The following Fedora 32 Security updates need testing:
Age URL
65
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f643c272c libntlm-1.6-1.fc32
18
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
17
https://bodhi.fedoraproject.org/updates/FEDORA-2020-307946cfb6
python-lxml-4.4.1-5.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-117f1b67fb
rubygem-em-http-request-1.1.7-1.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-28c78a6ac3
mingw-binutils-2.32-9.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1aa0e030c awstats-7.8-2.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-cbc0754798 dia-0.97.3-16.fc32
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ccb8a9c403
golang-github-containernetworking-plugins-0.9.0-1.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
185
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32
37
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e49210967b dnf-4.4.2-1.fc32
libdnf-0.55.0-3.fc32 microdnf-3.5.1-1.fc32
33
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e3cff2530e koji-1.23.0-2.fc32
30
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f53b68751 dnf-4.5.2-1.fc32
dnf-plugins-extras-4.0.13-1.fc32 libdnf-0.55.2-1.fc32
25
https://bodhi.fedoraproject.org/updates/FEDORA-2020-345d2fd2aa
iproute-5.9.0-1.fc32
18
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6910afeec
libmodulemd-2.11.1-1.fc32
18
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-88275b3477
procps-ng-3.3.16-2.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d96c86b050 ndctl-71.1-1.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d4c4f04447
ethtool-5.10-1.fc32
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-29fcb2cec6
tracker-2.3.6-2.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-66d135ac1f
python3-3.8.7-1.fc32 python3-docs-3.8.7-1.fc32
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-726021f11f
libburn-1.5.2-4.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-43e9e3abbe
tzdata-2020f-1.fc32
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-50c22ae8fd
lua-socket-3.0-0.27.rc1.fc32
The following builds have been pushed to Fedora 32 updates-testing
ax25-apps-2.0.0-3.fc32
clementine-1.4.0-7.rc1.20210104git479f1d4.fc32
ddccontrol-db-20201221-1.fc32
distcc-3.3.5-1.fc32
ibus-table-1.12.2-1.fc32
intel-cmt-cat-4.1.0-1.fc32
libcerf-1.14-1.fc32
libtiff-4.1.0-3.fc32
lyx-2.3.6.1-1.fc32
mhonarc-2.6.24-2.fc32
notcurses-2.1.4-1.fc32
oath-toolkit-2.6.5-1.fc32
perl-DateTime-TimeZone-2.46-1.fc32
perl-ExtUtils-HasCompiler-0.023-1.fc32
perl-libnet-3.13-1.fc32
roundcubemail-1.4.10-1.fc32
switcheroo-control-2.4-1.fc32
sympa-6.2.60-1.fc32
terminator-2.1.0-1.fc32
tmux-3.1c-1.fc32
urh-2.9.1-1.fc32
Details about builds:
================================================================================
ax25-apps-2.0.0-3.fc32 (FEDORA-2021-a71828fd4f)
AX.25 ham radio applications
--------------------------------------------------------------------------------
Update Information:
Re-rename generic binaries.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Richard Shaw <hobbes1069(a)gmail.com> - 2.0.0-3
- Reinstate patch to rename binaries to something less generic.
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Mar 2 2020 Richard Shaw <hobbes1069(a)gmail.com> - 2.0.0-1
- Upgrade to 2.0.0.
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.5-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1912405 - /usr/bin/listen ownership conflict between "ax25-apps"
and "rubygem-listen" packages
https://bugzilla.redhat.com/show_bug.cgi?id=1912405
--------------------------------------------------------------------------------
================================================================================
clementine-1.4.0-7.rc1.20210104git479f1d4.fc32 (FEDORA-2021-52bd3f38ae)
A music player and library organizer
--------------------------------------------------------------------------------
Update Information:
Bump to commit 479f1d4de94477dd37ec555edfa00366c088fb83
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 David Guillen Fandos <david(a)davidgf.net> -
1.4.0-7.rc1.20210104git479f1d4
- Bump to commit 479f1d4de94477dd37ec555edfa00366c088fb83
- Fix: #1911958
* Wed Dec 30 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> -
1.4.0-6.rc1.20201216gitccba649
- Rebuilt for new cryptopp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911958 - Clementine hangs when using internet streaming protocols
https://bugzilla.redhat.com/show_bug.cgi?id=1911958
--------------------------------------------------------------------------------
================================================================================
ddccontrol-db-20201221-1.fc32 (FEDORA-2021-9c41734f41)
DDC/CI control database for ddccontrol
--------------------------------------------------------------------------------
Update Information:
This is new version of ddccontrol-db.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 20201221-1
- New version
Resolves: rhbz#1909641
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
20190825-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1909641 - ddccontrol-db-20201221 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1909641
--------------------------------------------------------------------------------
================================================================================
distcc-3.3.5-1.fc32 (FEDORA-2021-8bf98eaad6)
Distributed C/C++ compilation
--------------------------------------------------------------------------------
Update Information:
3.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Gwyn Ciesla <gwync(a)protonmail.com> - 3.3.5-1
- 3.3.5
* Mon Nov 23 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 3.3.3-10
- Spec cleanup, fix FTBFS.
* Wed Sep 16 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 3.3.3-9
- Use gtk, not gnome, for monitor.
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.3-8
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.3-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 3.3.3-6
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1896772 - distcc fails to build: collect2: fatal error: libsystemd.so.0:
error adding symbols: DSO missing from command line
https://bugzilla.redhat.com/show_bug.cgi?id=1896772
--------------------------------------------------------------------------------
================================================================================
ibus-table-1.12.2-1.fc32 (FEDORA-2021-8521d5c5a4)
The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Mike FABIAN <mfabian(a)redhat.com> - 1.12.2-1
- Update to 1.12.2
- Update translations from Weblate
(updated ca, cs, es, fa, ja, pt_BR, pt_PT, tr, zh_CN, zh_HK, zh_TW)
--------------------------------------------------------------------------------
================================================================================
intel-cmt-cat-4.1.0-1.fc32 (FEDORA-2021-442c4a4bcd)
Provides command line interface to CMT, MBM, CAT, CDP and MBA technologies
--------------------------------------------------------------------------------
Update Information:
Summary: AppQoS: - Added OS interface support - Added MBA CTRL support
PQoS: - Added option to display PQoS tool version General: - Bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 18 2020 Khawar Abbasi <khawar.abbasi(a)intel.com> - 4.1.0-1
- New release 4.1.0
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libcerf-1.14-1.fc32 (FEDORA-2021-1cfa04a448)
A library that provides complex error functions
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release. The main change is the simplification of
the tests.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jos�� Matos <jamatos(a)fedoraproject.org> - 1.14-1
- update to 1.14 (version 2.0 has been withdrawn) so this is the latest
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
- Fix cmake changes
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1861388 - libcerf-1.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1861388
--------------------------------------------------------------------------------
================================================================================
libtiff-4.1.0-3.fc32 (FEDORA-2021-f36298d6e0)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
Built with support for ZSTD and WEBP.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Nikola Forr�� <nforro(a)redhat.com> - 4.1.0-3
- Build with ZSTD and WEBP support (#1911969)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911969 - ZSTD compression support is missing in libtiff
https://bugzilla.redhat.com/show_bug.cgi?id=1911969
--------------------------------------------------------------------------------
================================================================================
lyx-2.3.6.1-1.fc32 (FEDORA-2021-99564f5b94)
WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release. This is a micro update that mainly re-
enables input of non-LyX files (e.g., tex, pgf).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jos�� Matos <jamatos(a)fedoraproject.org> - 2.3.6.1-1
- update to 2.3.6.1
- replace patch to configure.py with sed script
- update the minimal set of latex packages required (rhbz #1827988)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1827988 - LyX missing dependency results in "LaTeX Error: File
`esint.sty' not found" error
https://bugzilla.redhat.com/show_bug.cgi?id=1827988
[ 2 ] Bug #1912153 - lyx-2.3.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1912153
--------------------------------------------------------------------------------
================================================================================
mhonarc-2.6.24-2.fc32 (FEDORA-2021-8d1d41859f)
Perl mail-to-HTML converter
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.24
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 14 2020 Xavier Bachelot <xavier(a)bachelot.org> - 2.6.24-2
- Better URL: and Source0:
* Tue Dec 1 2020 Xavier Bachelot <xavier(a)bachelot.org> - 2.6.24-1
- Update to 2.6.24 (RHBZ#1901625)
- Specfile cleanup
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.19-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.6.19-19
- Perl 5.32 rebuild
--------------------------------------------------------------------------------
================================================================================
notcurses-2.1.4-1.fc32 (FEDORA-2021-bf6328f001)
Character graphics and TUI library
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.1.4. Fixes direct mode image rendering and background changes.
Fixes cell lookup in the presence of Unicode 13. ---- new upstream
2.1.1->2.1.3 ---- New upstream 2.1.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 3 2021 Nick Black <dankamongmen(a)gmail.com> - 2.1.4-1
- New upstream version
* Thu Dec 31 2020 Nick Black <dankamongmen(a)gmail.com> - 2.1.3-1
- New upstream version, fixes crash in notcurses-demo
* Sat Dec 26 2020 Nick Black <dankamongmen(a)gmail.com> - 2.1.2-1
- New upstream version, sexblitter by default on some terms
--------------------------------------------------------------------------------
================================================================================
oath-toolkit-2.6.5-1.fc32 (FEDORA-2021-43f61318a0)
One-time password components
--------------------------------------------------------------------------------
Update Information:
This is new version of oath-toolkit.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.6.5-1
- New version
Resolves: rhbz#1911419
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911419 - oath-toolkit-2.6.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1911419
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.46-1.fc32 (FEDORA-2021-e2d3150bdc)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
This release is based on version 2020e of the Olson database. This release
includes contemporary changes for Russia (Volograd).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.46-1
- 2.46 bump (2020e Olson database)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1910204 - perl-DateTime-TimeZone-2.46 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1910204
--------------------------------------------------------------------------------
================================================================================
perl-ExtUtils-HasCompiler-0.023-1.fc32 (FEDORA-2021-fee045fac8)
Check for the presence of a compiler
--------------------------------------------------------------------------------
Update Information:
Take into account new Apple include paths
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.023-1
- 0.023 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1910780 - perl-ExtUtils-HasCompiler-0.023 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1910780
--------------------------------------------------------------------------------
================================================================================
perl-libnet-3.13-1.fc32 (FEDORA-2021-6aba9c3436)
Perl clients for various network protocols
--------------------------------------------------------------------------------
Update Information:
Revert "Fix EINTR interruption in sysread for getline method."
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.13-1
- 3.13 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1910310 - perl-libnet-3.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1910310
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.4.10-1.fc32 (FEDORA-2021-2cb0643316)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
**RELEASE 1.4.10** - Fix extra angle brackets in In-Reply-To header derived
from mailto: params (#7655) - Fix folder list issue whan special folder is a
subfolder (#7647) - Fix Elastic's folder subscription toggle in search result
(#7653) - Fix state of subscription toggle on folders list after changing folder
state from the search result (#7653) - **Security**: Fix cross-site scripting
(XSS) via HTML or Plain text messages with malicious content
[**CVE-2020-35730**]
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Remi Collet <remi(a)remirepo.net> - 1.4.10-1
- update to 1.4.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911321 - CVE-2020-35730 roundcubemail: XSS via HTML or plain text messages
with malicious content
https://bugzilla.redhat.com/show_bug.cgi?id=1911321
--------------------------------------------------------------------------------
================================================================================
switcheroo-control-2.4-1.fc32 (FEDORA-2021-8907efd76e)
D-Bus service to check the availability of dual-GPU
--------------------------------------------------------------------------------
Update Information:
This release fixes the cleaned-up name of some video cards not being picked up,
as well as adding a test suite.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Bastien Nocera <bnocera(a)redhat.com> - 2.4-1
+ switcheroo-control-2.4-1
- Update to 2.4
--------------------------------------------------------------------------------
================================================================================
sympa-6.2.60-1.fc32 (FEDORA-2021-a5570c5281)
Powerful multilingual List Manager
--------------------------------------------------------------------------------
Update Information:
Update to 6.2.60 Fixes CVE-2020-29668
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Xavier Bachelot <xavier(a)bachelot.org> 6.2.60-1
- Update to 6.2.60
- Fixes CVE-2020-29668 (RHBZ#1906576)
* Sat Nov 7 2020 Xavier Bachelot <xavier(a)bachelot.org> 6.2.58-2
- Add BR: perl-Test-Net-LDAP
- Remove all of EL6 thus sysvinit support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1906577 - CVE-2020-29668 sympa: allows remote attackers to obtain full SOAP
API access via illegal cookie [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1906577
[ 2 ] Bug #1906578 - CVE-2020-29668 sympa: allows remote attackers to obtain full SOAP
API access via illegal cookie [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1906578
--------------------------------------------------------------------------------
================================================================================
terminator-2.1.0-1.fc32 (FEDORA-2021-c16b92b123)
Store and run multiple GNOME terminals in one window
--------------------------------------------------------------------------------
Update Information:
This update brings the new Terminator release 2.1.0 to a Fedora box near you.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Dominic Hopf <dmaphy(a)fedoraproject.org> - 2.1.0-1
- New upstream release: 2.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1897791 - Translations disappeared from terminator 2.0.1 package
https://bugzilla.redhat.com/show_bug.cgi?id=1897791
--------------------------------------------------------------------------------
================================================================================
tmux-3.1c-1.fc32 (FEDORA-2021-f5e3fa8910)
A terminal multiplexer
--------------------------------------------------------------------------------
Update Information:
- Update tmux to 3.1c
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Filipe Rosset <rosset.filipe(a)gmail.com> - 3.1c-1
- Update to 3.1c
* Wed Sep 16 2020 David Cantrell <dcantrell(a)redhat.com> - 3.1-3
- Rebuild for new libevent
* Fri Jul 17 2020 Andrew Spiers <andrew(a)andrewspiers.net> - 3.1-2
- Include upstream example config file
Resolves: rhbz#1741836
* Wed Apr 29 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 3.1-1
- Update to 3.1 fixes rhbz#1715313
--------------------------------------------------------------------------------
================================================================================
urh-2.9.1-1.fc32 (FEDORA-2021-dd0d6f18d8)
Universal Radio Hacker: investigate wireless protocols like a boss
--------------------------------------------------------------------------------
Update Information:
This is new version of urh.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 4 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.9.1-1
- New version
Resolves: rhbz#1911772
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911772 - urh-2.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1911772
--------------------------------------------------------------------------------