The following Fedora 33 Security updates need testing: Age URL 32 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8794383d6f libntlm-1.6-1.fc33 20 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3b4dfd9df8 tor-0.4.4.6-1.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9fa782be3e perl-Convert-ASN1-0.27-21.fc33 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-7c80831ffe opensc-0.21.0-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ac6cf99f87 fossil-2.12.1-1.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-77f93f41be libslirp-4.3.1-3.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9cd524eeca mingw-openjpeg2-2.3.1-9.fc33 openjpeg2-2.3.1-8.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-df970da9fc resteasy-3.0.26-6.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2578d943d2 matrix-synapse-1.23.0-1.fc33 python-canonicaljson-1.4.0-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a8f1120195 ceph-15.2.7-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-79a7a31fea spice-gtk-0.39-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-baeb8dbaea containerd-1.4.3-1.fc33
The following Fedora 33 Critical Path updates have yet to be approved: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2020-880fbc10b8 openbox-3.6.1-16.fc33 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-77f93f41be libslirp-4.3.1-3.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9cd524eeca mingw-openjpeg2-2.3.1-9.fc33 openjpeg2-2.3.1-8.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5476485ad2 git-2.29.2-3.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-60572c0ffc mtools-4.0.26-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cf99202fdc authselect-1.2.2-1.fc33 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b587a31a29 rpm-4.16.0-5.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-233616271d abrt-2.14.5-1.fc33 satyr-0.35-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4a465e72eb libgpg-error-1.39-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e117bc477b bolt-0.9.1-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
OpenImageIO-2.2.9.0-1.fc33 bdii-5.2.26-1.fc33 erlang-basho_stats-1.1.0-1.fc33 erlang-bitcask-2.1.0-1.fc33 erlang-clique-0.3.11-1.fc33 erlang-cluster_info-2.1.0-1.fc33 erlang-cuttlefish-2.1.0-1.fc33 erlang-ebloom-2.1.0-1.fc33 erlang-riak_sysmon-2.2.0-1.fc33 hplip-3.20.11-1.fc33 kernel-5.9.12-200.fc33 libabigail-1.8-1.fc33 libarchive-3.5.0-1.fc33 libxls-1.6.1-2.fc33 mediawiki-1.35.0-1.fc33 mongo-c-driver-1.17.3-1.fc33 mysql-selinux-1.0.2-1.fc33 ocaml-markup-1.0.0-2.fc33 ocaml-odoc-1.5.2-1.fc33 ocaml-tyxml-4.4.0-5.fc33 perl-HTTP-Entity-Parser-0.25-1.fc33 php-horde-Horde-Service-Weather-2.5.5-1.fc33 php-laminas-server-2.9.1-1.fc33 php-manual-en-20201202-1.fc33 php-oojs-oojs-ui-0.39.3-1.fc33 php-pecl-mcrypt-1.0.4-1.fc33 php-wikimedia-assert-0.5.0-1.fc33 php-zordius-lightncandy-1.2.5-1.fc33 polybar-3.5.0-1.fc33 pvs-sbcl-7.1-1.fc33 python-adext-0.3-1.fc33 python-fasjson-client-0.1.1-1.fc33 python-stdiomask-0.0.1-1.fc33 sqlite-3.34.0-1.fc33 trace-cmd-2.9.1-4.fc33 xorg-x11-server-1.20.10-1.fc33 xorgxrdp-0.2.14-4.fc33 youtube-dl-2020.12.02-1.fc33
Details about builds:
================================================================================ OpenImageIO-2.2.9.0-1.fc33 (FEDORA-2020-af78c71c81) Library for reading and writing images -------------------------------------------------------------------------------- Update Information:
Release 2.2.9 (1 Dec 2020) -- compared to 2.2.8 ------------------------------------------------- * TIFF: Fix reading files with "separate" planarconfig and rowsperstrip more than 1. #2757 (2.3.0.1/2.2.9) * RAW: add "raw:user_flip" input configuration hint to control this option in the underlying libraw. #2769 (2.3.1.0) * PNG: Read Exif data from PNG files. #2767 * BMP: Fix reading BMP images with bottom-to-top row order. #2776 * Work to ensure that OIIO will build correctly against the upcoming Imath 3.0 and OpenEXR 3.0. * Make the OIIO CMake files work properly if OIIO is a subproject. Also various other CMake script refactoring. #2770 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Richard Shaw hobbes1069@gmail.com - 2.2.9.0-1 - Update to 2.2.9. --------------------------------------------------------------------------------
================================================================================ bdii-5.2.26-1.fc33 (FEDORA-2020-365e23b41b) The Berkeley Database Information Index (BDII) -------------------------------------------------------------------------------- Update Information:
BDII 5.2.26 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 1 2020 Mattias Ellert mattias.ellert@physics.uu.se - 5.2.26-1 - Version 5.2.26 - Update python3 patch - Update systemd unit files --------------------------------------------------------------------------------
================================================================================ erlang-basho_stats-1.1.0-1.fc33 (FEDORA-2020-dc4bf420ea) Basic Erlang statistics library -------------------------------------------------------------------------------- Update Information:
basho_stats ver. 1.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 1.1.0-1 - Ver. 1.1.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869894 - erlang-basho_stats-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869894 --------------------------------------------------------------------------------
================================================================================ erlang-bitcask-2.1.0-1.fc33 (FEDORA-2020-6ae4618f5d) Eric Brewer-inspired key/value store -------------------------------------------------------------------------------- Update Information:
bitcask ver. 2.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 2.1.0-1 - Ver. 2.1.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869897 - erlang-bitcask-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869897 --------------------------------------------------------------------------------
================================================================================ erlang-clique-0.3.11-1.fc33 (FEDORA-2020-00e073c580) CLI Framework for Erlang -------------------------------------------------------------------------------- Update Information:
clique ver. 0.3.11 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 1 2020 Peter Lemenkov lemenkov@gmail.com - 0.3.11-1 - Ver. 0.3.11 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869878 - erlang-clique-0.3.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869878 --------------------------------------------------------------------------------
================================================================================ erlang-cluster_info-2.1.0-1.fc33 (FEDORA-2020-2ba37cf0a9) Cluster info/postmortem inspector for Erlang applications -------------------------------------------------------------------------------- Update Information:
cluster_info ver. 2.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 2.1.0-1 - Ver. 2.1.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869896 - erlang-cluster_info-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869896 --------------------------------------------------------------------------------
================================================================================ erlang-cuttlefish-2.1.0-1.fc33 (FEDORA-2020-02cfb4d3cc) A library for dealing with sysctl-like configuration syntax -------------------------------------------------------------------------------- Update Information:
cuttlefish ver. 2.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 2.1.0-1 - Ver. 2.1.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869889 - erlang-cuttlefish-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869889 --------------------------------------------------------------------------------
================================================================================ erlang-ebloom-2.1.0-1.fc33 (FEDORA-2020-979242ead7) A NIF wrapper around a basic bloom filter -------------------------------------------------------------------------------- Update Information:
ebloom ver. 2.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 2.1.0-1 - Ver. 2.1.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869895 - erlang-ebloom-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869895 --------------------------------------------------------------------------------
================================================================================ erlang-riak_sysmon-2.2.0-1.fc33 (FEDORA-2020-fcd51a57e1) Rate-limiting system_monitor event handler for Riak -------------------------------------------------------------------------------- Update Information:
riak_sysmon ver. 2.2.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Peter Lemenkov lemenkov@gmail.com - 2.2.0-1 - Ver. 2.2.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869849 - erlang-riak_sysmon-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869849 --------------------------------------------------------------------------------
================================================================================ hplip-3.20.11-1.fc33 (FEDORA-2020-ac71529972) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information:
1903029 - hplip-3.20.11 is available -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Zdenek Dohnal zdohnal@redhat.com - 3.20.11-1 - 1903029 - hplip-3.20.11 is available -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1903029 - hplip-3.20.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1903029 --------------------------------------------------------------------------------
================================================================================ kernel-5.9.12-200.fc33 (FEDORA-2020-04850ab36b) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 5.9.12 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Justin M. Forbes jforbes@fedoraproject.org - 5.9.12-200 - Linux v5.9.12 --------------------------------------------------------------------------------
================================================================================ libabigail-1.8-1.fc33 (FEDORA-2020-b71462d924) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information:
Update to upstream 1.8 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 1 2020 Dodji Seketeli dodji@redhat.com - 1.8-1 - Update to upstream 1.8 - Add "make check-self-update" as a regression tests target. - Remove fedabipkgdiff as for a reason, koji python module is not getting detected by configure on some arches of f33. --------------------------------------------------------------------------------
================================================================================ libarchive-3.5.0-1.fc33 (FEDORA-2020-16ad1714f9) A library for handling streaming archive formats -------------------------------------------------------------------------------- Update Information:
Rebased to version 3.5.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Ondrej Dubaj odubaj@redhat.com - 3.5.0-1 - Rebased to version 3.5.0 --------------------------------------------------------------------------------
================================================================================ libxls-1.6.1-2.fc33 (FEDORA-2020-ad84def381) Read binary Excel files from C/C++ -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2020-27819 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 1 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.6.1-2 - Fix CVE-2020-27819 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1903296 - CVE-2020-27819 libxls: NULL pointer dereference via crafted xls file https://bugzilla.redhat.com/show_bug.cgi?id=1903296 --------------------------------------------------------------------------------
================================================================================ mediawiki-1.35.0-1.fc33 (FEDORA-2020-a4802c53d9) A wiki engine -------------------------------------------------------------------------------- Update Information:
https://lists.wikimedia.org/pipermail/mediawiki- announce/2020-September/000263.html The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Michael Cronenworth mike@cchtml.com - 1.35.0-1 - Update to 1.35.0 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/0002... -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288786 - php-zordius-lightncandy-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288786 [ 2 ] Bug #1667755 - php-wikimedia-assert-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667755 [ 3 ] Bug #1882555 - mediawiki-1.35.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1882555 [ 4 ] Bug #1903753 - CVE-2020-26120 mediawiki: XSS exists in the MobileFrontend extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903753 [ 5 ] Bug #1903755 - CVE-2020-26121 mediawiki: attacker can import a file even when the target page is protected against page creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903755 [ 6 ] Bug #1903760 - CVE-2020-25815 mediawiki: LogEventList::getFiltersDesc is insecurely using message text to build options names for HTML multi-select field [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903760 [ 7 ] Bug #1903762 - CVE-2020-25827 mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903762 [ 8 ] Bug #1903765 - CVE-2020-25813 mediawiki: Special:UserRights exposes the existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903765 [ 9 ] Bug #1903769 - CVE-2020-25812 mediawiki: XSS using raw HTML [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903769 [ 10 ] Bug #1903771 - CVE-2020-25869 mediawiki: handling of actor ID does not necessarily use the correct database or correct wiki leads to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903771 [ 11 ] Bug #1903775 - CVE-2020-25814 mediawiki: XSS via javascript:payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903775 [ 12 ] Bug #1903778 - CVE-2020-25828 mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903778 --------------------------------------------------------------------------------
================================================================================ mongo-c-driver-1.17.3-1.fc33 (FEDORA-2020-b78dc1eb82) Client library written in C for MongoDB -------------------------------------------------------------------------------- Update Information:
**libbson 1.17.3** no change ---- **mong-c-driver 1.17.3** Bug fixes: * Do not send session ID on GSSAPI auth commands. * Fix build against zlib when zlib is installed in non-standard location. * Fix build when source directory path contains a space. * Fix a platform-specific bug causing mongoc_client_pool_pop to block indefinitely if all clients are checked out. * Fix a possible buffer overflow with hostnames resolving to IPv6 addresses on OpenSSL. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Remi Collet remi@remirepo.net - 1.17.3-1 - update to 1.17.3 --------------------------------------------------------------------------------
================================================================================ mysql-selinux-1.0.2-1.fc33 (FEDORA-2020-af9b89f9aa) SELinux policy modules for MySQL and MariaDB packages -------------------------------------------------------------------------------- Update Information:
**mysql-selinux 1.0.2** Alignment with the upstream rules Rules for "*mariadb*" named executables added -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Michal Schorm mschorm@redhat.com - 1.0.2-1 - Rebase to 1.0.2 release Added context for "*mariadb*" named executables * Tue Dec 1 2020 Michal Schorm mschorm@redhat.com - 1.0.1-1 - Rebase to 1.0.1 release This release is just a sync-up with upstream selinux-policy - URL changed to a new upstream repository --------------------------------------------------------------------------------
================================================================================ ocaml-markup-1.0.0-2.fc33 (FEDORA-2020-1376077360) Error-recovering streaming HTML5 and XML parsers for OCaml -------------------------------------------------------------------------------- Update Information:
This update is due to ocaml-markup upstream reissuing version 1.0.0 to fix some bugs. See the release notes for the second 1.0.0 release: https://github.com/aantron/markup.ml/releases/tag/1.0.0. The ocaml-tyxml and ocaml-odoc builds are primarily simple rebuilds due to the ocaml-markup changes. The version of ocaml-odoc was bumped, but the changes in version 1.5.2 are for OCaml 4.12 compatibility, which does not matter for F33. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Jerry James loganjerry@gmail.com - 1.0.0-2 - Upstream re-released version 1.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1896849 - ocaml-odoc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1896849 --------------------------------------------------------------------------------
================================================================================ ocaml-odoc-1.5.2-1.fc33 (FEDORA-2020-1376077360) Documentation compiler for OCaml and Reason -------------------------------------------------------------------------------- Update Information:
This update is due to ocaml-markup upstream reissuing version 1.0.0 to fix some bugs. See the release notes for the second 1.0.0 release: https://github.com/aantron/markup.ml/releases/tag/1.0.0. The ocaml-tyxml and ocaml-odoc builds are primarily simple rebuilds due to the ocaml-markup changes. The version of ocaml-odoc was bumped, but the changes in version 1.5.2 are for OCaml 4.12 compatibility, which does not matter for F33. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Jerry James loganjerry@gmail.com - 1.5.2-1 - Version 1.5.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1896849 - ocaml-odoc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1896849 --------------------------------------------------------------------------------
================================================================================ ocaml-tyxml-4.4.0-5.fc33 (FEDORA-2020-1376077360) Build valid HTML and SVG documents -------------------------------------------------------------------------------- Update Information:
This update is due to ocaml-markup upstream reissuing version 1.0.0 to fix some bugs. See the release notes for the second 1.0.0 release: https://github.com/aantron/markup.ml/releases/tag/1.0.0. The ocaml-tyxml and ocaml-odoc builds are primarily simple rebuilds due to the ocaml-markup changes. The version of ocaml-odoc was bumped, but the changes in version 1.5.2 are for OCaml 4.12 compatibility, which does not matter for F33. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Jerry James loganjerry@gmail.com - 4.4.0-5 - Rebuild for the re-release of ocaml-markup 1.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1896849 - ocaml-odoc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1896849 --------------------------------------------------------------------------------
================================================================================ perl-HTTP-Entity-Parser-0.25-1.fc33 (FEDORA-2020-3cda6919ce) PSGI compliant HTTP Entity Parser -------------------------------------------------------------------------------- Update Information:
-------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 30 2020 Ralf Cors��pius corsepiu@fedoraproject.org - 0.25-1 - Update to 0.25. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Service-Weather-2.5.5-1.fc33 (FEDORA-2020-0c6f6ee0a3) Horde Weather Provider -------------------------------------------------------------------------------- Update Information:
**Horde_Service_Weather 2.5.5** * [mjr] Remove deprecated string index accessor. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Remi Collet remi@remirepo.net - 2.5.5-1 - update to 2.5.5 - drop patch merged upstream --------------------------------------------------------------------------------
================================================================================ php-laminas-server-2.9.1-1.fc33 (FEDORA-2020-517f2303d8) Laminas Framework Server component -------------------------------------------------------------------------------- Update Information:
**Version 2.9.1** - 2020-12-01 Fixed - [#19](https://github.com/laminas/laminas-server/pull/19) fixes a scenario whereby calling `Reflection::reflectionFunction()` or `new ReflectMethod()` with `null` or otherwise invalid `$argv` arguments could lead to fatal errors. These methods now either validate or cast on all invalid values. - [#18](https://github.com/laminas/laminas-server/pull/18) fixes detection of array function and method parameters on PHP 8. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Remi Collet remi@remirepo.net - 2.9.1-1 - update to 2.9.1 * Tue Nov 24 2020 Remi Collet remi@remirepo.net - 2.9.0-1 - update to 2.9.0 - raise dependency on PHP 7.3 - switch to phpunit9 --------------------------------------------------------------------------------
================================================================================ php-manual-en-20201202-1.fc33 (FEDORA-2020-ceccf04d3f) Documentation for the PHP programming language -------------------------------------------------------------------------------- Update Information:
Update to version 20201202 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Stephen Medina stephen@lilmail.xyz - 20201202-1 - Update to version 20201202 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1835364 - PHP manual is out of date https://bugzilla.redhat.com/show_bug.cgi?id=1835364 --------------------------------------------------------------------------------
================================================================================ php-oojs-oojs-ui-0.39.3-1.fc33 (FEDORA-2020-a4802c53d9) Object-Oriented JavaScript ��� User Interface -------------------------------------------------------------------------------- Update Information:
https://lists.wikimedia.org/pipermail/mediawiki- announce/2020-September/000263.html The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Michael Cronenworth mike@cchtml.com - 0.39.3-1 - version update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288786 - php-zordius-lightncandy-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288786 [ 2 ] Bug #1667755 - php-wikimedia-assert-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667755 [ 3 ] Bug #1882555 - mediawiki-1.35.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1882555 [ 4 ] Bug #1903753 - CVE-2020-26120 mediawiki: XSS exists in the MobileFrontend extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903753 [ 5 ] Bug #1903755 - CVE-2020-26121 mediawiki: attacker can import a file even when the target page is protected against page creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903755 [ 6 ] Bug #1903760 - CVE-2020-25815 mediawiki: LogEventList::getFiltersDesc is insecurely using message text to build options names for HTML multi-select field [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903760 [ 7 ] Bug #1903762 - CVE-2020-25827 mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903762 [ 8 ] Bug #1903765 - CVE-2020-25813 mediawiki: Special:UserRights exposes the existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903765 [ 9 ] Bug #1903769 - CVE-2020-25812 mediawiki: XSS using raw HTML [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903769 [ 10 ] Bug #1903771 - CVE-2020-25869 mediawiki: handling of actor ID does not necessarily use the correct database or correct wiki leads to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903771 [ 11 ] Bug #1903775 - CVE-2020-25814 mediawiki: XSS via javascript:payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903775 [ 12 ] Bug #1903778 - CVE-2020-25828 mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903778 --------------------------------------------------------------------------------
================================================================================ php-pecl-mcrypt-1.0.4-1.fc33 (FEDORA-2020-f0eb00d1e2) Bindings for the libmcrypt library -------------------------------------------------------------------------------- Update Information:
**Version 1.0.4** * Add support for PHP 8 * The $iv parameters are not required -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Remi Collet remi@remirepo.net - 1.0.4-1 - update to 1.0.4 --------------------------------------------------------------------------------
================================================================================ php-wikimedia-assert-0.5.0-1.fc33 (FEDORA-2020-a4802c53d9) An alternative to PHP's assert -------------------------------------------------------------------------------- Update Information:
https://lists.wikimedia.org/pipermail/mediawiki- announce/2020-September/000263.html The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Michael Cronenworth mike@cchtml.com - 0.5.0-1 - version update - tests have been removed from upstream tarball -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288786 - php-zordius-lightncandy-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288786 [ 2 ] Bug #1667755 - php-wikimedia-assert-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667755 [ 3 ] Bug #1882555 - mediawiki-1.35.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1882555 [ 4 ] Bug #1903753 - CVE-2020-26120 mediawiki: XSS exists in the MobileFrontend extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903753 [ 5 ] Bug #1903755 - CVE-2020-26121 mediawiki: attacker can import a file even when the target page is protected against page creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903755 [ 6 ] Bug #1903760 - CVE-2020-25815 mediawiki: LogEventList::getFiltersDesc is insecurely using message text to build options names for HTML multi-select field [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903760 [ 7 ] Bug #1903762 - CVE-2020-25827 mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903762 [ 8 ] Bug #1903765 - CVE-2020-25813 mediawiki: Special:UserRights exposes the existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903765 [ 9 ] Bug #1903769 - CVE-2020-25812 mediawiki: XSS using raw HTML [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903769 [ 10 ] Bug #1903771 - CVE-2020-25869 mediawiki: handling of actor ID does not necessarily use the correct database or correct wiki leads to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903771 [ 11 ] Bug #1903775 - CVE-2020-25814 mediawiki: XSS via javascript:payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903775 [ 12 ] Bug #1903778 - CVE-2020-25828 mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903778 --------------------------------------------------------------------------------
================================================================================ php-zordius-lightncandy-1.2.5-1.fc33 (FEDORA-2020-a4802c53d9) An extremely fast PHP implementation of handlebars and mustache -------------------------------------------------------------------------------- Update Information:
https://lists.wikimedia.org/pipermail/mediawiki- announce/2020-September/000263.html The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Michael Cronenworth mike@cchtml.com - 1.2.5-1 - version update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288786 - php-zordius-lightncandy-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288786 [ 2 ] Bug #1667755 - php-wikimedia-assert-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667755 [ 3 ] Bug #1882555 - mediawiki-1.35.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1882555 [ 4 ] Bug #1903753 - CVE-2020-26120 mediawiki: XSS exists in the MobileFrontend extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903753 [ 5 ] Bug #1903755 - CVE-2020-26121 mediawiki: attacker can import a file even when the target page is protected against page creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903755 [ 6 ] Bug #1903760 - CVE-2020-25815 mediawiki: LogEventList::getFiltersDesc is insecurely using message text to build options names for HTML multi-select field [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903760 [ 7 ] Bug #1903762 - CVE-2020-25827 mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903762 [ 8 ] Bug #1903765 - CVE-2020-25813 mediawiki: Special:UserRights exposes the existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903765 [ 9 ] Bug #1903769 - CVE-2020-25812 mediawiki: XSS using raw HTML [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903769 [ 10 ] Bug #1903771 - CVE-2020-25869 mediawiki: handling of actor ID does not necessarily use the correct database or correct wiki leads to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903771 [ 11 ] Bug #1903775 - CVE-2020-25814 mediawiki: XSS via javascript:payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903775 [ 12 ] Bug #1903778 - CVE-2020-25828 mediawiki: non-jqueryMsg version of mw.message().parse() doesn't escape HTML leads to XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1903778 --------------------------------------------------------------------------------
================================================================================ polybar-3.5.0-1.fc33 (FEDORA-2020-8dda2a6742) Fast and easy-to-use status bar -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Artem Polishchuk ego.cordatus@gmail.com - 3.5.0-1 - build(update): 3.5.0 --------------------------------------------------------------------------------
================================================================================ pvs-sbcl-7.1-1.fc33 (FEDORA-2020-ef66946040) Interactive theorem prover from SRI -------------------------------------------------------------------------------- Update Information:
See the PVS 7.1 release notes at http://pvs.csl.sri.com/doc/pvs-release- notes.pdf for information on the changes in this release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Jerry James loganjerry@gmail.com - 7.1-1 - Version 7.1 - Drop upstreamed -siglongjmp, -fno-common, -texi, and -user-guide patches - Add -api patch to fix API doc build --------------------------------------------------------------------------------
================================================================================ python-adext-0.3-1.fc33 (FEDORA-2020-9eb3e24fdd) Python module to extend AlarmDecoder module -------------------------------------------------------------------------------- Update Information:
Initial package for Fedora -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1889619 - Review Request: python-adext - Python module to extend AlarmDecoder module https://bugzilla.redhat.com/show_bug.cgi?id=1889619 --------------------------------------------------------------------------------
================================================================================ python-fasjson-client-0.1.1-1.fc33 (FEDORA-2020-6c7b4fea2b) An OpenAPI client for FASJSON -------------------------------------------------------------------------------- Update Information:
Split off subpackage for CLI. -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ python-stdiomask-0.0.1-1.fc33 (FEDORA-2020-f64becbf7f) Python module for masking passwords -------------------------------------------------------------------------------- Update Information:
Initial package for Fedora -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1901851 - Review Request: python-stdiomask - Python module for masking passwords https://bugzilla.redhat.com/show_bug.cgi?id=1901851 --------------------------------------------------------------------------------
================================================================================ sqlite-3.34.0-1.fc33 (FEDORA-2020-6ec7d49d29) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information:
Rebased to version 3.34.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Ondrej Dubaj odubaj@redhat.com - 3.34.0-1 - Updated to version 3.34.0 (https://sqlite.org/releaselog/3_34_0.html) - Enabled fts3conf.test on s390x and ppc64 architectures -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1903231 - sqlite-3.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1903231 --------------------------------------------------------------------------------
================================================================================ trace-cmd-2.9.1-4.fc33 (FEDORA-2020-1056069a87) A user interface to Ftrace -------------------------------------------------------------------------------- Update Information:
Move /usr/lib64/trace-cmd/python/ to trace-cmd-python3 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Zamir SUN sztsian@gmail.com - 2.9.1-4 - Move /usr/lib/trace-cmd/python/ to trace-cmd-python3 --------------------------------------------------------------------------------
================================================================================ xorg-x11-server-1.20.10-1.fc33 (FEDORA-2020-e82f9b80eb) X.Org X11 X server -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2020-14360, CVE-2020-25712 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 Olivier Fourdan ofourdan@redhat.com - 1.20.10-1 - xserver 1.20.10 (CVE-2020-14360, CVE-2020-25712) * Thu Nov 5 2020 Peter Hutterer peter.hutterer@redhat.com - 1.20.9-3 - Add BuildRequires for make * Wed Nov 4 2020 Peter Hutterer peter.hutterer@redhat.com 1.20.9-2 - Drop BuildRequires to git-core only -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1869139 - CVE-2020-14360 xorg-x11-server: Out-Of-Bounds access in XkbSetMap function https://bugzilla.redhat.com/show_bug.cgi?id=1869139 [ 2 ] Bug #1887276 - CVE-2020-25712 xorg-x11-server: XkbSetDeviceInfo Heap-based Buffer Overflow Privilege Escalation Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1887276 --------------------------------------------------------------------------------
================================================================================ xorgxrdp-0.2.14-4.fc33 (FEDORA-2020-48c18343fa) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information:
Rebuild against Xorg 1.20.10. -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 3 2020 Bojan Smojver bojan@rexursive.com - 0.2.14-4 - Rebuild against xorg-x11-server 1.20.10 --------------------------------------------------------------------------------
================================================================================ youtube-dl-2020.12.02-1.fc33 (FEDORA-2020-f8ccf74305) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information:
Update to version 2020.12.02 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 2 2020 David Schw��rer davidsch@fedoraproject.org - 2020.12.02-1 - Update to 2020.12.02 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1903298 - youtube-dl-2020.12.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=1903298 --------------------------------------------------------------------------------