The following Fedora 31 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-29b442f83e dnsmasq-2.80-15.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-66d1268bd0 knot-resolver-5.1.1-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6a88dad4a0 python38-3.8.3-1.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c0b5d9004 kernel-5.6.14-200.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ca3d3f15f0 wireshark-3.2.4-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5eca570e16 marked-1.1.0-3.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fcd5fd47bd qutebrowser-1.11.1-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d8278fe24d libarchive-3.4.3-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-52741b0a49 ant-1.10.8-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9b6c969aac sympa-6.2.56-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-39d40d9ae9 perl-Email-MIME-1.949-1.fc31 perl-Email-MIME-ContentType-1.024-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-11d0cf302f slurm-19.05.7-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-f9dcd4e9d5 bind-9.11.19-1.fc31 bind-dyndb-ldap-11.2-3.fc31 dnsperf-2.3.4-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3f9a846b40 prboom-plus-2.5.1.4-18.fc31
The following Fedora 31 Critical Path updates have yet to be approved: Age URL 55 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1092ecf15 man-pages-de-1.22-9.fc31 perl-Compress-Raw-Lzma-2.087-2.fc31 xz-5.2.5-1.fc31 42 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5603c3bae4 nfs-utils-2.4.3-1.rc2.fc31 23 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2266ef5b09 libappindicator-12.10.0-29.fc31 22 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5d03b4051b hwdata-0.335-1.fc31 14 https://bodhi.fedoraproject.org/updates/FEDORA-2020-88c0d67455 ethtool-5.6-1.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0a343674dc firewalld-0.7.4-2.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cdd04c84cd pcre2-10.35-1.fc31 13 https://bodhi.fedoraproject.org/updates/FEDORA-2020-29b442f83e dnsmasq-2.80-15.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-f1ab76ceb2 vim-8.2.752-1.fc31 11 https://bodhi.fedoraproject.org/updates/FEDORA-2020-620f86784a osinfo-db-20200515-1.fc31 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8487deed3f glusterfs-7.6-1.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8ff31cb908 xen-4.12.3-1.fc31 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3768e691b5 linux-firmware-20200519-108.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-beaae4e3c1 nss-3.52.0-2.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-867d7d9cff lorax-31.11-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6d33cc238c selinux-policy-3.14.4-52.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b1201f343 sssd-2.3.0-1.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d4b7192f11 ostree-2020.3-4.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c0b5d9004 kernel-5.6.14-200.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b70ff2fc58 pungi-4.2.2-2.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-167f5dcc7f cups-2.2.12-9.fc31 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c931677e78 libbytesize-2.3-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-7c45c55eb7 libblockdev-2.24-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d8278fe24d libarchive-3.4.3-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-52b05f36ed json-c-0.13.1-13.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e492e65760 python-rpm-macros-3-56.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e16a2a1a2a gnutls-3.6.13-4.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-56b26af5c2 abrt-2.14.2-2.fc31 abrt-java-connector-1.1.5-1.fc31 gnome-abrt-1.3.5-1.fc31 libreport-2.13.1-3.fc31 reportd-0.7.4-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1238fad555 firefox-76.0.1-7.fc31
The following builds have been pushed to Fedora 31 updates-testing
cacti-1.2.12-1.fc31 cacti-spine-1.2.12-1.fc31 fldigi-4.1.13-1.fc31 gfal2-2.17.3-1.fc31 glances-3.1.4.1-5.fc31 kio-fuse-4.95.0-1.fc31 kwave-20.04.1-1.fc31 libsolv-0.7.14-1.fc31 lollypop-1.3.0-1.fc31 massdns-0.3-1.fc31 mbedtls-2.16.6-1.fc31 mdadm-4.1-5.fc31 perl-Compress-Bzip2-2.27-1.fc31 php-swaggest-json-diff-3.7.5-1.fc31
Details about builds:
================================================================================ cacti-1.2.12-1.fc31 (FEDORA-2020-d50b988a2f) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information:
- Update to 1.2.12 Release notes: https://www.cacti.net/release_notes.php?version=1.2.12 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.12-1 - Update to 1.2.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840312 - CVE-2020-13231 cacti: CSRF at admin email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840312 [ 2 ] Bug #1840317 - CVE-2020-13230 cacti: improper access control on disabling a user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840317 --------------------------------------------------------------------------------
================================================================================ cacti-spine-1.2.12-1.fc31 (FEDORA-2020-d50b988a2f) Threaded poller for Cacti written in C -------------------------------------------------------------------------------- Update Information:
- Update to 1.2.12 Release notes: https://www.cacti.net/release_notes.php?version=1.2.12 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.12-1 - Update to 1.2.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840312 - CVE-2020-13231 cacti: CSRF at admin email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840312 [ 2 ] Bug #1840317 - CVE-2020-13230 cacti: improper access control on disabling a user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840317 --------------------------------------------------------------------------------
================================================================================ fldigi-4.1.13-1.fc31 (FEDORA-2020-abb43da925) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information:
Version 4.1.13 doxygen * add new documentation files cw prosign * fix loss of prosign AA - conflict with Northern European accented characters Analysis mode * Add Zulu time readout to status bar Debug Sources * remove bMOREINFO * add "Data Load" toggle to Debug sources * add "Synop" toggle to Debug sources * add "KML" toggle to Debug sources * remove deprecated command line parameters - --debug-pskmail, use debug source ARQ - --debug-audio, use debug source AUDIO * redesign Event Log dialog to make selection of level and sources more intuitive wefax * Modify phasing algorithm to measure, analyze and act upon ratio of white and black intervals. * Change default center frequency to 1900. Allows detection of start tone @ 300 Hz, stop tone @ 450 Hz. * Simplify FM detector. Use complex functions vice I/Q logic * Redesign user interface - always use internal Rx panel - always use external Tx dialog - move infrequently used controls to configuration dialog * Rewrite pic and image classes * Add user correlation control to config panel * Correct transmit methods - Start/Stop signals not in spec - Transmit duration computation resulted in very long transmission * update documentation README update * update reference to winfldigi fedora 64 build * remove Fl::wake calls that require void* data * replace with REQ qrunner calls Code cleanup * remove extraneous debugging lines from code fsq sounder * restore sounder when starting FSQ from another modem Default event log level * restore INFO as default * change socket events to VERBOSE rx_extract * imrove behavior servicing multiple instances of flmsg -------------------------------------------------------------------------------- ChangeLog:
* Tue May 26 2020 Richard Shaw hobbes1069@gmail.com - 4.1.13-1 - Update to 4.1.13. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840371 - None https://bugzilla.redhat.com/show_bug.cgi?id=1840371 --------------------------------------------------------------------------------
================================================================================ gfal2-2.17.3-1.fc31 (FEDORA-2020-4cca7c7957) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information:
Upgrade to upstream release 2.17.3 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 15 2020 Michal Simon michal.simon@cern.ch - 2.17.3-1 - Upgrade to upstream release 2.17.3 * Tue Apr 21 2020 Bj��rn Esser besser82@fedoraproject.org - 2.17.2-2 - Rebuild (json-c) --------------------------------------------------------------------------------
================================================================================ glances-3.1.4.1-5.fc31 (FEDORA-2020-ad13a73aa7) CLI curses based monitoring tool -------------------------------------------------------------------------------- Update Information:
minor update, should be ok. Provides a /etc/glances/glances.conf to prevent glances checking for updated versions from pypi and not RPMs ---- Update to 3.1.4.1. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Edouard Bourguignon madko@linuxed.net - 3.1.4.1-5 - /etc/glances/glances.conf is config(noreplace) * Wed May 27 2020 Edouard Bourguignon madko@linuxed.net - 3.1.4.1-4 - Upgrade to 3.1.4.1 - Adding glances.conf to prevent update checks rhbz#1773662 * Wed May 27 2020 Carl George carl@george.computer - 3.1.4.1-3 - Add patch0 to disable outdated warning rhbz#1773662 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1763319 - build of glances for EPEL 8 https://bugzilla.redhat.com/show_bug.cgi?id=1763319 [ 2 ] Bug #1773662 - Package from distro should not suggest update method outside of distro way https://bugzilla.redhat.com/show_bug.cgi?id=1773662 [ 3 ] Bug #1817300 - glances-3.1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1817300 --------------------------------------------------------------------------------
================================================================================ kio-fuse-4.95.0-1.fc31 (FEDORA-2020-b47f75748a) KIO FUSE -------------------------------------------------------------------------------- Update Information:
first spec for version 4.95.0 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ kwave-20.04.1-1.fc31 (FEDORA-2020-de4fdba9b3) Sound Editor for KDE -------------------------------------------------------------------------------- Update Information:
New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Tue May 26 2020 S��rgio Basto sergio@serjux.com - 20.04.1-1 - Update kwave to 20.04.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1839953 - kwave-20.04.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1839953 --------------------------------------------------------------------------------
================================================================================ libsolv-0.7.14-1.fc31 (FEDORA-2020-f63cbb761e) Package dependency solver -------------------------------------------------------------------------------- Update Information:
Update to 0.7.14 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Igor Raits ignatenkobrain@fedoraproject.org - 0.7.14-1 - Update to 0.7.14 * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 0.7.12-4 - Rebuilt for Python 3.9 * Mon May 25 2020 Colin Walters walters@verbum.org - 0.7.12-3 - Apply https://github.com/openSUSE/libsolv/pull/386 to fix https://bugzilla.redhat.com/show_bug.cgi?id=1838691 * Mon May 25 2020 Miro Hron��ok mhroncok@redhat.com - 0.7.12-2 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1827817 - None https://bugzilla.redhat.com/show_bug.cgi?id=1827817 --------------------------------------------------------------------------------
================================================================================ lollypop-1.3.0-1.fc31 (FEDORA-2020-be96ebbcbe) Music player for GNOME -------------------------------------------------------------------------------- Update Information:
- Update to 1.3.0 - Remove RR python3-pylast -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Martin Gansser martinkg@fedoraproject.org - 1.3.0-1 - Update to 1.3.0 - Remove RR python3-pylast * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 1.2.35-2 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840593 - lollypop-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1840593 --------------------------------------------------------------------------------
================================================================================ massdns-0.3-1.fc31 (FEDORA-2020-673d29822a) High-performance DNS stub resolver for bulk lookups and reconnaissance -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release 0.3 -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840604 - massdns-0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1840604 --------------------------------------------------------------------------------
================================================================================ mbedtls-2.16.6-1.fc31 (FEDORA-2020-42564738a1) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information:
- Update to 2.16.6 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.6-and-2.7.15-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2020-04 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Morten Stevens mstevens@fedoraproject.org - 2.16.6-1 - Update to 2.16.6 - Security Advisory 2020-04 (CVE-2020-10932) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1838551 - CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1838551 --------------------------------------------------------------------------------
================================================================================ mdadm-4.1-5.fc31 (FEDORA-2020-1c38e186d2) The mdadm program controls Linux md devices (software RAID arrays) -------------------------------------------------------------------------------- Update Information:
Don't enable raid-check.service to avoid raid check after every boot -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Xiao Ni xni@redhat.com - 4.1-5 - Don't enable raid-check.service to avoid raid check after every boot - Resolves bz1840519 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840519 - raid check systemd config errors https://bugzilla.redhat.com/show_bug.cgi?id=1840519 --------------------------------------------------------------------------------
================================================================================ perl-Compress-Bzip2-2.27-1.fc31 (FEDORA-2020-3ea2ed182b) Interface to Bzip2 compression library -------------------------------------------------------------------------------- Update Information:
This release fixes few possible NULL pointer dereferences. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Petr Pisar ppisar@redhat.com - 2.27-1 - 2.27 bump * Tue Feb 4 2020 Petr Pisar ppisar@redhat.com - 2.26-15 - NO_PERLLOCAL=1 needs a recent ExtUtils::MakeMaker * Tue Feb 4 2020 Tom Stellard tstellar@redhat.com - 2.26-14 - Use make_build macro - https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1840363 - perl-Compress-Bzip2-2.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1840363 --------------------------------------------------------------------------------
================================================================================ php-swaggest-json-diff-3.7.5-1.fc31 (FEDORA-2020-c261b18c12) JSON diff/rearrange/patch/pointer library for PHP -------------------------------------------------------------------------------- Update Information:
**Version 3.7.5** - 2020-05-26 **Fixed** - Accidental array to associative array conversion ([#31](https://github.com/swaggest/json-diff/issues/31)). -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Remi Collet remi@remirepo.net - 3.7.5-1 - update to 3.7.5 --------------------------------------------------------------------------------