqlalchemy-1.3.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1887611
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.1.165-1.fc31 (FEDORA-2020-cb7153d7d5)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.165-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.165-1
- Update to 1.1.165
* Fri Aug 28 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.163-2
- Rebuilt for new VDR API version
--------------------------------------------------------------------------------
================================================================================
xfce4-panel-4.14.4-3.fc31 (FEDORA-2020-96de0e4e9d)
Next generation panel for Xfce
--------------------------------------------------------------------------------
Update Information:
Update thunar to 1.8.16, xfce4-panel to 4.14.4, and xfwm4 to 4.14.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.4-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Apr 28 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.4-1
- Update to 4.14.4
* Tue Feb 25 2020 Robin Lee <cheeselee(a)fedoraproject.org> - 4.14.3-2
- Disable vapigen by now (RHBZ#1800267)
- Filter private shared libraries
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885080 - Thunar spontaneously hangs; bug fixed but packages not in distro
https://bugzilla.redhat.com/show_bug.cgi?id=1885080
--------------------------------------------------------------------------------
================================================================================
xfwm4-4.14.6-1.fc31 (FEDORA-2020-96de0e4e9d)
Next generation window manager for Xfce
--------------------------------------------------------------------------------
Update Information:
Update thunar to 1.8.16, xfce4-panel to 4.14.4, and xfwm4 to 4.14.6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.6-1
- Update to 4.14.6
* Sun Aug 9 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.5-1
- Update to 4.14.5
* Sat Aug 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.4-1
- Update to 4.14.4
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun Jul 26 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.3-1
- Update to 4.14.3
- Drop merged patch
* Wed Jul 15 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.2-2
- Add patch to fix crashes with glib 2.65.x
* Fri May 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.2-1
- Update to 4.14.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885080 - Thunar spontaneously hangs; bug fixed but packages not in distro
https://bugzilla.redhat.com/show_bug.cgi?id=1885080
--------------------------------------------------------------------------------