--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-fcd5fd47bd
2020-09-13 14:17:24.303303
--------------------------------------------------------------------------------
Name : qutebrowser
Product : Fedora 31
Version : 1.11.1
Release : 1.fc31
URL :
http://www.qutebrowser.org
Summary : A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine
Description :
qutebrowser is a keyboard-focused browser with a minimal GUI. It���s based on
Python, PyQt5 and QtWebEngine and free software, licensed under the GPL.
It was inspired by other browsers/addons like dwb and Vimperator/Pentadactyl.
--------------------------------------------------------------------------------
Update Information:
Addresses CVE-2020-11054: After a certificate error was overridden by the user,
qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However,
when the affected website was subsequently loaded again, the URL was mistakenly
displayed as green (colors.statusbar.url.success_https). While the user already
has seen a certificate error prompt at this point (or set content.ssl_strict to
false which is not recommended), this could still provide a false sense of
security. This is now fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 23 2020 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.11.1-1
- New upstream release (addresses CVE-2020-11054)
* Fri May 1 2020 Timoth��e Floure <fnux(a)fedoraproject.org> - 1.11.0-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1825405 - qutebrowser-1.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825405
[ 2 ] Bug #1835335 - CVE-2020-11054 qutebrowser: Improper handling of certificates while
visiting pages [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1835335
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-fcd5fd47bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------