The following Fedora 32 Security updates need testing:
Age URL
58
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f643c272c libntlm-1.6-1.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-307946cfb6
python-lxml-4.4.1-5.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-968067abfa
grafana-7.3.6-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-66e6e8d027
golang-gopkg-macaron-1-1.4.0-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-cd43b84c16 etcd-3.4.13-1.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-bfde0ab889
guacamole-server-1.2.0-3.fc32
1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-db0eb54982
python-py-1.10.0-1.fc32
The following Fedora 32 Critical Path updates have yet to be approved:
Age URL
178
https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32
31
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e49210967b dnf-4.4.2-1.fc32
libdnf-0.55.0-3.fc32 microdnf-3.5.1-1.fc32
27
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e3cff2530e koji-1.23.0-2.fc32
24
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f53b68751 dnf-4.5.2-1.fc32
dnf-plugins-extras-4.0.13-1.fc32 libdnf-0.55.2-1.fc32
18
https://bodhi.fedoraproject.org/updates/FEDORA-2020-345d2fd2aa
iproute-5.9.0-1.fc32
14
https://bodhi.fedoraproject.org/updates/FEDORA-2020-8c96ea7de3
enchant2-2.2.14-1.fc32 mingw-enchant2-2.2.14-1.fc32
13
https://bodhi.fedoraproject.org/updates/FEDORA-2020-da9438a4ae
webkit2gtk3-2.30.4-1.fc32
12
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ccd211011 fwupd-1.5.4-1.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6910afeec
libmodulemd-2.11.1-1.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d32853a28d
mingw-openjpeg2-2.3.1-11.fc32 openjpeg2-2.3.1-10.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b425e20781
nfs-utils-2.5.2-1.rc3.fc32
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a649873794 audit-3.0-1.fc32
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0896207697 zstd-1.4.7-1.fc32
10
https://bodhi.fedoraproject.org/updates/FEDORA-2020-e7a8b3931d
osinfo-db-20201218-1.fc32
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df9f500d
linux-firmware-20201218-116.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d96c86b050 ndctl-71.1-1.fc32
6
https://bodhi.fedoraproject.org/updates/FEDORA-2020-d4c4f04447
ethtool-5.10-1.fc32
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-88275b3477
procps-ng-3.3.16-2.fc32
4
https://bodhi.fedoraproject.org/updates/FEDORA-2020-29fcb2cec6
tracker-2.3.6-2.fc32
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-66d135ac1f
python3-3.8.7-1.fc32 python3-docs-3.8.7-1.fc32
0
https://bodhi.fedoraproject.org/updates/FEDORA-2020-726021f11f
libburn-1.5.2-4.fc32
The following builds have been pushed to Fedora 32 updates-testing
amsynth-1.12.2-1.fc32
iec16022-0.3.0-1.fc32
jupp-40-1.fc32
legendary-0.20.6-1.fc32
libmicrohttpd-0.9.72-1.fc32
magic-8.3.105-1.fc32
mingw-binutils-2.32-9.fc32
mozilla-noscript-11.1.7-1.fc32
nextcloud-18.0.12-2.fc32
rubygem-em-http-request-1.1.7-1.fc32
xcircuit-3.10.30-1.fc32
xrdp-0.9.15-1.fc32
Details about builds:
================================================================================
amsynth-1.12.2-1.fc32 (FEDORA-2020-8cdcec7fc0)
A classic synthesizer with dual oscillators
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.2 Fix #1911367
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Guido Aulisi <guido.aulisi(a)gmail.com> - 1.12.2-1
- Update to 1.12.2
- Fix #1911367
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1900141 - amsynth-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1900141
[ 2 ] Bug #1911367 - amsynth doesn't connect to ALSA
https://bugzilla.redhat.com/show_bug.cgi?id=1911367
--------------------------------------------------------------------------------
================================================================================
iec16022-0.3.0-1.fc32 (FEDORA-2020-31f630bced)
Generate ISO/IEC 16022 2D barcodes
--------------------------------------------------------------------------------
Update Information:
iec16022 0.3.0 ============== - Fixed incorrect open mode, leading to
corrupted output files at least on Windows - Removed various unused `Image*`
functions even though they were exported by the `.so` before iec16022 0.2.7
============== - Fixed versioning in distributed package - Bugfix release
iec16022 0.2.6 ============== - Fixed a bug where data was omitted from
barcode because algorithm chose the wrong barcode length - Partial support for
GS1 encoding - Several code cleanups iec16022 0.2.5 ============== - Fix
EDIFACT encoding - Support output as UTF-8 - Minor code warning cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Robert Scheck <robert(a)fedoraproject.org> - 0.3.0-1
- Upgrade to 0.3.0 (#1911379)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2.4-25
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911379 - iec16022-0.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1911379
--------------------------------------------------------------------------------
================================================================================
jupp-40-1.fc32 (FEDORA-2020-c2e2c3a6cc)
Compact and feature-rich WordStar-compatible editor
--------------------------------------------------------------------------------
Update Information:
jupp 40 ======= - update UCD to fix new Hangul Jamo widths (D7B0���D7FF) -
`sh.jsf`: update list of ksh `keywords` and sort it - manpage: document indent
chars for format/fmtblk - `HINTS`: `something | jupp -mold notmod -` - improve
preformatted jupp32 manpage generation; tweak manpage - do not delete a n��n-
generated file on `make clean` - fix crash on Ins/^V on Mac OSX - update
SELinux client to current API - fix some Coverity warnings jupp 39 =======
- Highlight HTML/XHTML and XML with content sniffing as well - Improve shell
highlighting substitution quoting handling - Update autoconf to fix FTBFS on
arm64, ppc64le and riscv64 - Fix `SETUP.INF` generation, make it run on
Windows�� 95, and remove old upgrade code; install to `PROGRA~1` universally -
Work around a GCC on MIPS16 asm generation bug in IDSTRING - Highlight more
T�����/L���T����� extensions - Shrink built-in jupprc size by dropping specialist
command ^KF - Use more consistent header guards - Update to UCD 13.0.0 -
Major overhaul of charmap handling - Massive dead parameter and code
elimination and warning fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Robert Scheck <robert(a)fedoraproject.org> 40-1
- Upgrade to 40
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 38-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
legendary-0.20.6-1.fc32 (FEDORA-2020-3025db8766)
Free and open-source replacement for the Epic Games Launcher
--------------------------------------------------------------------------------
Update Information:
Update to 0.20.6
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.20.6-1
- build(update): 0.20.6
* Mon Dec 21 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 0.20.5-1
- build(update): 0.20.5
--------------------------------------------------------------------------------
================================================================================
libmicrohttpd-0.9.72-1.fc32 (FEDORA-2020-4d793bb498)
Lightweight library for embedding a webserver in applications
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.72-1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Martin Gansser <martinkg(a)fedoraproject.org> - 1:0.9.72-1
- Update to 1:0.9.72
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:0.9.71-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911355 - libmicrohttpd-0.9.72 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1911355
--------------------------------------------------------------------------------
================================================================================
magic-8.3.105-1.fc32 (FEDORA-2020-f0c162d0b6)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.3.105 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 8.3.105-1
- 8.3.105
--------------------------------------------------------------------------------
================================================================================
mingw-binutils-2.32-9.fc32 (FEDORA-2020-28c78a6ac3)
Cross-compiled version of binutils for Win32 and Win64 environments
--------------------------------------------------------------------------------
Update Information:
Backport patches for CVE-2020-35493, CVE-2020-35494, CVE-2020-35495,
CVE-2020-35496.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Sandro Mani <manisandro(a)gmail.com> - 2.32-9
- Backport patches for CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911438 - CVE-2020-35493 mingw-binutils: binutils: heap-based buffer overflow
in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911438
[ 2 ] Bug #1911440 - CVE-2020-35494 mingw-binutils: binutils: usage of unitialized heap
in tic4x_print_cond function in opcodes/tic4x-dis.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911440
[ 3 ] Bug #1911442 - CVE-2020-35495 mingw-binutils: binutils: NULL pointer dereference
in bfd_pef_parse_symbols function in bfd/pef.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911442
[ 4 ] Bug #1911445 - CVE-2020-35496 mingw-binutils: binutils: multiple NULL pointer
dereferences in bfd module due to not checking return value of bfd_malloc [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1911445
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-11.1.7-1.fc32 (FEDORA-2020-09b212f946)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
Changes since 11.1.5
============================================================ x Optimize
`serviceWorker` tracking for heavy tabs usage (thanks *vadimm* and *barbaz* for
investigation) x Force placeholder visibility on Youtube embeddings x Fixed
popup opening being slowed down if options UI is opened (thanks *Sirus* for
report) x Explicit failure for wrong settings importation formats x Better
handling of concurrent prompts issues (thanks *billarbor* for reporting) x
Remove z-index boosting from ancestors when placeholder is collapsed or replaced
(issue #162) x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks *barbaz* for report) x More accurate blockage
reporting, with better filtering of page's own CSP effects x [UI] Fixed bug in
CUSTOM sites filtering (thanks *barbaz* for reporting) x Fixed bug in automatic
HTML events build-time updates x Updated HTML events x Updated TLDs x [L10n]
Updated sv_SE x Better handling 0 width / 0 height media placeholders
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 11.1.7-1
- update to 11.1.7 (#1906206)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1906206 - mozilla-noscript-11.1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1906206
--------------------------------------------------------------------------------
================================================================================
nextcloud-18.0.12-2.fc32 (FEDORA-2020-457deb23b1)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
- Moves dependencies on database drivers to subpackages - Adds dependency on CA
cert bundle file - Removes setting of syslinux rules, as these are taken care of
by syslinux-policy - Adds `Provides: bundled()` for all bundled libraries
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 28 2020 Christopher Engelhard <ce(a)lcts.de> - 18.0.12-2
- Remove syslinux labeling
- Remove duplicate dependencies
- Add missing dependency on CA certs bundle
- Add Provides: for bundled libraries
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1909804 - nextcloud RPM does not declare Provides for bundled PHP
dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1909804
--------------------------------------------------------------------------------
================================================================================
rubygem-em-http-request-1.1.7-1.fc32 (FEDORA-2020-117f1b67fb)
EventMachine based, async HTTP Request client
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-13482.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 30 2020 Jaroslav Prokop <jar.prokop(a)volny.cz> - 1.1.7-1
- Update to version 1.1.7
resolves rhbz#1911458 and CVE-2020-13482
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1911457 - CVE-2020-13482 rubygem-em-http-request: missing SSL hostname
validation allows MITM
https://bugzilla.redhat.com/show_bug.cgi?id=1911457
--------------------------------------------------------------------------------
================================================================================
xcircuit-3.10.30-1.fc32 (FEDORA-2020-78254cd532)
Electronic circuit schematic drawing program
--------------------------------------------------------------------------------
Update Information:
New version 3.10.30 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 3.10.30-1
- 3.10.30
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.15-1.fc32 (FEDORA-2020-2e1afbe084)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.9.15 (2020/12/28) New features - Allow token sign in
without autologon for SSO (#1667 #1668) - Norwegian keyboard support (#1675) -
Improved config support for chansrv (#1635) - Unified chansrv, sesman and
libxrdp logging (#1633 #1708 #1738) - thanks to @aquesnel - Support SUSE move to
/usr/etc (#1702) - Parameters may now be specified for user-specified shell
(#1270 #1695) - xrdp executables now allow alternative config files to be
specified with -c (#1588 #1650 #1651) - sesrun improvements (#1741) - Drive
redirection location can now be specified (#1048) - Now compiles on RISC-V
(#1761) Bug fixes - Additional buffer overflow checks (#1662) - FUSE support
now builds on 32-bit platforms (#1682) - genkeymap array size conflict fixed
(#1691) - Buffering issue with neutrinordp over a slow link fixed (#1608 1634) -
Various documentation fixes (#1704 #1741 #1755 #1759) - Prevent PAM info message
from causing authentication failure (#1727) - Cosmetic fixes for minor issues
(#1751 #1755 #1749) - Try harder to clean up socket files on session exit (#1740
#1756) - xrdp-chansrv become defunct in docker while file copy (#1658)
Internal changes - Compilation warnings with newer compilers (#1659 #1680) -
Continuation Integration checks on 32-bit platforms now include FUSE support
(#1682) - Continuation Integration builds now default to the Ubuntu Focal
platform (#1666) - FUSE type tidy-ups (#1686) - Switch from Travis CI to GitHub
Actions (#1728 #1732) - Easier to set up console logging for utilities (#1711)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 29 2020 Bojan Smojver <bojan(a)rexurive.com> - 1:0.9.15-1
- Bump up to 0.9.15
--------------------------------------------------------------------------------