This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
Archive for Fedora Linux Distribution – Security Advisories
Squid version update to 4.13 and security fixes
geary 3.36.3.1 release: * Fixed handling of pinned, invalid TLS certificates: CVE-2020-24661 * Build bug fixes
CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. CVE-2020-12673: Dovecot’s NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-10967: lmtp/submission:
Fedora 33: selinux-policy 2020-8f3381648b
New F33 selinux-policy build.
Fedora 32: selinux-policy 2020-740de661da
New F32 selinux-policy build
Fedora 32: eclipse-m2e-core 2020-cf8ef2f333
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
– New upstream version (80.0)
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
Fedora 32: eclipse-gef 2020-cf8ef2f333
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
Security fix for CVE-2020-17507
Fedora 31: golang-github-ulikunitz-xz 2020-deff052e7a
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845). * Supports the check-ID None and fixes “Checksum None is invalid” [issue #27](https://github.com/ulikunitz/xz/issues/27).
Fedora 32: golang-github-ulikunitz-xz 2020-e384830a0d
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845).
New version 3.2.6, Security fix for CVE-2020-17498
New version 3.2.6, Security fix for CVE-2020-17498
libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
Fix CVE-2020-24370 .
– New upstream version (80.0)
Rebase to version 0.9.62.4 —- Rebase to version 0.9.62.2
Updates the nss package to upstream NSS 3.55. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes – https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
Security fix for CVE-2020-14367
– fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)
This update includes the latest stable release of `mod_http2`, fixing various bugs. Two security vulnerabilities are addressed in this update: * **CVE-2020-11993**: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 * **CVE-2020-9490**:
Fedora 32: roundcubemail 2020-d0f8f20cfc
**RELEASE 1.4.8** – **Security**: Fix potential XSS issue in HTML editor of the identity signature input (#7507) – Managesieve: Fix too-small input field in Elastic when using custom headers (#7498) – Fix support for an error as a string in message_before_send hook (#7475) – Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500) – Elastic: Fix deleted and replied+forwarded
Update to 2.9.12 upstream bugfix and security update
Fedora 32: rubygem-kramdown 2020-f6eee9a2d3
A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue.
Rebased to version 3.33.0
Update to v0.3.4 release
Update to v0.3.4 release
A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.