The following Fedora 31 Security updates need testing: Age URL 41 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c5ec22e14f libuv-1.39.0-1.fc31 nodejs-12.18.4-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd freetype-2.10.0-4.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-88fb82d1cd lout-3.40-18.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-421f817e5f java-11-openjdk-11.0.9.11-0.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-febe36c3ac java-1.8.0-openjdk-1.8.0.272.b10-0.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-01dc2bc62c fastd-21-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-15a1bde727 kata-ksm-throttler-1.11.1-1.fc31.1 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-61fcf3ffc7 kata-osbuilder-1.11.1-1.fc31.1 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-193da8cf44 arpwatch-2.1a15-48.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1af9cd8c87 kata-shim-1.11.1-1.fc31.1 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d1ce381889 pngcheck-2.3.0-3.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8aca25b5c8 chromium-86.0.4240.111-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-53df1c05be community-mysql-8.0.22-1.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e083225fa1 blueman-2.1.4-1.fc31
The following Fedora 31 Critical Path updates have yet to be approved: Age URL 79 https://bodhi.fedoraproject.org/updates/FEDORA-2020-72bc7df001 libunwind-1.3.1-7.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9bb2c6d5af ethtool-5.9-1.fc31 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d979670533 pcre-8.44-2.fc31 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-595197a38d ceph-14.2.12-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-747b6fb156 linux-firmware-20201022-113.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd freetype-2.10.0-4.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-517bc29c3f vim-8.2.1885-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-43eb9f7d6a pcre2-10.35-8.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-df2ee7a68b nfs-utils-2.5.2-0.fc31 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-27c0c43205 libbluray-1.2.1-1.fc31
The following builds have been pushed to Fedora 31 updates-testing
R-doMC-1.3.7-1.fc31 R-foreach-1.5.1-1.fc31 R-randomForest-4.6.14-1.fc31 crlfuzz-1.4.0-1.fc31 firefox-82.0.1-1.fc31 fzf-0.24.1-1.fc31 kernel-5.8.17-100.fc31 kicad-5.1.8-1.fc31 mariadb-10.3.25-1.fc31 mtools-4.0.25-1.fc31 mysql-connector-odbc-8.0.22-1.fc31 packit-0.19.0-1.fc31 perl-Graphics-TIFF-7-1.fc31 python-ogr-0.18.0-1.fc31 python-regex-2020.10.28-1.fc31 setzer-0.3.5-1.fc31 thunderbird-78.4.0-1.fc31 xen-4.12.3-7.fc31 xtl-0.6.21-1.fc31
Details about builds:
================================================================================ R-doMC-1.3.7-1.fc31 (FEDORA-2020-4d82b3bad3) Foreach Parallel Adaptor for 'parallel' -------------------------------------------------------------------------------- Update Information:
Disable bootstrap and run full tests -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for 'parallel' https://bugzilla.redhat.com/show_bug.cgi?id=1889046 [ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random Forests for Classification and Regression https://bugzilla.redhat.com/show_bug.cgi?id=1889047 --------------------------------------------------------------------------------
================================================================================ R-foreach-1.5.1-1.fc31 (FEDORA-2020-4d82b3bad3) Provides Foreach Looping Construct -------------------------------------------------------------------------------- Update Information:
Disable bootstrap and run full tests -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for 'parallel' https://bugzilla.redhat.com/show_bug.cgi?id=1889046 [ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random Forests for Classification and Regression https://bugzilla.redhat.com/show_bug.cgi?id=1889047 --------------------------------------------------------------------------------
================================================================================ R-randomForest-4.6.14-1.fc31 (FEDORA-2020-4d82b3bad3) Breiman and Cutler's Random Forests for Classification and Regression -------------------------------------------------------------------------------- Update Information:
Disable bootstrap and run full tests -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1889046 - Review Request: R-doMC - Foreach Parallel Adaptor for 'parallel' https://bugzilla.redhat.com/show_bug.cgi?id=1889046 [ 2 ] Bug #1889047 - Review Request: R-randomForest - Breiman and Cutler's Random Forests for Classification and Regression https://bugzilla.redhat.com/show_bug.cgi?id=1889047 --------------------------------------------------------------------------------
================================================================================ crlfuzz-1.4.0-1.fc31 (FEDORA-2020-73518ccaaf) Tool to scan CRLF vulnerability -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ firefox-82.0.1-1.fc31 (FEDORA-2020-bcfc7810a7) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- New upstream update (82.0.1) - Fixes fatal SHM allocation errors (rhbz#1889251) -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 28 2020 Martin Stransky stransky@redhat.com - 82.0.1-1 - Updated to 82.0.1 * Tue Oct 27 2020 Martin Stransky stransky@redhat.com - 82.0-8 - Added fix for mozbz#1673313 * Tue Oct 27 2020 Martin Stransky stransky@redhat.com - 82.0-7 - Added fix for rawhide crashes (rhbz#1891234) * Sat Oct 24 2020 Martin Stransky stransky@redhat.com - 82.0-6 - Enable LTO -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1889251 - Firefox 81 crashes in mozilla::widget::WaylandShmPool::WaylandShmPool https://bugzilla.redhat.com/show_bug.cgi?id=1889251 [ 2 ] Bug #1891849 - Firefox 82.0.1 available https://bugzilla.redhat.com/show_bug.cgi?id=1891849 --------------------------------------------------------------------------------
================================================================================ fzf-0.24.1-1.fc31 (FEDORA-2020-7e72399f39) A command-line fuzzy finder written in Go -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 28 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.24.1-1 - Update to latest version (#1892504) * Wed Oct 28 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.24.0-1 - Update to latest version (#1891744) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891744 - fzf-0.24.0-1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1891744 [ 2 ] Bug #1892504 - fzf-0.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1892504 --------------------------------------------------------------------------------
================================================================================ kernel-5.8.17-100.fc31 (FEDORA-2020-09e4d062fe) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 5.8.17 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Justin M. Forbes jforbes@fedoraproject.org - 5.8.17-100 - Linux v5.8.17 - Fix CVE-2020-27675 (rhbz 1891114 1891115) * Wed Oct 28 2020 Peter Robinson pbrobinson@fedoraproject.org - Fixes for AllWinner wired network issues due to Realtek PHY driver change (rhbz 1889090) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891114 - CVE-2020-27675 kernel: xen: race condition in event-channel removal during the event-handling loop (XSA-331) https://bugzilla.redhat.com/show_bug.cgi?id=1891114 --------------------------------------------------------------------------------
================================================================================ kicad-5.1.8-1.fc31 (FEDORA-2020-47d8627fec) EDA software suite for creation of schematic diagrams and PCBs -------------------------------------------------------------------------------- Update Information:
Update to 5.1.8 -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 28 2020 Steven A. Falco stevenfalco@gmail.com - 1:5.1.8-1 - Update to 5.1.8 --------------------------------------------------------------------------------
================================================================================ mariadb-10.3.25-1.fc31 (FEDORA-2020-b0ea9e2d33) A very fast and robust SQL database server -------------------------------------------------------------------------------- Update Information:
**MariaDB 10.3.25** Release notes: https://mariadb.com/kb/en/mariadb-10325-release-notes/ -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 26 2020 Michal Schorm mschorm@redhat.com - 10.3.25-1 - Rebase to 10.3.25 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1830119 - CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 mariadb:10.3/mariadb: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1830119 [ 2 ] Bug #1843796 - CVE-2020-13249 mariadb:10.3/mariadb: mariadb-connector-c: Improper validation of content in a OK packet received from server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1843796 [ 3 ] Bug #1846527 - CVE-2020-2780 mariadb:10.3/mariadb: mysql: Server: DML unspecified vulnerability (CPU Apr 2020) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1846527 --------------------------------------------------------------------------------
================================================================================ mtools-4.0.25-1.fc31 (FEDORA-2020-eeb0523bd0) Programs for accessing MS-DOS disks without mounting the disks -------------------------------------------------------------------------------- Update Information:
Update to 4.0.25 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Vojtech Trefny vtrefny@redhat.com 4.0.25-1 - Update to 4.0.25 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891226 - mtools-4.0.25 is available https://bugzilla.redhat.com/show_bug.cgi?id=1891226 --------------------------------------------------------------------------------
================================================================================ mysql-connector-odbc-8.0.22-1.fc31 (FEDORA-2020-a204efaa23) ODBC driver for MySQL -------------------------------------------------------------------------------- Update Information:
**MySQL Connector ODBC 8.0.22** -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Michal Schorm mschorm@redhat.com 8.0.22-1 - Rebase to 8.0.22 --------------------------------------------------------------------------------
================================================================================ packit-0.19.0-1.fc31 (FEDORA-2020-20fd7212d3) A tool for integrating upstream projects with Fedora operating system -------------------------------------------------------------------------------- Update Information:
New upstream release: 0.19.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Packit Service user-cont-team+packit-service@redhat.com - 0.19.0-1 - new upstream release: 0.19.0 --------------------------------------------------------------------------------
================================================================================ perl-Graphics-TIFF-7-1.fc31 (FEDORA-2020-97268d5e98) Perl extension for the LibTIFF library -------------------------------------------------------------------------------- Update Information:
This release fixes processing TIFFGetField for TIFFTAG_COLORMAP in the TIFF format. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Petr Pisar ppisar@redhat.com - 7-1 - Version 7 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891959 - perl-Graphics-TIFF-7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1891959 --------------------------------------------------------------------------------
================================================================================ python-ogr-0.18.0-1.fc31 (FEDORA-2020-18ec3ad17c) One API for multiple git forges -------------------------------------------------------------------------------- Update Information:
New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Packit Service user-cont-team+packit-service@redhat.com - 0.18.0-1 - new upstream release: 0.18.0 --------------------------------------------------------------------------------
================================================================================ python-regex-2020.10.28-1.fc31 (FEDORA-2020-b6a2314c74) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information:
Update python-regex to the latest release. ---- Update python-regex to the latest release. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Thomas Moschny thomas.moschny@gmx.de - 2020.10.28-1 - Update to 2020.10.28. * Wed Oct 28 2020 Thomas Moschny thomas.moschny@gmx.de - 2020.10.23-1 - Update to 2020.10.23. --------------------------------------------------------------------------------
================================================================================ setzer-0.3.5-1.fc31 (FEDORA-2020-71a3489492) LaTeX editor written in Python with Gtk -------------------------------------------------------------------------------- Update Information:
Updating to 0.3.5 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Lyes Saadi fedora@lyes.eu - 0.3.5-1 - Updating to 0.3.5 - Fix #1888889 - Fix #1891239 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1888889 - [abrt] setzer: getmtime(): genericpath.py:55:getmtime:FileNotFoundError: [Errno 2] Aucun fichier ou dossier de ce type: '/home/o/T��l��chargements/sample-paper.tex' https://bugzilla.redhat.com/show_bug.cgi?id=1888889 [ 2 ] Bug #1891239 - [abrt] setzer: get_value(): settings.py:105:get_value:KeyError: 'font' https://bugzilla.redhat.com/show_bug.cgi?id=1891239 [ 3 ] Bug #1892530 - setzer-0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1892530 --------------------------------------------------------------------------------
================================================================================ thunderbird-78.4.0-1.fc31 (FEDORA-2020-1da8aa9dd3) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 22 2020 Jan Horak jhorak@redhat.com - 78.4.0-1 - Update to 78.4.0 build1 * Wed Oct 7 2020 Jan Horak jhorak@redhat.com - 78.3.1-2 - Reenable s390x -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1885769 - thunderbird-78.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1885769 --------------------------------------------------------------------------------
================================================================================ xen-4.12.3-7.fc31 (FEDORA-2020-42b44971a1) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) ---- x86: Race condition in Xen mapping code [XSA-345] undue deferral of IOMMU TLB flushes [XSA-346] unsafe AMD IOMMU page table updates [XSA-347] -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Michael Young m.a.young@durham.ac.uk - 4.12.3-7 - x86 PV guest INVLPG-like flushes may leave stale TLB entries [XSA-286, CVE-2020-27674] (#1891092) * Tue Oct 20 2020 Michael Young m.a.young@durham.ac.uk - 4.12.3-6 - x86: Race condition in Xen mapping code [XSA-345, CVE-2020-27672] (#1891097) - undue deferral of IOMMU TLB flushes [XSA-346, CVE-2020-27671] (#1891093) - unsafe AMD IOMMU page table updates [XSA-347, CVE-2020-27670] (#1891088) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891087 - CVE-2020-27670 xen: unsafe AMD IOMMU page table updates (XSA-347) https://bugzilla.redhat.com/show_bug.cgi?id=1891087 [ 2 ] Bug #1891089 - CVE-2020-27674 xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) https://bugzilla.redhat.com/show_bug.cgi?id=1891089 [ 3 ] Bug #1891091 - CVE-2020-27671 xen: undue deferral of IOMMU TLB flushes (XSA-346) https://bugzilla.redhat.com/show_bug.cgi?id=1891091 [ 4 ] Bug #1891096 - CVE-2020-27672 xen: x86: race condition in Xen mapping code (XSA-345) https://bugzilla.redhat.com/show_bug.cgi?id=1891096 --------------------------------------------------------------------------------
================================================================================ xtl-0.6.21-1.fc31 (FEDORA-2020-fd28395531) QuantStack tools library -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.6.21-1 - Update to latest version (#1892529) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1892529 - xtl-0.6.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1892529 --------------------------------------------------------------------------------