The following Fedora 31 Security updates need testing: Age URL 45 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31 nodejs-12.18.4-1.fc31 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd freetype-2.10.0-4.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727 kata-ksm-throttler-1.11.1-1.fc31.1 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7 kata-osbuilder-1.11.1-1.fc31.1 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44 arpwatch-2.1a15-48.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87 kata-shim-1.11.1-1.fc31.1 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889 pngcheck-2.3.0-3.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8 chromium-86.0.4240.111-1.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be community-mysql-8.0.22-1.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1 blueman-2.1.4-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3 thunderbird-78.4.0-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0ea9e2d33 mariadb-10.3.25-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf41fcdeba libntlm-1.6-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-477b00a4d8 libtpms-0.7.4-0.20201031git2452a24dab.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-53773f4954 mujs-1.0.9-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved: Age URL 83 https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001 libunwind-1.3.1-7.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d ceph-14.2.12-1.fc31 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156 linux-firmware-20201022-113.fc31 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd freetype-2.10.0-4.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b nfs-utils-2.5.2-0.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3 thunderbird-78.4.0-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-eeb0523bd0 mtools-4.0.25-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c635688f4e libbluray-1.2.1-2.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-871455fdcf firefox-82.0.2-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
R-backports-1.2.0-1.fc31 R-tinytex-0.27-1.fc31 composer-1.10.17-1.fc31 cups-filters-1.28.5-1.fc31 easyrpg-player-0.6.2.3-1.fc31 flmsg-4.0.17-1.fc31 netdata-1.26.0-2.fc31 python-colcon-ed-0.1.2-1.fc31 python-vcstool-0.2.15-1.fc31 rr-5.4.0-1.fc31 vim-8.2.1941-1.fc31 wordpress-5.5.3-1.fc31
Details about builds:
================================================================================ R-backports-1.2.0-1.fc31 (FEDORA-2020-c61bfa61ea) Reimplementations of Functions Introduced Since R-3.0.0 -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.2.0-1 - Update to latest version (#1893872) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1893872 - R-backports-1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1893872 --------------------------------------------------------------------------------
================================================================================ R-tinytex-0.27-1.fc31 (FEDORA-2020-becaf2f5aa) Helper Functions to Install and Maintain TeX Live, and Compile LaTeX Documents -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 1 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.27-1 - Update to latest version (#1893509) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1893509 - R-tinytex-0.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1893509 --------------------------------------------------------------------------------
================================================================================ composer-1.10.17-1.fc31 (FEDORA-2020-a143987f34) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.10.17** - 2020-10-30 * Fixed Bitbucket API authentication issue * Fixed parsing of Composer 2 lock files breaking in some rare conditions ---- **Version 1.10.16** - 2020-10-24 * Added warning to `validate` command for cases where packages provide/replace a package that they also require * Fixed JSON schema validation issue with PHPStorm * Fixed symlink handling in `archive` command -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Remi Collet remi@remirepo.net - 1.10.17-1 - update to 1.10.17 * Sun Oct 25 2020 Remi Collet remi@remirepo.net - 1.10.16-1 - update to 1.10.16 --------------------------------------------------------------------------------
================================================================================ cups-filters-1.28.5-1.fc31 (FEDORA-2020-d1a62979ee) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information:
1.28.5, 1881365 - cups-browsed crashing ---- 1891720 - foomatic-rip files up /var/spool/tmp with temporary files -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Zdenek Dohnal zdohnal@redhat.com - 1.28.5-1 - 1.28.5, 1881365 - cups-browsed crashing * Tue Sep 29 2020 Zdenek Dohnal zdohnal@redhat.com - 1.28.2-3 - 1891720 - foomatic-rip files up /var/spool/tmp with temporary files -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1881365 - cups-browsed crashing https://bugzilla.redhat.com/show_bug.cgi?id=1881365 [ 2 ] Bug #1891720 - None https://bugzilla.redhat.com/show_bug.cgi?id=1891720 --------------------------------------------------------------------------------
================================================================================ easyrpg-player-0.6.2.3-1.fc31 (FEDORA-2020-bac2896a2b) Game interpreter for RPG Maker 2000/2003 and EasyRPG games -------------------------------------------------------------------------------- Update Information:
Update to v0.6.2.3 -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Artur Frenszek-Iwicki fedora@svgames.pl - 0.6.2.3-1 - Update to v0.6.2.3 - Drop Patch2 (build static library - now default) - Drop Patch3 (Freetype & Harfbuzz circular dependency - accepted upstream) - Drop Patch4 (man page install issues - accepted upstream) - Cherry-pick an upstream PR for installing the bash-completion file --------------------------------------------------------------------------------
================================================================================ flmsg-4.0.17-1.fc31 (FEDORA-2020-e506c87b77) Fast Light Message Amateur Radio Forms Manager -------------------------------------------------------------------------------- Update Information:
Version 4.0.17 * Maintenance release Seg fault on Send bug * test for empty string in arq log Memory leaks * fix memory leaks in following source files - csv.cxx - custom.cxx - flmsg.cxx - transfer.cxx - parse_xml.cxx - status.cxx Bug fixes courtesy of Richard Shaw, Fedora maintainer. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 7 2020 Richard Shaw hobbes1069@gmail.com - 4.0.17-1 - Update to 4.0.17. * Tue Aug 18 2020 Jeff Law law@redhat.com - 4.0.16-4 - Force C++14 as this code is not C++17 ready * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 4.0.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1877155 - flmsg-4.0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1877155 --------------------------------------------------------------------------------
================================================================================ netdata-1.26.0-2.fc31 (FEDORA-2020-a7a810e7d7) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information:
Fix wrong drop for el6 support -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Didier Fabert didier.fabert@gmail.com 1.26.0-2 - Fix wrong drop for el6 support - Fix tmpfiles (from /var/run to /run) - Minors changes in netdata.conf * Sun Nov 1 2020 Didier Fabert didier.fabert@gmail.com 1.26.0-1 - Update from upstream * Tue Sep 22 2020 Didier Fabert didier.fabert@gmail.com 1.25.0-1 - Update from upstream - Drop el6 support * Thu Aug 13 2020 Didier Fabert didier.fabert@gmail.com 1.24.0-1 - Update from upstream * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.23.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858056 - netdata-1.26.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858056 --------------------------------------------------------------------------------
================================================================================ python-colcon-ed-0.1.2-1.fc31 (FEDORA-2020-3dedaea750) Extension for colcon to edit a file within a package -------------------------------------------------------------------------------- Update Information:
Update to the latest `colcon-ed` release -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Scott K Logan logans@cottsay.net - 0.1.2-1 - Update to 0.1.2 (rhbz#1893555) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1893555 - python-colcon-ed-0.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1893555 --------------------------------------------------------------------------------
================================================================================ python-vcstool-0.2.15-1.fc31 (FEDORA-2020-dfb1339c57) Tool to invoke vcs commands on multiple repositories -------------------------------------------------------------------------------- Update Information:
Update to the latest `vcstool` release -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Scott K Logan logans@cottsay.net - 0.2.15-1 - Update to 0.2.15 (rhbz#1891662) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891662 - python-vcstool-0.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1891662 --------------------------------------------------------------------------------
================================================================================ rr-5.4.0-1.fc31 (FEDORA-2020-3f85ac2c57) Tool to record and replay execution of applications -------------------------------------------------------------------------------- Update Information:
rr-5.4.0 release includes initial support for some AMD Zen and Zen 2 processors. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 William Cohen wcohen@redhat.com - 5.4.0-1 - Rebase to rr-5.4.0. --------------------------------------------------------------------------------
================================================================================ vim-8.2.1941-1.fc31 (FEDORA-2020-2f6168af2a) The VIM editor -------------------------------------------------------------------------------- Update Information:
The newest upstream commit -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 2 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1941-1 - patchlevel 1941 * Mon Nov 2 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1885-2 - move vim.fish to vendor_functions.d * Thu Oct 22 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1885-1 - patchlevel 1885 * Mon Oct 19 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1815-2 - vim.sh, vim.csh, vim.fish - drop 'which', use 'command' * Thu Oct 15 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1815-2 - vim-default-editor.fish - dont give EDITOR universal scope - vim.sh, vim.csh - set aliases only for OS default vi and vim - add fish profile for Vim * Mon Oct 12 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1815-2 - fix installing fish profile, set virtual provide for default editor (thanks Neal Gompa and Kamil Dudka) - set conflicts to nano-default-editor which doesnt provide system-default-editor * Fri Oct 9 2020 Pawe�� Marciniak sunwire+repo@gmail.com - 2:8.2.1815-2 - A new subpackage, set vim as a default editor. * Fri Oct 9 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1815-1 - patchlevel 1815 * Tue Oct 6 2020 Zdenek Dohnal zdohnal@redhat.com - 2:8.2.1805-1 - patchlevel 1805 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1892465 - Fish functions should go in vendor_functions.d, not vendor_conf.d https://bugzilla.redhat.com/show_bug.cgi?id=1892465 --------------------------------------------------------------------------------
================================================================================ wordpress-5.5.3-1.fc31 (FEDORA-2020-15e15c35da) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 5.5.3 Maintenance Release** This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- **WordPress 5.5.2 Security and Maintenance Release** **Security Updates** * Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests. * Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network. * Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables. * Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC. * Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE. * Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. * Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion. * Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF. * And a special thanks to @zieladam who was integral in many of the releases and patches during this release. -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 31 2020 Remi Collet remi@remirepo.net - 5.5.3-1 - WordPress 5.5.3 Maintenance Release * Fri Oct 30 2020 Remi Collet remi@remirepo.net - 5.5.2-1 - WordPress 5.5.2 Security and Maintenance Release --------------------------------------------------------------------------------