-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fcd5fd47bd 2020-09-13 14:17:24.303303 --------------------------------------------------------------------------------
Name : qutebrowser Product : Fedora 31 Version : 1.11.1 Release : 1.fc31 URL : http://www.qutebrowser.org Summary : A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine Description : qutebrowser is a keyboard-focused browser with a minimal GUI. It���s based on Python, PyQt5 and QtWebEngine and free software, licensed under the GPL. It was inspired by other browsers/addons like dwb and Vimperator/Pentadactyl.
-------------------------------------------------------------------------------- Update Information:
Addresses CVE-2020-11054: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false which is not recommended), this could still provide a false sense of security. This is now fixed. -------------------------------------------------------------------------------- ChangeLog:
* Sat May 23 2020 Timoth��e Floure fnux@fedoraproject.org - 1.11.1-1 - New upstream release (addresses CVE-2020-11054) * Fri May 1 2020 Timoth��e Floure fnux@fedoraproject.org - 1.11.0-1 - New upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1825405 - qutebrowser-1.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825405 [ 2 ] Bug #1835335 - CVE-2020-11054 qutebrowser: Improper handling of certificates while visiting pages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1835335 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fcd5fd47bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------