September 2020 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 31 Update: dovecot-2.3.11.3-4.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-cd8b8f887b 2020-09-03 16:25:10.755647 -------------------------------------------------------------------------------- Name : dovecot Product : Fedora 31 Version : 2.3.11.3 Release : 4.fc31 URL : http://www.dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. -------------------------------------------------------------------------------- Update Information: CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 26 2020 Michal Hlavinka <mhlavink(a)redhat.com> - 1:2.3.11.3-4 - fix FTBFS on 32bit systems * Mon Aug 17 2020 Jeff Law <law(a)redhat.com> - 1:2.3.11.3-2 - Disable LTO * Sat Aug 15 2020 Michal Hlavinka <mhlavink(a)redhat.com> - 1:2.3.11.3-1 - CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. - CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. - CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.3.10.1-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.3.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1868539 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868539 [ 2 ] Bug #1868540 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868540 [ 3 ] Bug #1868541 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868541 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-cd8b8f887b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: singularity-3.6.2-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-d4b40b1a1b 2020-09-03 16:25:10.755637 -------------------------------------------------------------------------------- Name : singularity Product : Fedora 31 Version : 3.6.2 Release : 1.fc31 URL : https://www.sylabs.io/singularity/ Summary : Application and environment virtualization Description : Singularity provides functionality to make portable containers that can be used across host environments. -------------------------------------------------------------------------------- Update Information: Upgrade to upstream 3.6.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 26 2020 Dave Dykstra <dwd(a)fedoraproject.org> - 3.6.2-1 - Upgrade to upstream 3.6.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1872838 - singularity-3.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1872838 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d4b40b1a1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: containernetworking-plugins-0.8.7-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-a0300e3588 2020-09-03 16:25:10.755627 -------------------------------------------------------------------------------- Name : containernetworking-plugins Product : Fedora 31 Version : 0.8.7 Release : 1.fc31 URL : https://github.com/containernetworking/plugins Summary : Libraries for writing CNI plugin Description : The CNI (Container Network Interface) project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. -------------------------------------------------------------------------------- Update Information: Autobuilt v0.8.7 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 26 2020 RH Container Bot <rhcontainerbot(a)fedoraproject.org> - 0.8.7-1 - autobuilt v0.8.7 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-a0300e3588' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: video-downloader-0.4.1-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-79f326f2cb 2020-09-03 16:25:10.755618 -------------------------------------------------------------------------------- Name : video-downloader Product : Fedora 31 Version : 0.4.1 Release : 1.fc31 URL : https://github.com/Unrud/video-downloader Summary : Download videos from websites like YouTube and many others Description : Download videos from websites with an easy-to-use interface. Provides the following features: - Convert videos to MP3 - Supports password-protected and private videos - Download single videos or whole playlists - Automatically selects a video format based on your preferred resolution Based on youtube-dl. -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 26 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.4.1-1 - Update to 0.4.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-79f326f2cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: klavaro-3.11-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-c34b21e1fb 2020-09-03 16:25:10.755608 -------------------------------------------------------------------------------- Name : klavaro Product : Fedora 31 Version : 3.11 Release : 1.fc31 URL : http://klavaro.sourceforge.net/en/ Summary : Typing tutor Description : Klavaro is a touch typing tutor that is very flexible and supports customizable keyboard layouts. Users can edit and save new or unknown keyboard layouts, as the basic course provided by the program was designed to not depend on specific layouts. -------------------------------------------------------------------------------- Update Information: Update to 3.11. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 20 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.11-1 - Update to 3.11 * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c34b21e1fb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: metamath-0.188-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-0e5f96bfa4 2020-09-03 16:25:10.755599 -------------------------------------------------------------------------------- Name : metamath Product : Fedora 31 Version : 0.188 Release : 1.fc31 URL : http://us.metamath.org/ Summary : Construct mathematics from basic axioms Description : Metamath is a tiny language that can express theorems in abstract mathematics, accompanied by proofs that can be verified by a computer program. Metamath lets you see mathematics developed in complete detail from first principles, with absolute rigor. -------------------------------------------------------------------------------- Update Information: Changes in version 0.188: - Add CONCLUSION FACT INTRODUCTION PARAGRAPH SCOLIA SCOLION SUBSECTION TABLE to [bib] keywords - Update iset.mm to 19-Aug-2020 version - Update set.mm to 22-Aug-2020 version -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 24 2020 Jerry James <loganjerry(a)gmail.com> - 0.188-1 - Version 0.188 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1872025 - metamath-0.188 is available https://bugzilla.redhat.com/show_bug.cgi?id=1872025 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0e5f96bfa4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: golang-github-ubccr-kerby-0-0.1.20200826git201a958.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-03ad94fc0d 2020-09-03 16:25:10.755589 -------------------------------------------------------------------------------- Name : golang-github-ubccr-kerby Product : Fedora 31 Version : 0 Release : 0.1.20200826git201a958.fc31 URL : https://github.com/ubccr/kerby Summary : Go wrapper for Kerberos GSSAPI Description : Go wrapper for Kerberos GSSAPI. -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-03ad94fc0d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: exiv2-0.27.3-3.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-d0feaf0804 2020-09-03 16:25:10.755579 -------------------------------------------------------------------------------- Name : exiv2 Product : Fedora 31 Version : 0.27.3 Release : 3.fc31 URL : http://www.exiv2.org/ Summary : Exif and Iptc metadata manipulation library Description : A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments -------------------------------------------------------------------------------- Update Information: Update to latest upstream bugfix release -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.3-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 30 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 0.27.3-1 - 0.27.3 * Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1869021 - New version of exiv2 0.27.3 missing in current version Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1869021 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d0feaf0804' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: wofi-1.2.1-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-bcf80c4f26 2020-09-03 16:25:10.755569 -------------------------------------------------------------------------------- Name : wofi Product : Fedora 31 Version : 1.2.1 Release : 1.fc31 URL : https://hg.sr.ht/~scoopta/wofi Summary : Wofi is a launcher/menu program for wlroots based wayland compositors such as sway Description : Wofi is a launcher/menu program for wlroots based wayland compositors such as sway. -------------------------------------------------------------------------------- Update Information: Update to version 1.2.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 23 2020 Stefano Figura <stefano(a)figura.im> - 1.2.1-1 - Update to version 1.2.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-bcf80c4f26' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

Fedora 31 Update: trustedqsl-2.5.4-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-e41df58bfb 2020-09-03 16:25:10.755559 -------------------------------------------------------------------------------- Name : trustedqsl Product : Fedora 31 Version : 2.5.4 Release : 1.fc31 URL : http://sourceforge.net/projects/trustedqsl/ Summary : Tool for digitally signing Amateur Radio QSO records Description : The TrustedQSL applications are used for generating digitally signed QSO records (records of Amateur Radio contacts). This package contains the GUI applications tqslcert and tqsl. -------------------------------------------------------------------------------- Update Information: This version of Trusted QSL (TQSL) has new features as well as corrections for defects found since TQSL 2.5.3 was released. This release also includes an update to the most recent TQSL configuration file. Two serious defects in TQSL were corrected in this release. One related to long callsigns; LoTW has always limited callsigns to 13 characters, but TQSL did not properly enforce that, leading to erratic behavior when longer callsigns were used. LoTW and TQSL now both properly enforce a 20 character limit. The second issue related to operators with multiple callsign certificates with the same callsign for more than one DXCC entity. TQSL could choose the wrong callsign certificate, uploading QSOs signed for the incorrect entity. TQSL now properly selects the right callsign certificate. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 29 2020 Richard Shaw <hobbes1069(a)gmail.com> - 2.5.4-1 - Update to 2.5.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1821952 - trustedqsl-2.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1821952 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e41df58bfb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce September 2020