The following Fedora 30 Security updates need testing:
Age URL
59
https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f
libarchive-3.3.3-7.fc30
27
https://bodhi.fedoraproject.org/updates/FEDORA-2019-297a9f4aa5
python3-3.7.6-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d0d9ad17d8
python-pip-19.0.3-6.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6cd410d9e4
libvpx-1.8.2-1.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4355ea258e
chromium-79.0.3945.117-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc41c28f86
thunderbird-enigmail-2.1.5-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9254bf8b94 nss-3.49.0-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d18d24c943
thunderbird-68.4.1-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9f8bc040c8
elog-3.1.4-1.20190113git283534d97d5a.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2d9a75fadb xen-4.11.3-3.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c2d89d14d0
kernel-5.4.12-100.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-cd9ec9d660
community-mysql-8.0.19-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6a2824178e
transfig-3.2.7b-1.fc30 xfig-3.2.7b-1.fc30
The following Fedora 30 Critical Path updates have yet to be approved:
Age URL
191
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1
dash-0.5.10.2-3.fc30
59
https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f
libarchive-3.3.3-7.fc30
27
https://bodhi.fedoraproject.org/updates/FEDORA-2019-297a9f4aa5
python3-3.7.6-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d3a71a166f
binutils-2.31.1-37.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d0d9ad17d8
python-pip-19.0.3-6.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-82a58b2e31
glusterfs-6.7-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b820ce49b
python-rpm-macros-3-44.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-441bf8d014
perl-Encode-3.02-11.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-29073ea6fe
hwdata-0.331-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8e66ef0dfe
fwupd-1.2.12-1.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6cd410d9e4
libvpx-1.8.2-1.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e87b795b46
elfutils-0.178-7.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b91883dee5 vim-8.2.109-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-211f579cec ethtool-5.4-1.fc30
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc900549bd
appstream-data-30-11.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2d9a75fadb xen-4.11.3-3.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d18d24c943
thunderbird-68.4.1-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e3adf88ba7 grub2-2.02-88.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1bf28d7626 pcre2-10.34-4.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9254bf8b94 nss-3.49.0-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-067347e8f7
tigervnc-1.10.1-2.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-384545235e
selinux-policy-3.14.3-55.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4cee2fc1e7
firefox-72.0.1-2.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-66c974fdb6 dnf-4.2.18-1.fc30
dnf-plugins-core-4.0.13-1.fc30 libdnf-0.43.1-1.fc30 microdnf-3.4.0-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c2d89d14d0
kernel-5.4.12-100.fc30
The following builds have been pushed to Fedora 30 updates-testing
avogadro-1.2.0-28.fc30
copr-backend-1.131-1.fc30
copr-frontend-1.161-1.fc30
e2fsprogs-1.44.6-2.fc30
elementary-terminal-5.5.1-1.fc30
freecad-0.18.4-5.fc30
fuse-overlayfs-0.7.4-2.fc30
gsequencer-3.0.4-0.fc30
hw-probe-1.5-1.fc30
i-nex-7.6.1-1.fc30
libcpuid-0.4.1-1.fc30
mingw-openjpeg2-2.3.1-5.fc30
mingw-podofo-0.9.6-13.fc30
numix-icon-theme-circle-0.1.0-26.20191227.gitcc59306.fc30
numix-icon-theme-square-0.1.0-11.20191227.git6702bc0.fc30
openjpeg2-2.3.1-4.fc30
perl-Net-Facebook-Oauth2-0.11-2.fc30
perl-Time-Fake-0.11-2.fc30
perl-autodie-2.32-1.fc30
php-pecl-igbinary-3.1.1-1.fc30
podofo-0.9.6-9.fc30
python-reportlab-3.5.34-2.fc30
rubygem-rouge-3.15.0-1.fc30
upx-3.95-5.fc30
wireguard-tools-1.0.20200102-1.fc30
Details about builds:
================================================================================
avogadro-1.2.0-28.fc30 (FEDORA-2020-398a99a935)
An advanced molecular editor for chemical purposes
--------------------------------------------------------------------------------
Update Information:
New rebuilds
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2019 Antonio Trande <sagitter(a)fedoraproject.org> - 1.2.0-28
- Fix desktop file's categories
- Remove rpmmoved files
* Fri Nov 15 2019 Antonio Trande <sagitter(a)fedoraproject.org> - 1.2.0-27
- Remove all Python2 references
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.0-26
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1782129 - After installing avogadro, there are unresolvable dependency issues
when updating
https://bugzilla.redhat.com/show_bug.cgi?id=1782129
[ 2 ] Bug #1792202 - Avogadro needs to be rebuilt in f31
https://bugzilla.redhat.com/show_bug.cgi?id=1792202
--------------------------------------------------------------------------------
================================================================================
copr-backend-1.131-1.fc30 (FEDORA-2020-9856a49a80)
Backend for Copr
--------------------------------------------------------------------------------
Update Information:
copr-frontend - don't cache some.repo with some.repo?arch=X - put cost=1100 to
multilib repo - put arch into multilib repo name - manage.py: propagate return
values to cmdline - backend: fix multi-build delete - add migration to drop PG-
only functions - cache Build.status at runtime - faster <project>/builds query -
faster <project>/packages query - check alembic scripts automatically by
run_tests.sh - adds 24h and 90d graphs for actions - sort recent tasks after
caching again - don't traceback for invalid copr:// repos - removes unnecessary
imports of flask-script - cache repository contents - packages does not need to
be online copr-backend - put build-ID.log file to resultdir - call
call_copr_repo if initial createrepo failed - Build Dispatcher does not wait
forever till repo is created, it creates it manually - properly delete logs for
old builds - delete build-ID.log files again - edit repositories only by new
'copr-repo' tool - fix multi-build delete - fix for not saving end time of
actions - lower traffic in build_dispatcher log - more resilient redis logging -
attempt to publish on msgbus N-times - log service: move RequiredBy to [Install]
- keep worker ID in proc title
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2020 Tomas Hrnciar <thrnciar(a)redhat.com> 1.131-1
- put build-ID.log file to resultdir
- call call_copr_repo if initial createrepo failed
- Build Dispatcher does not wait forever till repo is created,
it creates it manually
- properly delete logs for old builds
- delete build-ID.log files again
- edit repositories only by new 'copr-repo' tool
- fix multi-build delete
- fix for not saving end time of actions
- lower traffic in build_dispatcher log
- more resilient redis logging
- attempt to publish on msgbus N-times
- log service: move RequiredBy to [Install]
- keep worker ID in proc title
--------------------------------------------------------------------------------
================================================================================
copr-frontend-1.161-1.fc30 (FEDORA-2020-9856a49a80)
Frontend for Copr
--------------------------------------------------------------------------------
Update Information:
copr-frontend - don't cache some.repo with some.repo?arch=X - put cost=1100 to
multilib repo - put arch into multilib repo name - manage.py: propagate return
values to cmdline - backend: fix multi-build delete - add migration to drop PG-
only functions - cache Build.status at runtime - faster <project>/builds query -
faster <project>/packages query - check alembic scripts automatically by
run_tests.sh - adds 24h and 90d graphs for actions - sort recent tasks after
caching again - don't traceback for invalid copr:// repos - removes unnecessary
imports of flask-script - cache repository contents - packages does not need to
be online copr-backend - put build-ID.log file to resultdir - call
call_copr_repo if initial createrepo failed - Build Dispatcher does not wait
forever till repo is created, it creates it manually - properly delete logs for
old builds - delete build-ID.log files again - edit repositories only by new
'copr-repo' tool - fix multi-build delete - fix for not saving end time of
actions - lower traffic in build_dispatcher log - more resilient redis logging -
attempt to publish on msgbus N-times - log service: move RequiredBy to [Install]
- keep worker ID in proc title
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2020 Pavel Raiskup <praiskup(a)redhat.com> 1.161-1
- memory optimize /packages/ and /builds/ routes
* Wed Jan 15 2020 Tomas Hrnciar <thrnciar(a)redhat.com> 1.160-1
- don't cache some.repo with some.repo?arch=X
- put cost=1100 to multilib repo
- put arch into multilib repo name
- manage.py: propagate return values to cmdline
- backend: fix multi-build delete
- add migration to drop PG-only functions
- cache Build.status at runtime
- faster <project>/builds query
- faster <project>/packages query
- check alembic scripts automatically by run_tests.sh
- adds 24h and 90d graphs for actions
- sort recent tasks after caching again
- don't traceback for invalid copr:// repos
- removes unnecessary imports of flask-script
- cache repository contents
- packages does not need to be online
--------------------------------------------------------------------------------
================================================================================
e2fsprogs-1.44.6-2.fc30 (FEDORA-2020-01ed02451f)
Utilities for managing ext2, ext3, and ext4 file systems
--------------------------------------------------------------------------------
Update Information:
Fix a potential out of bounds write when checking a maliciously corrupted file
system. This is probably not exploitable on 64-bit platforms, but may be
exploitable on 32-bit binaries depending on how the compiler lays out the stack
variables. (Addresses CVE-2019-5188) A maliciously corrupted file systems can
trigger buffer overruns in the quota code used by e2fsck. (Addresses
CVE-2019-5094) Fix potential use after free in calculate_tree()
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2020 Lukas Czerner <lczerner(a)redhat.com> 1.44.6-2
- Prevent buffer overrun bugs in quota code (#1792192)
- Fix code execution vulnerability in directory rehashing (#1792193)
- Fix use-after-free in calculate_tree
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1792192 - CVE-2019-5094 e2fsprogs: crafted ext4 partition leads to
out-of-bounds write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792192
[ 2 ] Bug #1792193 - CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792193
--------------------------------------------------------------------------------
================================================================================
elementary-terminal-5.5.1-1.fc30 (FEDORA-2020-6a864ed16f)
The terminal of the 21st century
--------------------------------------------------------------------------------
Update Information:
Update to version 5.5.1. Release notes:
https://github.com/elementary/terminal/releases/tag/5.5.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Fabio Valentini <decathorpe(a)gmail.com> - 5.5.1-1
- Update to version 5.5.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1790032 - elementary-terminal-5.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1790032
--------------------------------------------------------------------------------
================================================================================
freecad-0.18.4-5.fc30 (FEDORA-2020-6840f47e41)
A general purpose 3D CAD modeler
--------------------------------------------------------------------------------
Update Information:
Revert back to Coin3.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2020 Richard Shaw <hobbes1069(a)gmail.com> - 1:0.18.4-5
- Move < f32 back to Coin3.
* Thu Jan 9 2020 Richard Shaw <hobbes1069(a)gmail.com> - 1:0.18.4-4
- Rebuild for Qt/PySide 5.13.2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1788682 - FreeCAD crash
https://bugzilla.redhat.com/show_bug.cgi?id=1788682
[ 2 ] Bug #1787265 - FreeCAD crashes when creating a sketch
https://bugzilla.redhat.com/show_bug.cgi?id=1787265
[ 3 ] Bug #1789453 - Cannot install freecad 0.18.4
https://bugzilla.redhat.com/show_bug.cgi?id=1789453
--------------------------------------------------------------------------------
================================================================================
fuse-overlayfs-0.7.4-2.fc30 (FEDORA-2020-9a9a1ce269)
FUSE overlay+shiftfs implementation for rootless containers
--------------------------------------------------------------------------------
Update Information:
Autobuilt v0.7.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 0.7.4-2
- bump to v0.7.4
- autobuilt 1a1c42a
* Thu Jan 9 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 0.7.3-2
- bump to v0.7.3
- autobuilt e01ba30
--------------------------------------------------------------------------------
================================================================================
gsequencer-3.0.4-0.fc30 (FEDORA-2020-71a88e31c8)
Audio processing engine
--------------------------------------------------------------------------------
Update Information:
dropped gsequencer.0-makefile-am.patch
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Jo��l Kr��hemann <jkraehemann(a)gmail.com> 3.0.4-0
- dropped gsequencer.0-makefile-am.patch
- updated build requires gtk2 to gtk3
- additional build requires webkit2gtk3, libsoup and
gobject-introspection-devel
- edited configure variables
- edited make install target
--------------------------------------------------------------------------------
================================================================================
hw-probe-1.5-1.fc30 (FEDORA-2020-57fae7a79b)
Check operability of computer hardware and find drivers
--------------------------------------------------------------------------------
Update Information:
Update to 1.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2020 Andrey Ponomarenko <andrewponomarenko(a)yandex.ru> - 1.5-1
- Update to 1.5
* Mon Oct 7 2019 Andrey Ponomarenko <andrewponomarenko(a)yandex.ru> - 1.4-15
- Support for EL-8
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
i-nex-7.6.1-1.fc30 (FEDORA-2020-fbef547947)
System information tool like hardinfo, sysinfo
--------------------------------------------------------------------------------
Update Information:
Update to 7.6.1-1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 7.6.1-1
- Update to 7.6.1
--------------------------------------------------------------------------------
================================================================================
libcpuid-0.4.1-1.fc30 (FEDORA-2020-13377b6943)
Provides CPU identification for x86
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.1-1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 0.4.1-1
- Update to 0.4.1
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.4.0-8.20171023git2f10315
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mingw-openjpeg2-2.3.1-5.fc30 (FEDORA-2020-6c8804daaa)
MinGW Windows openjpeg2 library
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2020-6851.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Sandro Mani <manisandro(a)gmail.com> - 2.3.1-5
- Backport patch for CVE 2020-6851
* Tue Oct 8 2019 Sandro Mani <manisandro(a)gmail.com> - 2.3.1-4
- Rebuild (Changes/Mingw32GccDwarf2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1790513 - CVE-2020-6851 openjpeg2: openjpeg: a heap-based buffer overflow in
opj_t1_clbl_decode_processor in libopenjp2.so [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1790513
--------------------------------------------------------------------------------
================================================================================
mingw-podofo-0.9.6-13.fc30 (FEDORA-2020-968a89619e)
MinGW Windows podofo library
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2019-20093.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Sandro Mani <manisandro(a)gmail.com> - 0.9.6-13
- Add patch for CVE-2019-20093
* Tue Oct 8 2019 Sandro Mani <manisandro(a)gmail.com> - 0.9.6-12
- Rebuild (Changes/Mingw32GccDwarf2)
* Tue Aug 27 2019 Sandro Mani <manisandro(a)gmail.com> - 0.9.6-11
- Rebuild (libidn)
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1792346 - CVE-2019-20093 podofo: NULL pointer dereference in
PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792346
[ 2 ] Bug #1792345 - CVE-2019-20093 mingw-podofo: podofo: NULL pointer dereference in
PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792345
--------------------------------------------------------------------------------
================================================================================
numix-icon-theme-circle-0.1.0-26.20191227.gitcc59306.fc30 (FEDORA-2020-7f9f22a6e7)
Numix Project circle icon theme
--------------------------------------------------------------------------------
Update Information:
Update to release 19.12.27
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2020 Brendan Early <mymindstorm(a)evermiss.net> -
0.1.0-26.20191227.gitcc59306
- Update to release 19.12.27
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786905 - numix-icon-theme-square-19.12.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1786905
[ 2 ] Bug #1786904 - numix-icon-theme-circle-19.12.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1786904
--------------------------------------------------------------------------------
================================================================================
numix-icon-theme-square-0.1.0-11.20191227.git6702bc0.fc30 (FEDORA-2020-7f9f22a6e7)
Numix Project square icon theme
--------------------------------------------------------------------------------
Update Information:
Update to release 19.12.27
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2020 Brendan Early <mymindstorm(a)evermiss.net> -
0.1.0-11.20191227.git6702bc0
- Update to release 19.12.27
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786905 - numix-icon-theme-square-19.12.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1786905
[ 2 ] Bug #1786904 - numix-icon-theme-circle-19.12.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1786904
--------------------------------------------------------------------------------
================================================================================
openjpeg2-2.3.1-4.fc30 (FEDORA-2020-6c8804daaa)
C-Library for JPEG 2000
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2020-6851.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Sandro Mani <manisandro(a)gmail.com> - 2.3.1-4
- Backport patch for CVE 2020-6851
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1790513 - CVE-2020-6851 openjpeg2: openjpeg: a heap-based buffer overflow in
opj_t1_clbl_decode_processor in libopenjp2.so [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1790513
--------------------------------------------------------------------------------
================================================================================
perl-Net-Facebook-Oauth2-0.11-2.fc30 (FEDORA-2020-084b2bb3b0)
Simple Perl wrapper around Facebook OAuth 2.0 protocol
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Xavier Bachelot <xavier(a)bachelot.org> 0.11-2
- Fix Source0 URL.
- Add missing BR:s.
- Replace PERL_INSTALL_ROOT with DESTDIR.
- Use %{?perl_default_filter} macro.
* Thu Nov 7 2019 Xavier Bachelot <xavier(a)bachelot.org> 0.11-1
- Initial package.
--------------------------------------------------------------------------------
================================================================================
perl-Time-Fake-0.11-2.fc30 (FEDORA-2020-7601657068)
Simulate different times without changing your system clock
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Xavier Bachelot <xavier(a)bachelot.org> 0.11-2
- Review fixes.
* Tue Jan 7 2020 Xavier Bachelot <xavier(a)bachelot.org> 0.11-1
- Initial package.
--------------------------------------------------------------------------------
================================================================================
perl-autodie-2.32-1.fc30 (FEDORA-2020-f4b7abb911)
Replace functions with ones that succeed or die
--------------------------------------------------------------------------------
Update Information:
This release corrects tests.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Petr Pisar <ppisar(a)redhat.com> - 2.32-1
- 2.32 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1791932 - perl-autodie-2.32 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1791932
--------------------------------------------------------------------------------
================================================================================
php-pecl-igbinary-3.1.1-1.fc30 (FEDORA-2020-6cd8a276d9)
Replacement for the standard PHP serializer
--------------------------------------------------------------------------------
Update Information:
**Version 3.1.1** * Fix bug causing incorrect serialization for 1 in 2**32
strings on 64-bit php installations when string hashes collide.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Remi Collet <remi(a)remirepo.net> - 3.1.1-1
- update to 3.1.1
--------------------------------------------------------------------------------
================================================================================
podofo-0.9.6-9.fc30 (FEDORA-2020-968a89619e)
Tools and libraries to work with the PDF file format
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2019-20093.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Sandro Mani <manisandro(a)gmail.com> - 0.9.6-9
- Add patch for CVE-2019-20093
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1792346 - CVE-2019-20093 podofo: NULL pointer dereference in
PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792346
[ 2 ] Bug #1792345 - CVE-2019-20093 mingw-podofo: podofo: NULL pointer dereference in
PoDoFo::PdfVariant::DelayedLoad in PdfVariant.h [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792345
--------------------------------------------------------------------------------
================================================================================
python-reportlab-3.5.34-2.fc30 (FEDORA-2020-d2fb999600)
Library for generating PDFs and graphics
--------------------------------------------------------------------------------
Update Information:
Release 3.5.34
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Antonio Trande <sagitter(a)fedoraproject.org> - 3.5.34-2
- Fix permissions
* Tue Jan 14 2020 Antonio Trande <sagitter(a)fedoraproject.org> - 3.5.34-1
- Release 3.5.34
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769662 - CVE-2019-17626 python-reportlab: code injection in colors.py allows
attacker to execute code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769662
[ 2 ] Bug #1790822 - python-reportlab-3.5.34 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1790822
--------------------------------------------------------------------------------
================================================================================
rubygem-rouge-3.15.0-1.fc30 (FEDORA-2020-d827a09342)
Pure-ruby colorizer based on pygments
--------------------------------------------------------------------------------
Update Information:
Update to version 3.15.0. Release notes:
https://github.com/rouge-
ruby/rouge/releases/tag/v3.15.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Fabio Valentini <decathorpe(a)gmail.com> - 3.15.0-1
- Update to version 3.15.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1791090 - rubygem-rouge-3.15.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1791090
--------------------------------------------------------------------------------
================================================================================
upx-3.95-5.fc30 (FEDORA-2020-1708444aa0)
Ultimate Packer for eXecutables
--------------------------------------------------------------------------------
Update Information:
Patch for CVE-2019-20021
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 17 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 3.95-5
- Upstream patch for CVE-2019-20021
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1792327 - CVE-2019-20021 upx: heap-based buffer overflow in canUnpack in
p_mach.cpp [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792327
[ 2 ] Bug #1792329 - CVE-2019-20021 upx: heap-based buffer overflow in canUnpack in
p_mach.cpp [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1792329
[ 3 ] Bug #1792328 - CVE-2019-20021 upx: heap-based buffer overflow in canUnpack in
p_mach.cpp [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792328
--------------------------------------------------------------------------------
================================================================================
wireguard-tools-1.0.20200102-1.fc30 (FEDORA-2020-dd1ba5739e)
Fast, modern, secure VPN tunnel
--------------------------------------------------------------------------------
Update Information:
Initial update for wireguard-tools
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 2 2020 Joe Doss <joe(a)solidadmin.com> - 1.0.20200102-1
- Update to 1.0.20200102
- Remove patch to fix dns-hatchet path
* Thu Dec 26 2019 Joe Doss <joe(a)solidadmin.com> - 1.0.20191226-1
- Update to 1.0.20191226
- Split wireguard-tools back into it's own spec file
- Add in patch to fix dns-hatchet path
* Mon Oct 14 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20191012-1
- Update to 0.0.20191012
* Mon Sep 16 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190913-1
- Update to 0.0.20190913
* Mon Sep 9 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190905-1
- Update to 0.0.20190905
* Tue Jul 2 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190702-1
- Update to 0.0.20190702
* Sat Jun 1 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190601-1
- Update to 0.0.20190601
* Fri May 31 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190531-1
- Update to 0.0.20190531
* Sat Apr 6 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190406-1
- Update to 0.0.20190406
* Wed Feb 27 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190227-1
- Update to 0.0.20190227
* Thu Jan 24 2019 Joe Doss <joe(a)solidadmin.com> - 0.0.20190123-1
- Update to 0.0.20190123
* Wed Dec 19 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20181218-1
- Update to 0.0.20181218
* Thu Nov 15 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20181115-1
- Update to 0.0.20181115
* Sun Oct 14 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20181018-1
- Update to 0.0.20181018
* Sun Oct 14 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20181007-2
- Add make as a build dependency
* Sun Oct 7 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20181007-1
- Update to 0.0.20181007
* Tue Sep 25 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180925-1
- Update to 0.0.20180925
* Tue Sep 18 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180918-2
- Add BuildRequires gcc to fix builds on F29 and Rawhide
* Tue Sep 18 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180918-1
- Update to 0.0.20180918
* Mon Sep 10 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180910-1
- Update to 0.0.20180910
* Wed Sep 5 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180904-1
- Update to 0.0.20180904
* Thu Aug 9 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180809-1
- Update to 0.0.20180809
* Sun Aug 5 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180802-1
- Update to 0.0.20180802
* Wed Jul 18 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180718-1
- Update to 0.0.20180718
* Tue Jul 10 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180708-1
- Update to 0.0.20180708
* Fri Jun 29 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180625-1
- Update to 0.0.20180625
* Wed Jun 20 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180620-1
- Update to 0.0.20180620
* Wed Jun 13 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180613-1
- Update to 0.0.20180613
* Wed May 30 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180531-1
- Update to 0.0.20180531
* Wed May 23 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180524-1
- Update to 0.0.20180524
* Thu May 17 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180519-1
- Update to 0.0.20180519
* Sun May 13 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180513-1
- Update to 0.0.20180513
- Drop support for RHEL 7.4, moving on instead to RHEL 7.5
* Fri Apr 20 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180420-1
- Update to 0.0.20180420
* Sun Apr 15 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180413-1
- Update to 0.0.20180413
* Mon Mar 5 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180304-1
- Update to 0.0.20180304
* Mon Feb 19 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180218-1
- Update to 0.0.20180218
* Sun Feb 4 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180202-1
- Update to 0.0.20180202
* Thu Jan 18 2018 Joe Doss <joe(a)solidadmin.com> - 0.0.20180118-1
- Update to 0.0.20180118
--------------------------------------------------------------------------------