The following Fedora 32 Security updates need testing:
Age URL
48
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f643c272c libntlm-1.6-1.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b9c42f1b9
chromium-87.0.4280.88-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a31b01e945
openssl-1.1.1i-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1fb1785fa1
libmaxminddb-1.4.3-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-7ab62c73bc curl-7.69.1-7.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c6fa47ecd7
phpldapadmin-1.2.6.2-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-edcc40be4b
p11-kit-0.23.22-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e2d7a16ae9
mbedtls-2.16.9-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-daffd78c3d
pngcheck-2.4.0-5.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b9644a6038
thunderbird-78.6.0-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-df772b417b xen-4.13.2-5.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
168
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32
20
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e49210967b dnf-4.4.2-1.fc32
libdnf-0.55.0-3.fc32 microdnf-3.5.1-1.fc32
16
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e3cff2530e koji-1.23.0-2.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f53b68751 dnf-4.5.2-1.fc32
dnf-plugins-extras-4.0.13-1.fc32 libdnf-0.55.2-1.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0ff6da3db5
perl-Encode-3.08-458.fc32
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a70501de3d
redhat-rpm-config-151-1.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ea8b38d2cb pungi-4.2.7-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-7a59e08355 gdb-9.1-7.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1fb1785fa1
libmaxminddb-1.4.3-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-345d2fd2aa
iproute-5.9.0-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-7ab62c73bc curl-7.69.1-7.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a31b01e945
openssl-1.1.1i-1.fc32
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-557bf13b96
perl-libnet-3.12-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-edcc40be4b
p11-kit-0.23.22-1.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8c96ea7de3
enchant2-2.2.14-1.fc32 mingw-enchant2-2.2.14-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ccd211011 fwupd-1.5.4-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b9644a6038
thunderbird-78.6.0-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-da9438a4ae
webkit2gtk3-2.30.4-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6910afeec
libmodulemd-2.11.1-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e90b630415 pcre2-10.36-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b425e20781
nfs-utils-2.5.2-1.rc3.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d6d9358f65
kernel-5.9.15-100.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a649873794 audit-3.0-1.fc32
The following builds have been pushed to Fedora 32 updates-testing
adwaita-qt-1.2.0-1.fc32
ansible-2.9.16-1.fc32
cura-lulzbot-3.6.22-2.fc32
firefox-84.0-6.fc32
flatpak-module-tools-0.12.1-1.fc32
ibus-typing-booster-2.10.2-1.fc32
imv-4.2.0-1.fc32
knot-3.0.3-1.fc32
knot-resolver-5.2.1-1.fc32
mingw-binutils-2.32-8.fc32
notcurses-2.1.1-1.fc32
osinfo-db-20201218-1.fc32
perl-LWP-Protocol-https-6.10-1.fc32
python-lxml-4.4.1-5.fc32
python-rsa-3.4.2-16.fc32
qgnomeplatform-0.7.0-1.fc32
quilter-2.5.2-1.fc32
vim-8.2.2146-2.fc32
zstd-1.4.7-1.fc32
Details about builds:
================================================================================
adwaita-qt-1.2.0-1.fc32 (FEDORA-2020-ef45f9d161)
Adwaita theme for Qt-based applications
--------------------------------------------------------------------------------
Update Information:
QGnomePlatform 0.7.0 release and Adwaita-qt 1.2.0 release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 Jan Grulich <jgrulich(a)redhat.com> - 1.2.0-1
- 1.2.0
* Wed Sep 30 2020 Jan Grulich <jgrulich(a)redhat.com> - 1.1.90-1
- 1.1.90
* Fri Jul 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.3-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ansible-2.9.16-1.fc32 (FEDORA-2020-ebde846480)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.16 stable bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 15 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.16-1
- Update to 2.9.16.
--------------------------------------------------------------------------------
================================================================================
cura-lulzbot-3.6.22-2.fc32 (FEDORA-2020-cf1dae042f)
3D printer control software
--------------------------------------------------------------------------------
Update Information:
Fix compatibility with Python 3.9+
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1:3.6.22-2
- Fix compatibility with Python 3.9+
- Fixes: rhbz#1906612
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1906612 - crash on connect
https://bugzilla.redhat.com/show_bug.cgi?id=1906612
--------------------------------------------------------------------------------
================================================================================
firefox-84.0-6.fc32 (FEDORA-2020-0e26e95566)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Update to Firefox 84 - Built with system nss Please give karma to nss
packages which are needed for this update:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c489b93b18
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d04a8e97b3 ---- - New
upstream version (Firefox 84) - Enabled WebRender by default on Gnome Wayland
and
Gnome/X.org
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 Martin Stransky <stransky(a)redhat.com> - 84.0-6
- Disable PGO on Rawhide due to build issues
- Disable system nss on Rawhide due to rhbz#1908018
- Enabled system nss on Fedora 33/32
* Wed Dec 16 2020 Martin Stransky <stransky(a)redhat.com> - 84.0-5
- Build with tests enabled
* Wed Dec 16 2020 Martin Stransky <stransky(a)redhat.com> - 84.0-4
- Disabled LTO due to massive test failures
* Wed Dec 16 2020 Martin Stransky <stransky(a)redhat.com> - 84.0-3
- Updated to Firefox 84 Build 3
- Disabled system nss due to addon breakage (rhbz#1908018).
* Wed Dec 9 2020 Martin Stransky <stransky(a)redhat.com> - 83.0-15
- Enabled tests everywhere
- Enabled crash reporter
--------------------------------------------------------------------------------
================================================================================
flatpak-module-tools-0.12.1-1.fc32 (FEDORA-2020-ec0c8aabf8)
Tools for maintaining Flatpak applications and runtimes as Fedora modules
--------------------------------------------------------------------------------
Update Information:
This new version of flatpak-module-tools fixes a bug where when building a
Flatpak container (especially in OSBS) long filenames were incorrectly
processed, possibly resulting in build failures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Owen Taylor <otaylor(a)redhat.com> - 0.12.1-1
- Version 0.12.1 - fixes bug with long filenames
- Remove outdated patch
- Run tests in %check
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.10.2-1.fc32 (FEDORA-2020-a6c81cc332)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update to 2.10.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 Mike FABIAN <mfabian(a)redhat.com> - 2.10.2-1
- Update to 2.10.2
- Add vi-telex to the default input methods for vi_VN locale
- Enable Unicode 13.1 Emoji in emoji-picker by default
- Update emoji data to Unicode 13.1
- Translation update from Weblate for zh_CN
--------------------------------------------------------------------------------
================================================================================
imv-4.2.0-1.fc32 (FEDORA-2020-a22423f092)
Image viewer for X11 and Wayland
--------------------------------------------------------------------------------
Update Information:
Update to 4.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 4.2.0-1
- Update to 4.2.0
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat May 16 2020 Pete Walter <pwalter(a)fedoraproject.org> - 4.1.0-2
- Rebuild for ICU 67
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908939 - imv-4.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1908939
--------------------------------------------------------------------------------
================================================================================
knot-3.0.3-1.fc32 (FEDORA-2020-a03cc0a949)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.0.3-1
- Update to 3.0.3
--------------------------------------------------------------------------------
================================================================================
knot-resolver-5.2.1-1.fc32 (FEDORA-2020-0db28a67ac)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Update to upstream 5.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 5.2.1-1
- update to upstream version 5.2.1
--------------------------------------------------------------------------------
================================================================================
mingw-binutils-2.32-8.fc32 (FEDORA-2020-f903e139b1)
Cross-compiled version of binutils for Win32 and Win64 environments
--------------------------------------------------------------------------------
Update Information:
Backport patches for CVE-2020-16592 and CVE-2020-16598
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Sandro Mani <manisandro(a)gmail.com> - 2.32-8
- Backport patches for CVE-2020-16592, CVE-2020-16598
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1906758 - CVE-2020-16598 mingw-binutils: binutils: Null Pointer Dereference
in debug_get_real_type could result in DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1906758
[ 2 ] Bug #1906779 - CVE-2020-16592 mingw-binutils: binutils: use-after-free in
bfd_hash_lookup could result in DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1906779
--------------------------------------------------------------------------------
================================================================================
notcurses-2.1.1-1.fc32 (FEDORA-2020-d25ac1e760)
Character graphics and TUI library
--------------------------------------------------------------------------------
Update Information:
new upstream 2.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 16 2020 Nick Black <dankamongmen(a)gmail.com> - 2.1.1-1
- New upstream version, progress bar widget
* Sun Dec 13 2020 Nick Black <dankamongmen(a)gmail.com> - 2.1.0-1
- New upstream version, fixes resize cascade
--------------------------------------------------------------------------------
================================================================================
osinfo-db-20201218-1.fc32 (FEDORA-2020-e7a8b3931d)
osinfo database files
--------------------------------------------------------------------------------
Update Information:
Update to new release (v20201218)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Fabiano Fid��ncio <fidencio(a)redhat.com> - 20201218-1
- Update to new release (v20201218)
--------------------------------------------------------------------------------
================================================================================
perl-LWP-Protocol-https-6.10-1.fc32 (FEDORA-2020-6296f09d90)
Provide HTTPS support for LWP::UserAgent
--------------------------------------------------------------------------------
Update Information:
This release corrects a test. It also updates metadata.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Petr Pisar <ppisar(a)redhat.com> - 6.10-1
- 6.10 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908799 - perl-LWP-Protocol-https-6.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1908799
--------------------------------------------------------------------------------
================================================================================
python-lxml-4.4.1-5.fc32 (FEDORA-2020-307946cfb6)
XML processing library combining libxml2/libxslt with the ElementTree API
--------------------------------------------------------------------------------
Update Information:
This update fixes mXSS security vulnerability due to the use of improper parser
(CVE-2020-27783)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 4.4.1-5
- Fix mXSS vulnerability due to the use of improper parser
- Resolves: CVE-2020-27783
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1901633 - CVE-2020-27783 python-lxml: mXSS due to the use of improper parser
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
--------------------------------------------------------------------------------
================================================================================
python-rsa-3.4.2-16.fc32 (FEDORA-2020-34094699cc)
Pure-Python RSA implementation
--------------------------------------------------------------------------------
Update Information:
Apply cve-2020-13757 patch.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Jason Montleon <jmontleo(a)redhat.com> - 3.4.2-16
- Apply Backport patch to fix CVE-2020-13757
--------------------------------------------------------------------------------
================================================================================
qgnomeplatform-0.7.0-1.fc32 (FEDORA-2020-ef45f9d161)
Qt Platform Theme aimed to accommodate Gnome settings
--------------------------------------------------------------------------------
Update Information:
QGnomePlatform 0.7.0 release and Adwaita-qt 1.2.0 release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 Jan Grulich <jgrulich(a)redhat.com> - 0.7.0-1
- 0.7.0
* Fri Nov 27 2020 Jan Grulich <jgrulich(a)redhat.com> - 0.6.90-3
- rebuild (qt5) for eln
* Mon Nov 23 2020 Jan Grulich <jgrulich(a)redhat.com> - 0.6.90-2
- rebuild (qt5)
* Wed Sep 30 2020 Jan Grulich <jgrulich(a)redhat.com> - 0.6.90-1
- 0.6.90
* Fri Sep 11 2020 Jan Grulich <jgrulich(a)redhat.com> - 0.6.1-3
- rebuild (qt5)
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
quilter-2.5.2-1.fc32 (FEDORA-2020-869ed188e8)
Focus on your writing
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.5.2-1
- build(update): 2.5.2
--------------------------------------------------------------------------------
================================================================================
vim-8.2.2146-2.fc32 (FEDORA-2020-971fd35017)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
install vim-minimal profiles under different name to avoid future conflicts
remove old conflicts
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2146-2
- install vim-minimal profiles under different name to avoid future conflicts
- remove old conflicts
* Wed Dec 16 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2146-1
- patchlevel 2146
* Wed Dec 16 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2143-2
- make profile files as ghosts to prevent further conflicts
- remove ownership of /etc/profile.d - rpmlinter reports it as an error
- remove interactive prompt from profile scripts
* Mon Dec 14 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2143-1
- patchlevel 2143
* Mon Dec 14 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2115-2
- 1907335 - installing vim no longer works, due to package conflicts with vim-minimal
* Wed Dec 9 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2115-1
- patchlevel 2115
* Wed Dec 9 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2108-2
- 1902772 - "vim" from vim-minimal defunct on zsh
* Tue Dec 8 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2108-1
- patchlevel 2108
* Fri Dec 4 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2086-1
- patchlevel 2086
* Tue Dec 1 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:8.2.2072-1
- patchlevel 2072
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1902772 - "vim" from vim-minimal defunct on zsh
https://bugzilla.redhat.com/show_bug.cgi?id=1902772
[ 2 ] Bug #1905402 - Updates to vim have broken vim-X11 theme handling
https://bugzilla.redhat.com/show_bug.cgi?id=1905402
[ 3 ] Bug #1907335 - installing vim no longer works, due to package conflicts with
vim-minimal
https://bugzilla.redhat.com/show_bug.cgi?id=1907335
[ 4 ] Bug #1907800 - installing 'vim' doesn't shut down the "No vim
found, using vi, ..." message
https://bugzilla.redhat.com/show_bug.cgi?id=1907800
--------------------------------------------------------------------------------
================================================================================
zstd-1.4.7-1.fc32 (FEDORA-2020-0896207697)
Zstd compression library
--------------------------------------------------------------------------------
Update Information:
Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 17 2020 P��draig Brady <P(a)draigBrady.com> - 1.4.7-1
- Latest upstream
* Wed Aug 26 2020 Jeff Law <law(a)redhat.com> - 1.4.5-6
- Do not force C++11 mode
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1908759 - zstd-1.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1908759
--------------------------------------------------------------------------------