The following Fedora 30 Security updates need testing:
Age URL
95
https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f
libarchive-3.3.3-7.fc30
28
https://bodhi.fedoraproject.org/updates/FEDORA-2020-cc26574961
chromium-79.0.3945.130-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-47efc31973 libuv-1.34.2-1.fc30
nghttp2-1.40.0-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-830d8a1a92
http-parser-2.9.3-1.fc30 nodejs-10.19.0-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-092ef6572a
glib2-2.60.7-3.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8193c0aa68
mingw-openjpeg2-2.3.1-7.fc30 openjpeg2-2.3.1-6.fc30
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c68458c879
podman-1.8.0-2.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2a0aac3502
skopeo-0.1.41-1.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6cc7883b8
hiredis-0.13.3-13.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-76d608179d
NetworkManager-ssh-1.2.11-1.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bdcc8ffc24
python-waitress-1.4.3-1.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a06ebafad8
python-psutil-5.6.7-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8f18c45545
golang-github-gorilla-websocket-1.4.1-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-279c61dd70 caddy-1.0.3-2.fc30
etcd-3.3.12-5.20190413gitf29b1ad.fc30 hugo-0.55.6-2.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2211f3adde
thunderbird-68.5.0-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0fb484d7f7
firejail-0.9.62-1.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f1209bb45
libtiff-4.0.10-8.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ea970ebc6 php-7.3.15-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-512f0121dc
mingw-libpng-1.6.37-3.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-76c707cff0
proftpd-1.3.6c-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-247650d74a
firefox-73.0.1-1.fc30
The following Fedora 30 Critical Path updates have yet to be approved:
Age URL
226
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1
dash-0.5.10.2-3.fc30
95
https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f
libarchive-3.3.3-7.fc30
32
https://bodhi.fedoraproject.org/updates/FEDORA-2020-aa758fe515 koji-1.20.0-1.fc30
15
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c4d27dea0b
selinux-policy-3.14.3-56.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-092ef6572a
glib2-2.60.7-3.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-830d8a1a92
http-parser-2.9.3-1.fc30 nodejs-10.19.0-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-47efc31973 libuv-1.34.2-1.fc30
nghttp2-1.40.0-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-886fc2deb7
python-productmd-1.24-1.fc30
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-5e06ad5ec5
cryptsetup-2.3.0-1.fc30
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-02278780cf
nfs-utils-2.4.3-0.fc30
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b7b2270753 mdadm-4.1-1.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-299acf832a pcre-8.43-3.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-71be871020
libdnf-0.43.1-3.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e94bce43a0 abrt-2.14.0-1.fc30
abrt-java-connector-1.1.4-1.fc30 libreport-2.12.0-1.fc30 satyr-0.30-2.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-970a0aa60e
python-rpm-macros-3-46.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8193c0aa68
mingw-openjpeg2-2.3.1-7.fc30 openjpeg2-2.3.1-6.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-17af221dbb
nss-pem-1.0.6-1.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-293bf84963 vim-8.2.236-1.fc30
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6dfb032e43
flatpak-1.4.4-2.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f1209bb45
libtiff-4.0.10-8.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d588eaa6e2
net-snmp-5.8-16.fc30
3
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2211f3adde
thunderbird-68.5.0-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-247650d74a
firefox-73.0.1-1.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e05afa496a
kernel-5.4.21-100.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-366bc158c9 pcre2-10.34-7.fc30
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-765f45cd37
libtirpc-1.2.5-1.rc2.fc30
The following builds have been pushed to Fedora 30 updates-testing
PyYAML-5.3-2.fc30
bcc-0.12.0-1.fc30
berusky2-0.11-1.fc30
candy-icon-theme-0-7.20200220gita6e938f8.fc30
libfido2-1.3.1-1.fc30
mock-core-configs-32.3-2.fc30
perl-CPAN-Perl-Releases-5.20200220-1.fc30
perl-Module-CoreList-5.20200220-1.fc30
php-scssphp-scssphp-1.0.8-1.fc30
ppp-2.4.7-34.fc30
rebase-helper-0.21.0-1.fc30
rubygem-loofah-2.2.3-4.fc30
sdbus-cpp-0.8.1-1.fc30
will-crash-0.13.2-1.fc30
Details about builds:
================================================================================
PyYAML-5.3-2.fc30 (FEDORA-2020-e84e90dc4a)
YAML parser and emitter for Python
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-20477
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 6 2020 John Eckersberg <eck(a)redhat.com> - 5.3-1
- New upstream release 5.3
* Tue Dec 3 2019 John Eckersberg <eck(a)redhat.com> - 5.2-1
- New upstream release 5.2
* Fri Nov 22 2019 John Eckersberg <eck(a)redhat.com> - 5.1.2-4
- Build without python2 by default (rhbz#1775075)
* Thu Sep 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 5.1.2-3
- Stop providing PyYAML from python2-pyyaml, Python now means Python 3
* Thu Aug 15 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 5.1.2-2
- Rebuilt for Python 3.8
* Wed Jul 31 2019 John Eckersberg <eck(a)redhat.com> - 5.1.2-1
- New upstream release 5.1.2
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.1.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 15 2019 Petr Viktorin <pviktori(a)redhat.com> - 5.1.1-2
- Remove build dependency on python2-Cython
* Fri Jun 7 2019 John Eckersberg <eck(a)redhat.com> - 5.1.1-1
- New upstream release 5.1.1 (rhbz#1718110)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1806005 - CVE-2019-20477 PyYAML: insufficient restrictions on the load and
load_all functions
https://bugzilla.redhat.com/show_bug.cgi?id=1806005
--------------------------------------------------------------------------------
================================================================================
bcc-0.12.0-1.fc30 (FEDORA-2020-5167a1b25c)
BPF Compiler Collection (BCC)
--------------------------------------------------------------------------------
Update Information:
Rebase to latest upstream version (#1788228)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Rafael dos Santos <rdossant(a)redhat.com> - 0.12.0-1
- Rebase to latest upstream version (#1788228)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1788228 - bcc-tools fail to compile on 5.4.7-200 kernel
https://bugzilla.redhat.com/show_bug.cgi?id=1788228
--------------------------------------------------------------------------------
================================================================================
berusky2-0.11-1.fc30 (FEDORA-2020-e7f2f4fb09)
Sokoban clone
--------------------------------------------------------------------------------
Update Information:
Ship fixes from
https://notabug.org/AsDaGo/berusky2
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
candy-icon-theme-0-7.20200220gita6e938f8.fc30 (FEDORA-2020-b4c3a29191)
Sweet gradient icon theme
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream snapshot (2020-02-20)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Artur Iwicki <fedora(a)svgames.pl> - 0-7.20200220gita6e938f8
- Update to latest upstream snapshot
--------------------------------------------------------------------------------
================================================================================
libfido2-1.3.1-1.fc30 (FEDORA-2020-6d3240c127)
FIDO2 library
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.1 release ---- New libfido2 package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 20 2020 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.3.1-1
- 1.3.1 release
* Mon Dec 16 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.3.0-3
- use yubico corp release site for sources and gpg signature
* Sat Dec 14 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.3.0-2
- packaging cleanups
* Sat Nov 30 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.3.0-1
- 1.3.0 release
* Mon Jul 29 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.2.0-1
- 1.2.0 release
* Sat May 11 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.1.0-1
- 1.1.0 release
* Fri Apr 5 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.0.0-2
- include backported upstream patches for compiler dependencies and soname version
- modify libdir glob to meet newer packaging recommendations
* Thu Mar 21 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 1.0.0-1
- 1.0.0 release
* Mon Jan 7 2019 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 0.4.0-1
- 0.4.0 release
* Wed Sep 12 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com> 0.3.0-1
- 0.3.0 release
* Fri Sep 7 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.8.20180907git878fcd8
- update to upstream master
* Thu Sep 6 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.7.20180906gitff7ece8
- update to upstream master
* Wed Sep 5 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.6.20180905gitcb4951c
- update to upstream master
* Tue Sep 4 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.5.20180904git2b5f0d0
- update to upstream master
* Mon Aug 27 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.4.20180827git9d178b2
- Update to upstream master
* Thu Aug 23 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.3.20180823git0f40181
- Update to upstream master
* Tue Aug 21 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.2.20180821gitfff65a4
- Update to upstream master
* Wed Aug 8 2018 Gary Buhrmaster <gary.buhrmaster(a)gmail.com>
0.3.0-0.1.20180808git5be8903
- Update to new spec
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-32.3-2.fc30 (FEDORA-2020-376c58ea30)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
bugfix update - use one template for branched fedoras - templatize F31+ i386 -
use 'dnf.conf' in mageia, opensuse and openmandriva configs
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.3-2
- bump version for lost git tag
* Fri Feb 21 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.3-1
- put back the opensuse-leap-15.1-x86_64 config
* Thu Feb 20 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.2-1
- use one template for branched fedoras
- templatize F31+ i386
- use 'dnf.conf' in mageia, opensuse and openmandriva configs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1804415 - 'mock -r fedora-rawhide-i386 shell' fails
https://bugzilla.redhat.com/show_bug.cgi?id=1804415
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-5.20200220-1.fc30 (FEDORA-2020-b0af6bbba2)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
This release provides data about Perl 5.31.9.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Petr Pisar <ppisar(a)redhat.com> - 5.20200220-1
- 5.20200220 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805545 - perl-CPAN-Perl-Releases-5.20200220 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1805545
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20200220-1.fc30 (FEDORA-2020-91f72a64d0)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release brings data about Perl 5.31.9.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Petr Pisar <ppisar(a)redhat.com> - 1:5.20200220-1
- 5.20200220 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805545 - perl-CPAN-Perl-Releases-5.20200220 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1805545
--------------------------------------------------------------------------------
================================================================================
php-scssphp-scssphp-1.0.8-1.fc30 (FEDORA-2020-26fccca31c)
Compiler for SCSS
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.8** * Import of valid scss files fails silently (@oyejorge,
@Cerdic) * Undefined $libName (@enricobono, @robocoder) * Fix division and
modulo per sass-spec (@Cerdic) * Fix expressions in at directives (@Cerdic) *
Introduce support for custom properties (@Cerdic) * Function compatibility
issues with functions (abs, ceil, floor, max, min, percentage, random, round),
units, and conversions. (@Cerdic)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Remi Collet <remi(a)remirepo.net> - 1.0.8-1
- update to 1.0.8
--------------------------------------------------------------------------------
================================================================================
ppp-2.4.7-34.fc30 (FEDORA-2020-571091c70b)
The Point-to-Point Protocol daemon
--------------------------------------------------------------------------------
Update Information:
This is an update fixing CVE-2020-8597.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.4.7-34
- Fixed buffer overflow in the eap_request and eap_response functions
Resolves: CVE-2020-8597
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.7-33
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.7-32
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and
eap_response functions in eap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1800727
--------------------------------------------------------------------------------
================================================================================
rebase-helper-0.21.0-1.fc30 (FEDORA-2020-40f66db077)
The tool that helps you to rebase your package to the latest version
--------------------------------------------------------------------------------
Update Information:
**News in version 0.21.0:** - Added public API tests for `Tags` class - Added
support for *%patchlist* and *%sourcelist* - Added support for automatic
*Source*/*Patch* numbering - **commit-hash-updater** SPEC hook now handles empty
release name - *sources* is now ignored if it's not a regular file - Fixed
summary and report paths when using `--bugzila-id` or `--results-dir` - Fixed
and extended detection of ABI changes reported by **abipkgdiff** - Removed
deprecated encoding parameter in `json.load()` for Python 3.9 - Fixed processing
of remote patches - Fixed handling of intermediate macros in
`SpecFile.set_tag()` - All RPM macros are now reset when `SpecFile` object is
destroyed - Renamed docker directory to containers and Dockerfiles to
Containerfiles - Switched from Docker Hub to quay.io for automatic image
building - Improved and cleaned up `SpecFile` tests - **replace-old-version**
SPEC hook can now replace also extraversion
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> -
0.21.0-1
- new upstream release: 0.21.0
--------------------------------------------------------------------------------
================================================================================
rubygem-loofah-2.2.3-4.fc30 (FEDORA-2020-1ebc4b8284)
Manipulate and transform HTML/XML documents and fragments
--------------------------------------------------------------------------------
Update Information:
Fix XXS when a crafted SVG element is republished.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 V��t Ondruch <vondruch(a)redhat.com> - 2.2.3-4
- Fix XXS when a crafted SVG element is republished.
Resolves: CVE-2019-15587
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1774081 - CVE-2019-15587 rubygem-loofah: XXS when a crafted SVG element is
republished
https://bugzilla.redhat.com/show_bug.cgi?id=1774081
--------------------------------------------------------------------------------
================================================================================
sdbus-cpp-0.8.1-1.fc30 (FEDORA-2020-2abe4072e4)
High-level C++ D-Bus library
--------------------------------------------------------------------------------
Update Information:
New package sdbus-cpp - high-level C++ D-Bus library for Linux designed to
provide easy-to-use yet powerful API in modern C++.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2020 Marek Blaha <mblaha(a)redhat.com> - 0.8.1-1
- Update to release 0.8.1
* Fri Jan 24 2020 Marek Blaha <mblaha(a)redhat.com> - 0.7.8-1
- Initial release 0.7.8
--------------------------------------------------------------------------------
================================================================================
will-crash-0.13.2-1.fc30 (FEDORA-2020-dbf7622503)
Set of crashing executables written in various languages
--------------------------------------------------------------------------------
Update Information:
Fix some rpmlint issues ---- Add Perl script to cause a segfault
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 21 2020 Ernestas Kulik <ekulik(a)redhat.com> - 0.13.2-1
- new upstream release: 0.13.2
* Thu Feb 20 2020 Ernestas Kulik <ekulik(a)redhat.com> - 0.13-1
- new upstream release: 0.13
--------------------------------------------------------------------------------