The following Fedora 32 Security updates need testing:
Age URL
44
https://bodhi.fedoraproject.org/updates/FEDORA-2020-eb942ee0db libuv-1.39.0-1.fc32
nodejs-12.18.4-1.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-495c14a23f fastd-21-1.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9c2f330b5a
arpwatch-2.1a15-48.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebabb6bf76
blueman-2.1.4-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f9ee82bc5
community-mysql-8.0.22-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d67cc48dce
pngcheck-2.3.0-3.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-127d40f1ab
chromium-86.0.4240.111-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ee7c84cd7
thunderbird-78.4.0-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ded2298c25 xen-4.13.1-8.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-58b619cf00
samba-4.12.9-0.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-920a258c79
kernel-5.8.17-200.fc32
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3bc238618e
wordpress-5.5.2-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f643c272c libntlm-1.6-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-95f6a3250a
libtpms-0.7.4-0.20201031git2452a24dab.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb91bf9b8e nss-3.58.0-3.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
120
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32
24
https://bodhi.fedoraproject.org/updates/FEDORA-2020-95b9c09df2
binutils-2.34-6.fc32
17
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a27b8aedcd fedora-repos-32-10
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f9ada0f4f8 pcre-8.44-2.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b591d7878e
linux-firmware-20201022-113.fc32
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-57f9e6e50e koji-1.23.0-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-62a75b137f
webkit2gtk3-2.30.2-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9a96a4b085
nfs-utils-2.5.2-0.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-63f76b0bb8
libteam-1.31-2.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3233cba37a fwupd-1.5.0-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-082fed0894 pam-1.3.1-27.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-efbdd95dca pcre2-10.35-8.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-920a258c79
kernel-5.8.17-200.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ee7c84cd7
thunderbird-78.4.0-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e38f0e9350
mtools-4.0.25-1.fc32
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4458232d79
libbluray-1.2.1-2.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e049168198
iputils-20200821-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bb91bf9b8e nss-3.58.0-3.fc32
The following builds have been pushed to Fedora 32 updates-testing
Thunar-1.8.16-1.fc32
cmst-2020.11.01-1.fc32
drawing-0.6.3-1.fc32
freeipa-fas-0.0.4-1.fc32
i3lock-2.13-1.fc32
mednafen-1.26.0-0.1.UNSTABLE.fc32
mujs-1.0.9-1.fc32
pg-semver-0.31.0-1.fc32
pipewire-0.3.14-2.fc32
python-sqlalchemy-1.3.20-1.fc32
tinyfugue-5.0-0.100.b8.fc32
vdr-epg-daemon-1.1.165-1.fc32
wlcs-1.2.0-1.fc32
xfwm4-4.14.6-1.fc32
Details about builds:
================================================================================
Thunar-1.8.16-1.fc32 (FEDORA-2020-8b3e722296)
Thunar File Manager
--------------------------------------------------------------------------------
Update Information:
Update thunar to 1.8.16 and xfwm4 to 4.14.6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 1.8.16-1
- Update to 1.8.16
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.15-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.15-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cmst-2020.11.01-1.fc32 (FEDORA-2020-5edc807f97)
A Qt based GUI front end for the connman connection manager with systemtray icon
--------------------------------------------------------------------------------
Update Information:
Update to 2020.11.01
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 2020.11.01-1
- Update to 2020.11.01-1
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
2020.05.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893502 - cmst-2020.11.01 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893502
--------------------------------------------------------------------------------
================================================================================
drawing-0.6.3-1.fc32 (FEDORA-2020-5281300997)
Drawing application for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.3
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.6.3-1
- build(update): 0.6.3
--------------------------------------------------------------------------------
================================================================================
freeipa-fas-0.0.4-1.fc32 (FEDORA-2020-a94058429d)
Fedora Account System extension for FreeIPA
--------------------------------------------------------------------------------
Update Information:
Initial packaging of `freeipa-fas` extension for FreeIPA
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893207 - Review Request: freeipa-fas - Fedora Account System extension for
FreeIPA
https://bugzilla.redhat.com/show_bug.cgi?id=1893207
--------------------------------------------------------------------------------
================================================================================
i3lock-2.13-1.fc32 (FEDORA-2020-4f65d391a6)
Simple X display locker like slock
--------------------------------------------------------------------------------
Update Information:
New upstream release 2.13
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 2.13-1
- New upstream release 2.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891727 - i3lock-2.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891727
--------------------------------------------------------------------------------
================================================================================
mednafen-1.26.0-0.1.UNSTABLE.fc32 (FEDORA-2020-ed931c24c7)
A multi-system emulator utilizing OpenGL and SDL
--------------------------------------------------------------------------------
Update Information:
An update to the latest upstream release: *
https://forum.fobby.net/index.php?t=msg&th=1950
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Julian Sikorski <belegdol(a)fedoraproject.org> -
1.26.0-0.1.UNSTABLE
- Update to 1.26.0-UNSTABLE
* Thu Aug 20 2020 Jeff Law <law(a)redhat.com> - 1.25.0-0.2.UNSTABLE
- Re-enable LTO
--------------------------------------------------------------------------------
================================================================================
mujs-1.0.9-1.fc32 (FEDORA-2020-496ab4615a)
An embeddable Javascript interpreter
--------------------------------------------------------------------------------
Update Information:
A new version of mujs is now available for Fedora and EPEL. Besides generic
enhancements and bugfixes, this release also fixes three tracked security
issues: CVE-2019-11411, CVE-2019-11412 and CVE-2019-11413.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 31 2020 Petr ��abata <contyk(a)redhat.com> - 1.0.9-1
- 1.0.9 bump
- Addresses CVE-2019-11411, CVE-2019-11412 and CVE-2019-11413
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1873066 - CVE-2019-11413 mujs: DoS in regexp.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873066
[ 2 ] Bug #1873067 - CVE-2019-11413 mujs: DoS in regexp.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873067
[ 3 ] Bug #1873072 - CVE-2019-11412 mujs: DoS in jscompile.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873072
[ 4 ] Bug #1873073 - CVE-2019-11412 mujs: DoS in jscompile.c [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873073
[ 5 ] Bug #1873077 - CVE-2019-11411 mujs: stack-based buffer overflow in jsnumber.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1873077
[ 6 ] Bug #1873078 - CVE-2019-11411 mujs: stack-based buffer overflow in jsnumber.c
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=1873078
--------------------------------------------------------------------------------
================================================================================
pg-semver-0.31.0-1.fc32 (FEDORA-2020-6a1a2c6356)
A semantic version data type for PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.31.0 -
https://github.com/theory/pg-
semver/releases/tag/v0.31.0 Changes: ``` - Added a workaround for an LLVM
bitcode compile error. Thanks to @mark-s-a for the report (#40). - Removed
--load-language from the options for running the tests, as it has not been
needed since 9.1, we support 9.2 and higher, and it has been removed from
Postgres 13. - Fixed an a collation error on Postgres 12 and higher. Thanks to
Andrew for Marc Munro for the report and to Andrew Gierth for the fix
(pgxn/pgxn-manager#67). - Prerelease parts are now compared in ASCII sort order
as specified by the spec, no longer case-insensitively. This is a breaking
change in the sense that 1.0.0-rc1 will now be considered greater than 1.0.0-RC1
rather than equivalent, but they're both still valid. See semver/semver#176 for
the relevant discussion. Thanks to Andrew Gierth for the spot! ```
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Kutlak <mkfedora(a)fedoraproject.org> - 0.31.0-1
- Update to 0.31.0
--------------------------------------------------------------------------------
================================================================================
pipewire-0.3.14-2.fc32 (FEDORA-2020-51c03059c6)
Media Sharing Server
--------------------------------------------------------------------------------
Update Information:
Add some pulse server patches ---- Update to 0.3.14
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Wim Taymans <wtaymans(a)redhat.com> - 0.3.14-2
- Add some pulse server patches
* Fri Oct 30 2020 Wim Taymans <wtaymans(a)redhat.com> - 0.3.14-1
- Update to 0.3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1827698 - [abrt] pipewire: spa_list_remove(): pipewire-media-session killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1827698
[ 2 ] Bug #1833797 - [abrt] pipewire: alsa_on_timeout_event(): pipewire killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1833797
[ 3 ] Bug #1884847 - [abrt] pipewire: spa_hook_list_append(): pipewire-media-session
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1884847
--------------------------------------------------------------------------------
================================================================================
python-sqlalchemy-1.3.20-1.fc32 (FEDORA-2020-de8e2345c2)
Modular and flexible ORM library for python
--------------------------------------------------------------------------------
Update Information:
This is a bugfix and enhancement release. The upstream [announcement](https://w
ww.sqlalchemy.org/blog/2020/10/12/sqlalchemy-1.3.20-released/) summarizes and
the [
changelog](https://docs.sqlalchemy.org/en/13/changelog/changelog_13.html#ch
ange-1.3.20) contains a detailed list of changes in version 1.3.20.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Nils Philippsen <nils(a)tiptoe.de> - 1.3.20-1
- version 1.3.20
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1887611 - python-sqlalchemy-1.3.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1887611
--------------------------------------------------------------------------------
================================================================================
tinyfugue-5.0-0.100.b8.fc32 (FEDORA-2020-afe516ff23)
A MU* client
--------------------------------------------------------------------------------
Update Information:
This update introduces support for IPv6, ATCP, GMCP and OPTION102. Along with
new features this also makes tf more memory efficient and fixes documentation
typos.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Petr ��abata <contyk(a)redhat.com> - 5.0-0.100.b8
- Include current Debian and Gentoo patches
- Add ATCP, GMCP and OPT102 support
- This is a big change, bumping the release quite a bit to reflect that
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
5.0-0.36.b8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.1.165-1.fc32 (FEDORA-2020-dded1dbf49)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.165-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.165-1
- Update to 1.1.165
* Fri Aug 28 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.163-2
- Rebuilt for new VDR API version
--------------------------------------------------------------------------------
================================================================================
wlcs-1.2.0-1.fc32 (FEDORA-2020-ba3cbacf00)
Wayland Conformance Test Suite
--------------------------------------------------------------------------------
Update Information:
New incremental feature release: * Add tests for `wlr_layer_shell_unstable_v1`
* More XDG Shell tests, particularly around protocol errors, window-geometry,
and input edge-cases. * Add tests for
`wlr_foreign_toplevel_management_unstable_v1` * Many improvements to
`wl_subsurface` tests. Notably this fixes a misinterpretation of the protocol
which lead to testing incorrect behavior.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Neal Gompa <ngompa13(a)gmail.com> - 1.2.0-1
- Update to 1.2.0 (RH#1893144)
* Sat Oct 17 2020 Jeff Law <law(a)redhat.com> - 1.1.0-5
- Use reference for loop variable to avoid range-loop-construct warning
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893144 - wlcs-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893144
--------------------------------------------------------------------------------
================================================================================
xfwm4-4.14.6-1.fc32 (FEDORA-2020-8b3e722296)
Next generation window manager for Xfce
--------------------------------------------------------------------------------
Update Information:
Update thunar to 1.8.16 and xfwm4 to 4.14.6
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 4.14.6-1
- Update to 4.14.6
--------------------------------------------------------------------------------