The following Fedora 31 Security updates need testing:
Age URL
45
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31
nodejs-12.18.4-1.fc31
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727
kata-ksm-throttler-1.11.1-1.fc31.1
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7
kata-osbuilder-1.11.1-1.fc31.1
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44
arpwatch-2.1a15-48.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87
kata-shim-1.11.1-1.fc31.1
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889
pngcheck-2.3.0-3.fc31
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8
chromium-86.0.4240.111-1.fc31
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be
community-mysql-8.0.22-1.fc31
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1
blueman-2.1.4-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0ea9e2d33
mariadb-10.3.25-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf41fcdeba libntlm-1.6-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-477b00a4d8
libtpms-0.7.4-0.20201031git2452a24dab.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53773f4954 mujs-1.0.9-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved:
Age URL
83
https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001
libunwind-1.3.1-7.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d
ceph-14.2.12-1.fc31
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156
linux-firmware-20201022-113.fc31
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd
freetype-2.10.0-4.fc31
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b
nfs-utils-2.5.2-0.fc31
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-42b44971a1 xen-4.12.3-7.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1da8aa9dd3
thunderbird-78.4.0-1.fc31
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-eeb0523bd0
mtools-4.0.25-1.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a857113c7a nss-3.58.0-3.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c635688f4e
libbluray-1.2.1-2.fc31
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-871455fdcf
firefox-82.0.2-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
R-backports-1.2.0-1.fc31
R-tinytex-0.27-1.fc31
composer-1.10.17-1.fc31
cups-filters-1.28.5-1.fc31
easyrpg-player-0.6.2.3-1.fc31
flmsg-4.0.17-1.fc31
netdata-1.26.0-2.fc31
python-colcon-ed-0.1.2-1.fc31
python-vcstool-0.2.15-1.fc31
rr-5.4.0-1.fc31
vim-8.2.1941-1.fc31
wordpress-5.5.3-1.fc31
Details about builds:
================================================================================
R-backports-1.2.0-1.fc31 (FEDORA-2020-c61bfa61ea)
Reimplementations of Functions Introduced Since R-3.0.0
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.2.0-1
- Update to latest version (#1893872)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893872 - R-backports-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893872
--------------------------------------------------------------------------------
================================================================================
R-tinytex-0.27-1.fc31 (FEDORA-2020-becaf2f5aa)
Helper Functions to Install and Maintain TeX Live, and Compile LaTeX Documents
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 1 2020 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0.27-1
- Update to latest version (#1893509)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893509 - R-tinytex-0.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893509
--------------------------------------------------------------------------------
================================================================================
composer-1.10.17-1.fc31 (FEDORA-2020-a143987f34)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.10.17** - 2020-10-30 * Fixed Bitbucket API authentication issue *
Fixed parsing of Composer 2 lock files breaking in some rare conditions ----
**Version 1.10.16** - 2020-10-24 * Added warning to `validate` command for
cases where packages provide/replace a package that they also require * Fixed
JSON schema validation issue with PHPStorm * Fixed symlink handling in `archive`
command
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Remi Collet <remi(a)remirepo.net> - 1.10.17-1
- update to 1.10.17
* Sun Oct 25 2020 Remi Collet <remi(a)remirepo.net> - 1.10.16-1
- update to 1.10.16
--------------------------------------------------------------------------------
================================================================================
cups-filters-1.28.5-1.fc31 (FEDORA-2020-d1a62979ee)
OpenPrinting CUPS filters and backends
--------------------------------------------------------------------------------
Update Information:
1.28.5, 1881365 - cups-browsed crashing ---- 1891720 - foomatic-rip files up
/var/spool/tmp with temporary files
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.5-1
- 1.28.5, 1881365 - cups-browsed crashing
* Tue Sep 29 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.28.2-3
- 1891720 - foomatic-rip files up /var/spool/tmp with temporary files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1881365 - cups-browsed crashing
https://bugzilla.redhat.com/show_bug.cgi?id=1881365
[ 2 ] Bug #1891720 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1891720
--------------------------------------------------------------------------------
================================================================================
easyrpg-player-0.6.2.3-1.fc31 (FEDORA-2020-bac2896a2b)
Game interpreter for RPG Maker 2000/2003 and EasyRPG games
--------------------------------------------------------------------------------
Update Information:
Update to v0.6.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 0.6.2.3-1
- Update to v0.6.2.3
- Drop Patch2 (build static library - now default)
- Drop Patch3 (Freetype & Harfbuzz circular dependency - accepted upstream)
- Drop Patch4 (man page install issues - accepted upstream)
- Cherry-pick an upstream PR for installing the bash-completion file
--------------------------------------------------------------------------------
================================================================================
flmsg-4.0.17-1.fc31 (FEDORA-2020-e506c87b77)
Fast Light Message Amateur Radio Forms Manager
--------------------------------------------------------------------------------
Update Information:
Version 4.0.17 * Maintenance release Seg fault on Send bug * test for
empty string in arq log Memory leaks * fix memory leaks in following
source files - csv.cxx - custom.cxx - flmsg.cxx -
transfer.cxx - parse_xml.cxx - status.cxx Bug fixes courtesy of
Richard Shaw, Fedora maintainer.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 7 2020 Richard Shaw <hobbes1069(a)gmail.com> - 4.0.17-1
- Update to 4.0.17.
* Tue Aug 18 2020 Jeff Law <law(a)redhat.com> - 4.0.16-4
- Force C++14 as this code is not C++17 ready
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.16-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1877155 - flmsg-4.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1877155
--------------------------------------------------------------------------------
================================================================================
netdata-1.26.0-2.fc31 (FEDORA-2020-a7a810e7d7)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Fix wrong drop for el6 support
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.26.0-2
- Fix wrong drop for el6 support
- Fix tmpfiles (from /var/run to /run)
- Minors changes in netdata.conf
* Sun Nov 1 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.26.0-1
- Update from upstream
* Tue Sep 22 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.25.0-1
- Update from upstream
- Drop el6 support
* Thu Aug 13 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.24.0-1
- Update from upstream
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.23.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1858056 - netdata-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1858056
--------------------------------------------------------------------------------
================================================================================
python-colcon-ed-0.1.2-1.fc31 (FEDORA-2020-3dedaea750)
Extension for colcon to edit a file within a package
--------------------------------------------------------------------------------
Update Information:
Update to the latest `colcon-ed` release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Scott K Logan <logans(a)cottsay.net> - 0.1.2-1
- Update to 0.1.2 (rhbz#1893555)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1893555 - python-colcon-ed-0.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1893555
--------------------------------------------------------------------------------
================================================================================
python-vcstool-0.2.15-1.fc31 (FEDORA-2020-dfb1339c57)
Tool to invoke vcs commands on multiple repositories
--------------------------------------------------------------------------------
Update Information:
Update to the latest `vcstool` release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Scott K Logan <logans(a)cottsay.net> - 0.2.15-1
- Update to 0.2.15 (rhbz#1891662)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1891662 - python-vcstool-0.2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1891662
--------------------------------------------------------------------------------
================================================================================
rr-5.4.0-1.fc31 (FEDORA-2020-3f85ac2c57)
Tool to record and replay execution of applications
--------------------------------------------------------------------------------
Update Information:
rr-5.4.0 release includes initial support for some AMD Zen and Zen 2 processors.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 William Cohen <wcohen(a)redhat.com> - 5.4.0-1
- Rebase to rr-5.4.0.
--------------------------------------------------------------------------------
================================================================================
vim-8.2.1941-1.fc31 (FEDORA-2020-2f6168af2a)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
The newest upstream commit
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 2 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1941-1
- patchlevel 1941
* Mon Nov 2 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1885-2
- move vim.fish to vendor_functions.d
* Thu Oct 22 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1885-1
- patchlevel 1885
* Mon Oct 19 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1815-2
- vim.sh, vim.csh, vim.fish - drop 'which', use 'command'
* Thu Oct 15 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1815-2
- vim-default-editor.fish - dont give EDITOR universal scope
- vim.sh, vim.csh - set aliases only for OS default vi and vim
- add fish profile for Vim
* Mon Oct 12 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1815-2
- fix installing fish profile, set virtual provide for default editor
(thanks Neal Gompa and Kamil Dudka)
- set conflicts to nano-default-editor which doesnt provide system-default-editor
* Fri Oct 9 2020 Pawe�� Marciniak <sunwire+repo(a)gmail.com> - 2:8.2.1815-2
- A new subpackage, set vim as a default editor.
* Fri Oct 9 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1815-1
- patchlevel 1815
* Tue Oct 6 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.1805-1
- patchlevel 1805
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1892465 - Fish functions should go in vendor_functions.d, not vendor_conf.d
https://bugzilla.redhat.com/show_bug.cgi?id=1892465
--------------------------------------------------------------------------------
================================================================================
wordpress-5.5.3-1.fc31 (FEDORA-2020-15e15c35da)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 5.5.3 Maintenance Release** This maintenance release fixes an issue
introduced in WordPress 5.5.2 which makes it impossible to install WordPress on
a brand new website that does not have a database connection configured. ----
**WordPress 5.5.2 Security and Maintenance Release** **Security Updates** *
Props to Alex Concha of the WordPress Security Team for their work in hardening
deserialization requests. * Props to David Binovec on a fix to disable spam
embeds from disabled sites on a multisite network. * Thanks to Marc Montas
from Sucuri for reporting an issue that could lead to XSS from global variables.
* Thanks to Justin Tran who reported an issue surrounding privilege
escalation in XML-RPC. He also found and disclosed an issue around privilege
escalation around post commenting via XML-RPC. * Props to Omar Ganiev who
reported a method where a DoS attack could lead to RCE. * Thanks to Karim El
Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. *
Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a
method to bypass protected meta that could lead to arbitrary file deletion. *
Thanks to Erwan LR from WPScan who responsibly disclosed a method that could
lead to CSRF. * And a special thanks to @zieladam who was integral in many of
the releases and patches during this release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 31 2020 Remi Collet <remi(a)remirepo.net> - 5.5.3-1
- WordPress 5.5.3 Maintenance Release
* Fri Oct 30 2020 Remi Collet <remi(a)remirepo.net> - 5.5.2-1
- WordPress 5.5.2 Security and Maintenance Release
--------------------------------------------------------------------------------