The following Fedora 30 Security updates need testing: Age URL 21 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132 thunderbird-68.7.0-1.fc30 11 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc3149753 xen-4.11.4-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fa71ca92f8 wordpress-5.4.1-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-57f2df7424 roundcubemail-1.4.4-1.fc30 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-20ac7c92a1 community-mysql-8.0.20-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-36b36afea6 seamonkey-2.53.2-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-21ca991b3b java-1.8.0-openjdk-1.8.0.252.b09-0.fc30
The following Fedora 30 Critical Path updates have yet to be approved: Age URL 301 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1 dash-0.5.10.2-3.fc30 21 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132 thunderbird-68.7.0-1.fc30 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0f078e7280 pyproject-rpm-macros-0-14.fc30 python-pip-19.0.3-7.fc30 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-184ff81bcd glusterfs-6.9-1.fc30 11 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc3149753 xen-4.11.4-1.fc30 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0afe424fbd corosync-3.0.4-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5088f068f4 koji-1.21.0-2.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4d7243aae8 gpgme-1.13.1-7.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3a3d3c95ff gnupg2-2.2.20-2.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca9a886202 pungi-4.2.2-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ccdb66af9b hwdata-0.335-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e71a1d34cb perl-Encode-3.06-15.fc30 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-28da9b3f28 elfutils-0.179-2.fc30
The following builds have been pushed to Fedora 30 updates-testing
composer-1.10.6-1.fc30 firefox-76.0-2.fc30 golang-github-saracen-walker-0-0.1.20200506git324a081.fc30 nohang-0.1-29.20200506git4cf9810.fc30 nss-3.51.1-1.fc30 nx-libs-3.5.99.23-1.fc30 perl-Net-DAVTalk-0.19-1.fc30 picard-2.3.2-1.fc30 pure-ftpd-1.0.49-5.fc30 python-cloudscraper-1.2.36-1.fc30 python-ipyparallel-6.3.0-1.fc30 terminator-1.92-2.fc30 viewvc-1.1.28-1.fc30
Details about builds:
================================================================================ composer-1.10.6-1.fc30 (FEDORA-2020-073a6a5fd4) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.10.6** - 2020-05-06 * Fixed version guessing to take composer- runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2 * Fixed package name validation to allow several dashes following each other * Fixed post-status-cmd script not firing when there were no changes to be displayed * Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0 * Fixed support for composer show --name-only --self * Fixed detection of GitLab URLs when handling authentication in some cases -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Remi Collet remi@remirepo.net - 1.10.6-1 - update to 1.10.6 - provide php-composer(composer-runtime-api) --------------------------------------------------------------------------------
================================================================================ firefox-76.0-2.fc30 (FEDORA-2020-f389eab5d1) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog:
* Tue May 5 2020 Jan Horak jhorak@redhat.com - 76.0-2 - Don't use google safe browsing api key for the geolocation * Sun May 3 2020 Martin Stransky stransky@redhat.com - 76.0-1 - Updated to 76.0 * Thu Apr 23 2020 Martin Stransky stransky@redhat.com - 75.0-3 - Added fix for mozilla bug #1527976 (browser D&D) * Tue Apr 14 2020 Jan Horak jhorak@redhat.com - 75.0-2 - Removed gconf-2.0 build requirement --------------------------------------------------------------------------------
================================================================================ golang-github-saracen-walker-0-0.1.20200506git324a081.fc30 (FEDORA-2020-18cd5f0e4e) Walker is a faster, parallel version, of filepath.Walk -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1813648 - Review Request: golang-github-saracen-walker - Walker is a faster, parallel version, of filepath.Walk https://bugzilla.redhat.com/show_bug.cgi?id=1813648 --------------------------------------------------------------------------------
================================================================================ nohang-0.1-29.20200506git4cf9810.fc30 (FEDORA-2020-88b69e1713) Sophisticated low memory handler for Linux -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Artem Polishchuk ego.cordatus@gmail.com - 0.1-29.20200506git4cf9810 - Update to latest git snapshot --------------------------------------------------------------------------------
================================================================================ nss-3.51.1-1.fc30 (FEDORA-2020-f389eab5d1) Network Security Services -------------------------------------------------------------------------------- Update Information:
- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/ -------------------------------------------------------------------------------- ChangeLog:
* Mon May 4 2020 Daiki Ueno dueno@redhat.com - 3.51.1-1 - Update to NSS 3.51.1 --------------------------------------------------------------------------------
================================================================================ nx-libs-3.5.99.23-1.fc30 (FEDORA-2020-4b038b6660) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information:
Update to 3.5.99.23 -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 1 2020 Orion Poplawski orion@nwra.com - 3.5.99.23-1 - Update to 3.5.99.23 * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 3.5.99.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Dec 16 2019 Orion Poplawski orion@nwra.com - 3.5.99.22-1 - Update to 3.5.99.22 * Thu Aug 15 2019 Orion Poplawski orion@nwra.com - 3.5.99.21-2 - BR libXfont2 on Fedora and RHEL 8+ * Thu Aug 15 2019 Orion Poplawski orion@nwra.com - 3.5.99.21-1 - Update to 3.5.99.21 * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 3.5.99.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sun Apr 28 2019 Orion Poplawski orion@nwra.com - 3.5.99.20-1 - Update to 3.5.99.20 --------------------------------------------------------------------------------
================================================================================ perl-Net-DAVTalk-0.19-1.fc30 (FEDORA-2020-e14e2b414a) Client for DAV servers -------------------------------------------------------------------------------- Update Information:
This release fixes handling a timeout of a user agent. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Petr Pisar ppisar@redhat.com - 0.19-1 - 0.19 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1831970 - perl-Net-DAVTalk-0.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1831970 --------------------------------------------------------------------------------
================================================================================ picard-2.3.2-1.fc30 (FEDORA-2020-94924f5c58) MusicBrainz-based audio tagger -------------------------------------------------------------------------------- Update Information:
Upstream release rhbz#1832338 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Gerald Cox gbcox@fedoraproject.org - 2.3.2-1.git3881261 - Upstream release rhbz#1832338 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1832338 - picard-2.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1832338 --------------------------------------------------------------------------------
================================================================================ pure-ftpd-1.0.49-5.fc30 (FEDORA-2020-fa83ea0492) Lightweight, fast and secure FTP server -------------------------------------------------------------------------------- Update Information:
Fix CVE-2020-9365 and CVE-2020-9274 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Ond��ej Lyson��k olysonek@redhat.com - 1.0.49-5 - Fix CVE-2020-9365 and CVE-2020-9274 - Resolves: rhbz#1828688 - Resolves: rhbz#1831059 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.49-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1828687 - CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c https://bugzilla.redhat.com/show_bug.cgi?id=1828687 [ 2 ] Bug #1831058 - CVE-2020-9274 pure-ftpd: uninitialized pointer in the diraliases linked list leads to denial of service or information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1831058 --------------------------------------------------------------------------------
================================================================================ python-cloudscraper-1.2.36-1.fc30 (FEDORA-2020-72ca732987) Python module to bypass Cloudflare's anti-bot page -------------------------------------------------------------------------------- Update Information:
Update to 1.2.36 : - Update regex for Cloudflare form challenge - Overwrite auto_set_ecdh by manually setting elliptic curve - Rewrote native interpreter for JSFuck due to nested calculations - Added exception if new Cloudflare challenge detected. - Added support for hCaptcha in 9KW -------------------------------------------------------------------------------- ChangeLog:
* Tue May 5 2020 Lyes Saadi fedora@lyes.eu - 1.2.36-1 - Update to 1.2.36 --------------------------------------------------------------------------------
================================================================================ python-ipyparallel-6.3.0-1.fc30 (FEDORA-2020-415ab5fe9a) Interactive Parallel Computing with IPython -------------------------------------------------------------------------------- Update Information:
python-ipyparallel 6.3.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Mattias Ellert mattias.ellert@physics.uu.se - 6.3.0-1 - Update to 6.3.0 - Drop patches (accepted upstream, or previously backported) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1831931 - python-ipyparallel-6.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1831931 --------------------------------------------------------------------------------
================================================================================ terminator-1.92-2.fc30 (FEDORA-2020-4dd1746835) Store and run multiple GNOME terminals in one window -------------------------------------------------------------------------------- Update Information:
This update brings a new Fedora package release of Terminator version 1.92 to a Fedora box near you. It improves some package internals, mainly requirements to other packages. If you haven't had any issue with 1.92-1, then 1.92-2 most likely won't bring any visible improvements for you. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Dominic Hopf dmaphy@fedoraproject.org - 1.92-2 - Improve requirement listings - Fix requirement for python3-psutil on EPEL8 - Add missing requirement for gtk-update-icon-cache --------------------------------------------------------------------------------
================================================================================ viewvc-1.1.28-1.fc30 (FEDORA-2020-c952520959) Browser interface for CVS and SVN version control repositories -------------------------------------------------------------------------------- Update Information:
Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name (#211) - fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140) - distinguish text/binary/image files by icons (#166, #175) - colorize alternating file content lines (#167) - link to the instance root from the ViewVC logo (#168) - display directory and root counts, too (#169) - fix double fault error in standalone.py (#157) - support timezone offsets with minutes piece (#176) -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2020 Bojan Smojver bojan@rexursive.com - 1.1.28-1 - bump up to 1.1.28 - CVE-2020-5283 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1831804 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [fedora-30] https://bugzilla.redhat.com/show_bug.cgi?id=1831804 [ 2 ] Bug #1831805 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1831805 [ 3 ] Bug #1831806 - CVE-2020-5283 viewvc: XSS vulnerability in CVS show_subdir_lastmod support [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1831806 --------------------------------------------------------------------------------