The following Fedora 30 Security updates need testing: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132 thunderbird-68.7.0-1.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5a4da65166 cups-2.2.12-8.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c9eb911737 pxz-4.999.9-19.beta.20200421git.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d171bf636d rubygem-json-2.2.0-202.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0e7f1b663b chromium-81.0.4044.122-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-969414e05b openvpn-2.4.9-1.fc30 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-bd170e803f webkit2gtk3-2.28.2-1.fc30 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc3149753 xen-4.11.4-1.fc30 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-73341c894c java-11-openjdk-11.0.7.10-0.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e244c98af5 libldb-1.5.7-1.fc30 samba-4.10.15-0.fc30 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d6b80678a teeworlds-0.7.5-1.fc30 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-64d46a6e29 kernel-5.6.8-100.fc30
The following Fedora 30 Critical Path updates have yet to be approved: Age URL 295 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1 dash-0.5.10.2-3.fc30 15 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132 thunderbird-68.7.0-1.fc30 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1208e2a2b8 vim-8.2.587-1.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-44d12740d8 ceph-14.2.9-1.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5a4da65166 cups-2.2.12-8.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fd4d0014e1 python2-2.7.18-1.fc30 python2-docs-2.7.18-1.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9b3da9c8e7 linux-firmware-20200421-107.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0f078e7280 pyproject-rpm-macros-0-14.fc30 python-pip-19.0.3-7.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a615847091 cairo-1.16.0-6.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-184ff81bcd glusterfs-6.9-1.fc30 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc3149753 xen-4.11.4-1.fc30 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0afe424fbd corosync-3.0.4-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e244c98af5 libldb-1.5.7-1.fc30 samba-4.10.15-0.fc30 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-64d46a6e29 kernel-5.6.8-100.fc30
The following builds have been pushed to Fedora 30 updates-testing
ansible-freeipa-0.1.10-1.fc30 bashtop-0.8.17-1.fc30 cros-guest-tools-1.0-0.31.20200427git6968d7b.fc30 gnupg2-2.2.20-2.fc30 gpgme-1.13.1-7.fc30 granite-5.4.0-1.fc30 koji-1.21.0-2.fc30 nrpe-4.0.3-1.fc30 openscap-1.3.3-1.fc30 pungi-4.2.2-1.fc30 python-google-auth-1.14.1-1.fc30 python-kubernetes-11.0.0-2.fc30 python-mercantile-1.1.4-1.fc30 python-openshift-0.11.0-3.fc30 python-pymediainfo-4.2.1-1.fc30 roundcubemail-1.4.4-1.fc30 wordpress-5.4.1-1.fc30
Details about builds:
================================================================================ ansible-freeipa-0.1.10-1.fc30 (FEDORA-2020-ee5e657ad2) Roles and playbooks to deploy FreeIPA servers, replicas and clients -------------------------------------------------------------------------------- Update Information:
- Update to version 0.1.10 with fixes and additional modules https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 27 2020 Thomas Woerner twoerner@redhat.com - 0.1.10-1 - Update to version 0.1.10 with fixes and additional modules https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10 --------------------------------------------------------------------------------
================================================================================ bashtop-0.8.17-1.fc30 (FEDORA-2020-61cbb9c80f) Linux resource monitor -------------------------------------------------------------------------------- Update Information:
Update to 0.8.17 ---- Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1828813 - Review Request: bashtop - Resource monitor written in bash that shows usage and stats for processor, memory, disks, network and processes https://bugzilla.redhat.com/show_bug.cgi?id=1828813 [ 2 ] Bug #1829710 - bashtop-0.8.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1829710 --------------------------------------------------------------------------------
================================================================================ cros-guest-tools-1.0-0.31.20200427git6968d7b.fc30 (FEDORA-2020-e53bb3ab38) Chromium OS integration meta package -------------------------------------------------------------------------------- Update Information:
Update to latest master commit. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 27 2020 Jason Montleon jmontleo@redhat.com - 1.0-0.31.20200427git6968d7b - Update to master 6968d7b --------------------------------------------------------------------------------
================================================================================ gnupg2-2.2.20-2.fc30 (FEDORA-2020-3a3d3c95ff) Utility for secure communication and data storage -------------------------------------------------------------------------------- Update Information:
Update to the current upstream version 2.2.20. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Tom���� Mr��z tmraz@redhat.com - 2.2.20-2 - move systemd user units to _userunitdir (no activation by default) * Tue Apr 14 2020 Tom���� Mr��z tmraz@redhat.com - 2.2.20-1 - upgrade to 2.2.20 * Wed Jan 29 2020 Tom���� Mr��z tmraz@redhat.com - 2.2.19-1 - upgrade to 2.2.19 * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 2.2.18-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Jan 4 2020 Marcel H��rry mh+fedora@scrit.ch - 2.2.18-3 - Add patches to be able to deal with keys without uids (#1787708) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1542353 - please install the systemd units shipped in doc/examples https://bugzilla.redhat.com/show_bug.cgi?id=1542353 [ 2 ] Bug #1782289 - gnupg2-2.2.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1782289 [ 3 ] Bug #1787708 - Accept keys without uid if key is already present https://bugzilla.redhat.com/show_bug.cgi?id=1787708 --------------------------------------------------------------------------------
================================================================================ gpgme-1.13.1-7.fc30 (FEDORA-2020-4d7243aae8) GnuPG Made Easy - high level crypto API -------------------------------------------------------------------------------- Update Information:
Update to accommodate minor changes in recent gnupg versions (2.2.19 and above). -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Tom���� Mr��z tmraz@redhat.com - 1.13.1-7 - Fix FTBFS with gnupg-2.2.19 and above * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.13.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Oct 3 2019 Miro Hron��ok mhroncok@redhat.com - 1.13.1-5 - Rebuilt for Python 3.8.0rc1 (#1748018) * Thu Aug 15 2019 Miro Hron��ok mhroncok@redhat.com - 1.13.1-4 - Rebuilt for Python 3.8 * Sat Aug 10 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 1.13.1-3 - Set real VERSION * Sat Aug 3 2019 Peter Robinson pbrobinson@fedoraproject.org 1.13.1-2 - Move .pc files to devel so the base library doesn't pull in devel packages * Mon Jul 29 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 1.13.1-1 - Update to 1.13.1 * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 1.12.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Wed Jun 5 2019 Miro Hron��ok mhroncok@redhat.com - 1.12.0-2 - Subpackage python2-gpg has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal --------------------------------------------------------------------------------
================================================================================ granite-5.4.0-1.fc30 (FEDORA-2020-853e31850d) elementary companion library for GTK+ and GLib -------------------------------------------------------------------------------- Update Information:
Update to version 5.4.0. Release notes: https://github.com/elementary/granite/releases/tag/5.4.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Fabio Valentini decathorpe@gmail.com - 5.4.0-1 - Update to version 5.4.0. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1829712 - granite-5.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1829712 --------------------------------------------------------------------------------
================================================================================ koji-1.21.0-2.fc30 (FEDORA-2020-5088f068f4) Build system tools -------------------------------------------------------------------------------- Update Information:
Add patch to fix admin --force tagging. ---- Update to bugfix and feature upstream 1.21.0 version. See https://docs.pagure.org/koji/release_notes/release_notes_1.21 for detailed changes. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Kevin Fenzi kevin@scrye.com - 1.21.0-2 - Add patch to fix issue with admins not being able to force tagging. - Fixes https://pagure.io/koji/issue/2202 upstream. * Tue Apr 21 2020 Kevin Fenzi kevin@scrye.com - 1.21.0-1 - Update to 1.21.1. Fixes bug #1826406 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1497923 - koji-web requires mod_auth_gssapi but that is not available in RHEL6 or EPEL6 https://bugzilla.redhat.com/show_bug.cgi?id=1497923 [ 2 ] Bug #1806193 - koji-1.17 is not compatibile with python 2.6.6 https://bugzilla.redhat.com/show_bug.cgi?id=1806193 [ 3 ] Bug #1826343 - koji-1.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1826343 [ 4 ] Bug #1826406 - update to koji 1.21.0 https://bugzilla.redhat.com/show_bug.cgi?id=1826406 --------------------------------------------------------------------------------
================================================================================ nrpe-4.0.3-1.fc30 (FEDORA-2020-adabae0aa7) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information:
New upstream version ---- Fix regression with nasty_metacharacters -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 29 2020 Martin Jackson mhjacks@swbell.net - 4.0.1-1 - New upstream version * Sun Apr 26 2020 Martin Jackson mhjacks@swbell.net - 4.0.2-3.20200423git4f7dd11 - Fix regression with nasty_metacharacters - Update Patch3 - Drop patch13 (trees have diverged) --------------------------------------------------------------------------------
================================================================================ openscap-1.3.3-1.fc30 (FEDORA-2020-a128a68ba9) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream version - New features - Added a Python script that can be used for CLI tailoring (autotailor) - Added timezone to XCCDF TestResult start/end time - Added yamlfilecontent independent probe (proposal/draft implementation), see https://github.com/OVAL- Community/OVAL/issues/91 for more information - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF - Added ability to generate `machineconfig` fix - Maintenance, bug fixes - utils/oscap- podman: Detect ambiguous scan target - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory - The data system_info probe return for offline and online modes is consistent and actual - Prevent crashes when complicated regexes are executed in textfilecontent58 probe - Fixed #1512: Severity refinement lost in generated guide - Fixed #1453: Pointer lost in Swig API - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities from system_info probe - Fixed filepath pattern matching in offline mode in textfilecontent58 probe - Fixed infinite recursion in systemdunitdependency probe - Fixed the case when CMake couldn't find libacl or xattr.h -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Jan ��ern�� jcerny@redhat.com - 1:1.3.3-1 - Upgrade to the latest upstream release --------------------------------------------------------------------------------
================================================================================ pungi-4.2.2-1.fc30 (FEDORA-2020-ca9a886202) Distribution compose tool -------------------------------------------------------------------------------- Update Information:
New upstream release: * Work around a permission problem for cloned module defaults repo. * Fix warning about removed `productimg` phase. * Allow disabling reusing pkgset phase results. * Fix nodeps gather method to not match on prefixes of names. * Remove check after copying file. * Stop creating iso stage dir just before deleting it. * Allow reusing old buildinstall phase result. * set umask to be more permissive for ostree operations. * Split repoclosure into separate phase. * Increase time delay between submitting Koji image builds. * Allow gather phase reuse on `product_id` change. * Gather more debug data for GitWrapper clone. * Reuse arch pkgset repos. * Get non-rpm build to pungi's extra_files with inheritance. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Lubom��r Sedl���� lsedlar@redhat.com - 4.2.2-1 - New upstream release --------------------------------------------------------------------------------
================================================================================ python-google-auth-1.14.1-1.fc30 (FEDORA-2020-3ffadc2d76) Google Auth Python Library -------------------------------------------------------------------------------- Update Information:
Update to 1.14.1. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 22 2020 Fedora Release Monitoring release-monitoring@fedoraproject.org - 1:1.14.1-1 - Update to 1.14.1 (#1824032) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1824032 - python-google-auth-1.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1824032 --------------------------------------------------------------------------------
================================================================================ python-kubernetes-11.0.0-2.fc30 (FEDORA-2020-f263cd1b47) Python client for the kubernetes API. -------------------------------------------------------------------------------- Update Information:
Update to python-kubernetes 11.0.0 and python-openshift 0.11.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Jason Montleon jmontleo@redhat.com - 11.0.0-2 - Fix EPEL 7 and 8 builds * Thu Apr 30 2020 Jason Montleon jmontleo@redhat.com - 11.0.0-1 - Update to 11.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1696532 - python-kubernetes-11.0.0b2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1696532 [ 2 ] Bug #1816888 - python-openshift-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1816888 --------------------------------------------------------------------------------
================================================================================ python-mercantile-1.1.4-1.fc30 (FEDORA-2020-3dc1f5d021) Web Mercator XYZ tile utilities -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.1.4-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1829134 - python-mercantile-1.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1829134 --------------------------------------------------------------------------------
================================================================================ python-openshift-0.11.0-3.fc30 (FEDORA-2020-f263cd1b47) Python client for the OpenShift API -------------------------------------------------------------------------------- Update Information:
Update to python-kubernetes 11.0.0 and python-openshift 0.11.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Jason Montleon jmontleo@redhat.com 1:0.11.0-3 - Add missing changelog entries * Thu Apr 30 2020 Jason Montleon jmontleo@redhat.com 1:0.11.0-2 - Fix el8 builds * Thu Apr 30 2020 Jason Montleon jmontleo@redhat.com 1:0.11.0-1 - Update to 0.11.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1696532 - python-kubernetes-11.0.0b2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1696532 [ 2 ] Bug #1816888 - python-openshift-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1816888 --------------------------------------------------------------------------------
================================================================================ python-pymediainfo-4.2.1-1.fc30 (FEDORA-2020-bb67ff01fe) Python wrapper around the MediaInfo library -------------------------------------------------------------------------------- Update Information:
Update to 4.2.1. -------------------------------------------------------------------------------- ChangeLog:
* Fri May 1 2020 Vasiliy N. Glazov vascom2@gmail.com - 4.2.1-1 - Update to 4.2.1 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1829604 - python-pymediainfo-4.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1829604 --------------------------------------------------------------------------------
================================================================================ roundcubemail-1.4.4-1.fc30 (FEDORA-2020-57f2df7424) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information:
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) - Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) - Elastic: Fix color of a folder with recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) - Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data (#7257) - Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) - Fix regression in testing database schema on MSSQL (#7227) - Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and various other) responses (#7290) - Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) - Fix handling keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) - Fix so imap error message is displayed to the user on folder create/update (#7245) - Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) - Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) - Fix characters encoding in group rename input after group creation/rename (#7330) - Fix bug where some message/rfc822 parts could not be attached on forward (#7323) - Make install- jsdeps.sh script working without the 'file' program installed (#7325) - Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) - **Security**: Fix XSS issue in handling of CDATA in HTML messages - **Security**: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings - **Security**: Fix local file inclusion (and code execution) via crafted 'plugins' option - **Security**: Fix CSRF bypass that could be used to log out an authenticated user (#7302) -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Remi Collet remi@remirepo.net - 1.4.4-1 - update to 1.4.4 --------------------------------------------------------------------------------
================================================================================ wordpress-5.4.1-1.fc30 (FEDORA-2020-fa71ca92f8) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 5.4.1** Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you haven���t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues: * Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated * Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated * Props to Evan Ricafort for discovering an XSS issue in the Customizer * Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block * Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in wp- object-cache * Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads. * Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer. * Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2020 Remi Collet remi@remirepo.net - 5.4.1-1 - WordPress 5.4.1 Security and Maintenance Release --------------------------------------------------------------------------------