Red Hat Security Advisory 2020-4436-01 - The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include a bypass vulnerability.
fa7373f850474c95bd4661815aef7c0f2f5f0078278fc370742a704d804ecfaa
Gentoo Linux Security Advisory 202007-4 - Multiple vulnerabilities have been found in fwupd and libjcat, the worst of which could result in the arbitrary execution of code. Versions less than 1.3.10 are affected.
71a4a63319329bb7ca2873f34a52a76c34e1e87914e0c8347af5da6ef4308499
Ubuntu Security Notice 4395-1 - Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware.
e85a40d1b0aa2b09553ccc98b32e3f02f0ed60d15ea2a6884a5f9344d32e314b