-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-096fbcc91f 2020-04-09 17:43:21.961561 --------------------------------------------------------------------------------
Name : pacman Product : Fedora 30 Version : 5.2.1 Release : 2.fc30 URL : https://www.archlinux.org/pacman Summary : Package manager for the Arch distribution Description : Pacman is the package manager used by the Arch distribution. It can be used to install Arch into a container or to recover an Arch installation from a Fedora system (see arch-install-scripts package for instructions).
Pacman is a frontend for the ALPM (Arch Linux Package Management) library Pacman does not strive to "do everything." It will add, remove and upgrade packages in the system, and it will allow you to query the package database for installed packages, files and owners. It also attempts to handle dependencies automatically and can download packages from a remote server. Arch packages are simple archives, with .pkg.tar.gz extension for binary packages and .src.tar.gz for source packages.
-------------------------------------------------------------------------------- Update Information:
Update to latest version. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 1 2020 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 5.2.1-2 - Remove makepkg bash completion script to fix file conflict * Tue Mar 31 2020 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 5.2.1-1 - Update to latest upstream version (#1582967) - Fix arbitrary command injection in download URLs (#1809299, #1809301) * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 5.0.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 5.0.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1582967 - pacman-5.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1582967 [ 2 ] Bug #1809299 - CVE-2019-18182 pacman: allows arbitrary command injection in conf.c in download_with_xfercommand function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1809299 [ 3 ] Bug #1809301 - CVE-2019-18183 pacman: allows arbitrary command injection in lib/libalpm/sync.c in apply_deltas function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1809301 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-096fbcc91f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org