March 2020 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 32 Update: glibc-2.31-2.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-444c372453 2020-03-31 00:15:07.171430 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 32 Version : 2.31 Release : 2.fc32 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update incorporates fixes from the upstream glibc 2.31 stable release branch, including 2 fixes for medium severity security vulnerabilities. (CVE-2020-10029, CVE-2020-1752) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2020 Patsy Griffin <patsy(a)redhat.com> - 2.31-2 - Auto-sync with upstream branch release/2.31/master, commit ab029a2801d4ddfeade8f64a6e46ee7e47fde710. - Fix use-after-free in glob when expanding ~user (bug 25414) - Update syscall lists for Linux 5.5. - NEWS: update list of bugs fixed on the 2.31 branch - Add NEWS entry for CVE-2020-10029 (bug 25487) - math/test-sinl-pseudo: Use stack protector only if available - sparc: Move sigreturn stub to assembly - arm: Fix softp-fp Implies (BZ #25635) - linux/sysipc: Include linux/posix_types.h for __kernel_mode_t - linux: Clear mode_t padding bits (BZ#25623) - i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543) - Improve IFUNC check [BZ #25506] - Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). - malloc/tst-mallocfork2: Kill lingering process for unexpected failures - riscv: Avoid clobbering register parameters in syscall - microblaze: Avoid clobbering register parameters in syscall - mips: Fix argument passing for inlined syscalls on Linux [BZ #25523] - mips: Use 'long int' and 'long long int' in linux syscall code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1810671 - CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1810671 [ 2 ] Bug #1811586 - CVE-2020-1752 glibc: use-after-free in glob() function when expanding ~user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1811586 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-444c372453' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: fedora-easy-karma-0-0.43.20191206git56f1e97.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-05f8e750df 2020-03-31 00:15:07.171414 -------------------------------------------------------------------------------- Name : fedora-easy-karma Product : Fedora 32 Version : 0 Release : 0.43.20191206git56f1e97.fc32 URL : https://fedoraproject.org/wiki/Fedora_Easy_Karma Summary : Fedora update feedback made easy Description : Fedora-easy-karma helps you to easily and fast provide feedback for all testing updates that you have currently installed. -------------------------------------------------------------------------------- Update Information: - Proper Bodhi 4 Support - Legacy code cleanup (drop yum, py2 and old bodhi support) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2020 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 0-0.43.20191206git56f1e97 - Proper Bodhi 4 Support - Legacy code cleanup (drop yum, py2 and old bodhi support) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-05f8e750df' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

[SECURITY] Fedora 32 Update: gd-2.3.0-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-e795f92d79 2020-03-31 00:15:07.171396 -------------------------------------------------------------------------------- Name : gd Product : Fedora 32 Version : 2.3.0 Release : 1.fc32 URL : http://libgd.github.io/ Summary : A graphics library for quick creation of PNG or JPEG images Description : The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the formats accepted for inline images by most browsers. Note that gd is not a paint program. -------------------------------------------------------------------------------- Update Information: **Version 2.3.0** - 2020-03-22 **Security** - Potential double-free in gdImage*Ptr(). (CVE-2019-6978) - gdImageColorMatch() out of bounds write on heap. (CVE-2019-6977) - Uninitialized read in gdImageCreateFromXbm(). (CVE-2019-11038) - Double-free in gdImageBmp. (CVE-2018-1000222) - Potential NULL pointer dereference in gdImageClone(). (CVE-2018-14553) - Potential infinite loop in gdImageCreateFromGifCtx(). (CVE-2018-5711) **Fixed** * Fix #597: add codecov support - Fix #596: gdTransformAffineCopy run error - Fix #589: Install dependencies move to .travis.yml - Fix #586: gdTransformAffineCopy() segfaults on palette images - Fix #585: gdTransformAffineCopy() changes interpolation method - Fix #584: gdImageSetInterpolationMethod(im, GD_DEFAULT) inconsistent - Fix #583: gdTransformAffineCopy() may use unitialized values - Fix #533: Remove cmake modules - Fix #539: Add RAQM support for cmake - Fix #499: gdImageGifAnimAddPtr: heap corruption with 2 identical images - Fix #486: gdImageCropAuto(��, GD_CROP_SIDES) crops left but not right - Fix #485: auto cropping has insufficient precision - Fix #479: Provide a suitable malloc function to liq - Fix #474: libtiff link returns 404 HTTP code - Fix #450: Failed to open 1 bit per pixel bitmap - Fix #440: new_width & new_height exception handling - Fix #432: gdImageCrop neglecting transparency - Fix #420: Potential infinite loop in gdImageCreateFromGifCtx - Fix #411: gd_gd.c format documentation appears to be incorrect - Fix #369: Fix new_a init error in gdImageConvolution() - Fix #351: gdImageFilledArc() doesn't properly draw pies - Fix #338: Fatal and normal libjpeg/libpng errors not distinguishable - Fix #169: Update var type to hold bigger w&h for ellipse - Fix #164: update doc files install directory in CMakeLists.txt - Correct some test depend errors - Update cmake min version to 3.7 - Delete libimagequant source code download action in CMakeLists.txt - Improve msys support - Fix some logic error in CMakeLists.txt - Remove the following macro: HAVE_STDLIB_H, HAVE_STRING_H, HAVE_STDDEF_H, HAVE_LIMITS_H, HAVE_ERRNO_H, AC_C_CONST ----- **Notice:** * fix for CVE-2018-5711, CVE-2018-1000222, CVE-2019-6977, CVE-2019-6978, and CVE-2018-14553 were already applied in previous packages. * gdlib-config command have been dropped -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2020 Remi Collet <remi(a)remirepo.net> - 2.3.0-1 - update to 2.3.0 - add dependency on libraqm - remove gdlib-config -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e795f92d79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: nohang-0.1-25.20200323gitdaca5cc.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-f133b1d4ce 2020-03-31 00:15:07.171379 -------------------------------------------------------------------------------- Name : nohang Product : Fedora 32 Version : 0.1 Release : 25.20200323gitdaca5cc.fc32 URL : https://github.com/hakavlad/nohang Summary : Highly configurable OOM prevention daemon Description : Nohang is a highly configurable daemon for Linux which is able to correctly prevent out of memory (OOM) and keep system responsiveness in low memory conditions. To enable and start: systemctl enable --now nohang -------------------------------------------------------------------------------- Update Information: Update to latest version ---- Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.1-25.20200323gitdaca5cc - Update to latest git snapshot * Tue Mar 17 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.1-24.20200317gitc70b824 - Update to latest git snapshot -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-f133b1d4ce' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: python-micawber-0.5.1-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-addf51776c 2020-03-31 00:15:07.171362 -------------------------------------------------------------------------------- Name : python-micawber Product : Fedora 32 Version : 0.5.1 Release : 1.fc32 URL : http://github.com/coleifer/micawber/ Summary : a small library for extracting rich content from urls Description : A small library for extracting rich content from urls. what does it do? -micawber supplies a few methods for retrieving rich metadata about a variety of links, such as links to youtube videos. micawber also provides functions for parsing blocks of text and html and replacing links to videos with rich embedded --here is a quick example:.. code-block:: python import micawber load up rules for... -------------------------------------------------------------------------------- Update Information: Update to the latest stable release. This update is minor and bug fix driven: * Fix doc index page; * Updated twitter oembed provider; * Ensure "<" and ">" in URL text are converted back to entities; * Additional test to improve coverage. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 0.5.1-1 - Update to 0.5.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1761109 - python-micawber-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1761109 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-addf51776c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: rpy-3.2.7-2.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-793d9f3cff 2020-03-31 00:15:07.171345 -------------------------------------------------------------------------------- Name : rpy Product : Fedora 32 Version : 3.2.7 Release : 2.fc32 URL : https://pypi.python.org/pypi/rpy2 Summary : Python interface to the R language Description : RPy provides a robust Python interface to the R programming language. It can manage all kinds of R objects and can execute arbitrary R functions. All the errors from the R language are converted to Python exceptions. -------------------------------------------------------------------------------- Update Information: Update to the latest stable release. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 3.2.7-2 - place BuildRequires in canonical form - remove Requires since they are automatically provided * Sun Mar 22 2020 Jos�� Matos <jamatos(a)fedoraproject.org> - 3.2.7-1 - update to 3.2.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1815916 - rpy-3.2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1815916 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-793d9f3cff' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: pseudo-1.9.0-10.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-29efd5f9a3 2020-03-31 00:15:07.171329 -------------------------------------------------------------------------------- Name : pseudo Product : Fedora 32 Version : 1.9.0 Release : 10.fc32 URL : https://www.yoctoproject.org/software-item/pseudo/ Summary : Advanced tool for simulating superuser privileges Description : The pseudo utility offers a way to run commands in a virtualized "root" environment, allowing ordinary users to run commands which give the illusion of creating device nodes, changing file ownership, and otherwise doing things necessary for creating distribution packages or filesystems. Pseudo has a lot of similarities to fakeroot but is a new implementation that improves on the problems seen using fakeroot. Pseudo is now extensively used by Poky as a replacement to fakeroot but can also be used standalone in many other use cases. -------------------------------------------------------------------------------- Update Information: Fix FTBFS. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2020 Dominik Mierzejewski <dominik(a)greysector.net> 1.9.0-10 - fix build with GCC-10 * Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1799899 - pseudo: FTBFS in Fedora rawhide/f32 https://bugzilla.redhat.com/show_bug.cgi?id=1799899 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-29efd5f9a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

[SECURITY] Fedora 32 Update: okular-19.12.3-2.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-dcde488e68 2020-03-31 00:15:07.171312 -------------------------------------------------------------------------------- Name : okular Product : Fedora 32 Version : 19.12.3 Release : 2.fc32 URL : https://www.kde.org/applications/graphics/okular/ Summary : A document viewer Description : A document viewer. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2020-9359 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.3-2 - Security fix for CVE-2020-9359 (#1815651,1815652) * Fri Mar 6 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.3-1 - 19.12.3 * Tue Feb 4 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 19.12.2-1 - 19.12.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1815651 - CVE-2020-9359 okular: local binary execution via specially crafted PDF files https://bugzilla.redhat.com/show_bug.cgi?id=1815651 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-dcde488e68' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: ocaml-zmq-5.1.3-1.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-0a941541db 2020-03-31 00:15:07.171267 -------------------------------------------------------------------------------- Name : ocaml-zmq Product : Fedora 32 Version : 5.1.3 Release : 1.fc32 URL : https://github.com/issuu/ocaml-zmq Summary : ZeroMQ bindings for OCaml Description : This library contains basic OCaml bindings for ZeroMQ. -------------------------------------------------------------------------------- Update Information: This library contains basic OCaml bindings for ZeroMQ. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1801423 - Review Request: ocaml-zmq - ZeroMQ bindings for OCaml https://bugzilla.redhat.com/show_bug.cgi?id=1801423 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0a941541db' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

Fedora 32 Update: python-pytest-django-3.8.0-3.fc32

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-9750149e79 2020-03-31 00:15:07.171251 -------------------------------------------------------------------------------- Name : python-pytest-django Product : Fedora 32 Version : 3.8.0 Release : 3.fc32 URL : https://pytest-django.readthedocs.io/ Summary : A Django plugin for pytest Description : pytest-django allows you to test your Django project/applications with the pytest testing tool. -------------------------------------------------------------------------------- Update Information: Disable tests -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 21 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.8.0-3 - Disable tests * Sat Feb 1 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.8.0-2 - Bump release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1786920 - None https://bugzilla.redhat.com/show_bug.cgi?id=1786920 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9750149e79' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

4 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce March 2020