The following Fedora 31 Security updates need testing:
Age URL
42
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31
nodejs-12.18.4-1.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-01dc2bc62c fastd-21-1.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727
kata-ksm-throttler-1.11.1-1.fc31.1
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7
kata-osbuilder-1.11.1-1.fc31.1
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44
arpwatch-2.1a15-48.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87
kata-shim-1.11.1-1.fc31.1
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889
pngcheck-2.3.0-3.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8
chromium-86.0.4240.111-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be
community-mysql-8.0.22-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1
blueman-2.1.4-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-09e4d062fe
kernel-5.8.17-100.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0ea9e2d33
mariadb-10.3.25-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
80
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9bb2c6d5af ethtool-5.9-1.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d
ceph-14.2.12-1.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156
linux-firmware-20201022-113.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-517bc29c3f
vim-8.2.1885-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b
nfs-utils-2.5.2-0.fc31
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-09e4d062fe
kernel-5.8.17-100.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-eeb0523bd0
mtools-4.0.25-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
boinc-client-7.16.11-2.fc31
firefox-82.0.2-1.fc31
icewm-1.9.0-1.fc31
libbluray-1.2.1-2.fc31
mame-0.226-1.fc31
mlpack-3.4.2-1.fc31
psi-plus-1.4.1523-1.fc31
quaternion-0.0.9.4e-5.fc31
usrsctp-1.0.0-0.1.20201017gitf4925bd.fc31
wordpress-5.5.2-1.fc31
Details about builds:
================================================================================
boinc-client-7.16.11-2.fc31 (FEDORA-2020-6a5fea0017)
The BOINC client
--------------------------------------------------------------------------------
Update Information:
7.16.11 release. Added /etc/boinc-client/config.properties ---- 7.16.11
release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.11-2
- Added SOURCE4: config.properties
* Fri Oct 30 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.11-1
- 7.16.11 release
- Added 4071.patch Read
https://github.com/BOINC/boinc/pull/4071
-
* Tue Oct 6 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.6-7
- Re-enabled ppc64 architecture on EPEL7. Read
https://bugzilla.redhat.com/show_bug.cgi?id=1648290
--------------------------------------------------------------------------------
================================================================================
firefox-82.0.2-1.fc31 (FEDORA-2020-871455fdcf)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- New upstream version (82.0.1) - Fixed Firefox crashes (rhbz#1888920) ---- -
New upstream update (82.0.1) - Fixes fatal SHM allocation errors (rhbz#1889251)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Martin Stransky <stransky(a)redhat.com> - 82.0.2-1
- Updated to 82.0.2
- Removed mzbz#1668771 due to rhbz#1888920
* Wed Oct 28 2020 Martin Stransky <stransky(a)redhat.com> - 82.0.1-1
- Updated to 82.0.1
* Tue Oct 27 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-8
- Added fix for mozbz#1673313
* Tue Oct 27 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-7
- Added fix for rawhide crashes (rhbz#1891234)
* Sat Oct 24 2020 Martin Stransky <stransky(a)redhat.com> - 82.0-6
- Enable LTO
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1888920 - Firefox crashes on wayland with WL: error in client communication
https://bugzilla.redhat.com/show_bug.cgi?id=1888920
[ 2 ] Bug #1889251 - Firefox 81 crashes in
mozilla::widget::WaylandShmPool::WaylandShmPool
https://bugzilla.redhat.com/show_bug.cgi?id=1889251
[ 3 ] Bug #1891849 - Firefox 82.0.1 available
https://bugzilla.redhat.com/show_bug.cgi?id=1891849
--------------------------------------------------------------------------------
================================================================================
icewm-1.9.0-1.fc31 (FEDORA-2020-c47012fa37)
Window manager designed for speed, usability, and consistency
--------------------------------------------------------------------------------
Update Information:
Update to 1.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.9.0-1
- build(update): 1.9.0
--------------------------------------------------------------------------------
================================================================================
libbluray-1.2.1-2.fc31 (FEDORA-2020-c635688f4e)
Library to access Blu-Ray disks for video playback
--------------------------------------------------------------------------------
Update Information:
Fix dependency issue between libbluray-devel and libudfread-devel ---- From
upstream changelog: - Add initial support for .fmts files. - Improve
missing/broken playlist handling ("Star Trek Beyond 4K"). - Improve UHD
metadata
support. - Improve BD-J compability. - Improve error resilience and stability. -
Fix long delay in "Evangelion, You are (not) alone" menu. - Fix JVM bootstrap
issues with some Java 9 versions. - Fix sign extended bytes when reading single
bytes in BDJ. - Fix creating organization and disc specific BD-J BUDA
directories. - Use external libudfread when available. - Rename list_titles to
bd_list_titles and add it to installed programs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Xavier Bachelot <xavier(a)bachelot.org> 1.2.1-2
- Disable external libudfread (RHBZ#1892856)
* Sat Oct 24 2020 Xavier Bachelot <xavier(a)bachelot.org> 1.2.1-1
- Update to 1.2.1 (RHBZ#1891243)
- Enable external libudfread
- Drop most test utilities
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat Jul 11 2020 Jiri Vanek <jvanek(a)redhat.com> - 1.2.0-2
- Rebuilt for JDK-11, see
https://fedoraproject.org/wiki/Changes/Java11
* Wed May 6 2020 Xavier Bachelot <xavier(a)bachelot.org> 1.2.0-1
- Update to 1.2.0
- Use unversioned JDK_HOME
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891243 - libbluray-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891243
[ 2 ] Bug #1892856 - F34FailsToInstall: libbluray-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1892856
--------------------------------------------------------------------------------
================================================================================
mame-0.226-1.fc31 (FEDORA-2020-81da8b3707)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest upstream release: *
https://www.mamedev.org/?p=488
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 29 2020 Julian Sikorski <belegdol(a)fedoraproject.org> - 0.226-1
- Update to 0.226
--------------------------------------------------------------------------------
================================================================================
mlpack-3.4.2-1.fc31 (FEDORA-2020-54b9b1e97e)
Scalable, fast C++ machine learning library
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 28 2020 Ryan Curtin <ryan(a)ratml.org> - 3.4.2-1
- Update to latest stable version.
--------------------------------------------------------------------------------
================================================================================
psi-plus-1.4.1523-1.fc31 (FEDORA-2020-4a4fd39b9e)
Jabber client based on Qt
--------------------------------------------------------------------------------
Update Information:
Updated to version 1.4.1523.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1:1.4.1523-1
- Updated to version 1.4.1523.
--------------------------------------------------------------------------------
================================================================================
quaternion-0.0.9.4e-5.fc31 (FEDORA-2020-152670d79d)
A Qt5-based IM client for Matrix
--------------------------------------------------------------------------------
Update Information:
This update fixes a packaging error by explicitly declaring qtquickcontrols in
requires.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Brendan Early <mymindstorm(a)evermiss.net> - 0.0.9.4e-5
- Add explicit requires for qtquickcontrols
* Thu Aug 6 2020 Brendan Early <mymindstorm(a)evermiss.net> - 0.0.9.4e-4
- Fix build failure
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.0.9.4e-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.0.9.4e-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
usrsctp-1.0.0-0.1.20201017gitf4925bd.fc31 (FEDORA-2020-4a4fd39b9e)
Portable SCTP userland stack
--------------------------------------------------------------------------------
Update Information:
Updated to version 1.4.1523.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
wordpress-5.5.2-1.fc31 (FEDORA-2020-bf266424ea)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 5.5.2 Security and Maintenance Release** **Security Updates** *
Props to Alex Concha of the WordPress Security Team for their work in hardening
deserialization requests. * Props to David Binovec on a fix to disable spam
embeds from disabled sites on a multisite network. * Thanks to Marc Montas
from Sucuri for reporting an issue that could lead to XSS from global variables.
* Thanks to Justin Tran who reported an issue surrounding privilege
escalation in XML-RPC. He also found and disclosed an issue around privilege
escalation around post commenting via XML-RPC. * Props to Omar Ganiev who
reported a method where a DoS attack could lead to RCE. * Thanks to Karim El
Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. *
Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a
method to bypass protected meta that could lead to arbitrary file deletion. *
Thanks to Erwan LR from WPScan who responsibly disclosed a method that could
lead to CSRF. * And a special thanks to @zieladam who was integral in many of
the releases and patches during this release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 30 2020 Remi Collet <remi(a)remirepo.net> - 5.5.2-1
- WordPress 5.5.2 Security and Maintenance Release
--------------------------------------------------------------------------------