As correcções de segurança
wireshark-3.0.7-alt1
build Anton Farygin,
2019-12-09
- 3.0.7
- fixes:
* CMS dissector crash. CVE-2019-19553
mariadb-10.4.9-alt1 build Alexey Shabalin, 2019-12-06
- 10.4.9
- Fixes for the following security vulnerabilities:
+ CVE-2019-2974
+ CVE-2019-2938
firefox-71.0-alt1 build Alexey Gladkov, 2019-12-05
- New release (71.0).
- Update license tag.
- Security fixes:
+ CVE-2019-11756: Use-after-free of SFTKSession object
+ CVE-2019-17008: Use-after-free in worker destruction
+ CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
+ CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
+ CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure
+ CVE-2019-17009: Updater temporary files accessible to unprivileged processes
+ CVE-2019-17010: Use-after-free when performing device orientation checks
+ CVE-2019-17005: Buffer overflow in plain text serializer
+ CVE-2019-17011: Use-after-free when retrieving a document in antitracking
+ CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+ CVE-2019-17013: Memory safety bugs fixed in Firefox 71
kernel-image-std-def-4.19.87-alt1 build Kernel Bot, 2019-12-05
- v4.19.87 (Fixes: CVE-2019-18660)
firefox-esr-68.3.0-alt1 build Andrey Cherepanov, 2019-12-05
- New ESR version (68.3.0).
- Fixed:
+ CVE-2019-17008 Use-after-free in worker destruction
+ CVE-2019-13722 Stack corruption due to incorrect number of arguments in WebRTC code
+ CVE-2019-11745 Out of bounds write in NSS when encrypting with a block cipher
+ CVE-2019-17009 Updater temporary files accessible to unprivileged processes
+ CVE-2019-17010 Use-after-free when performing device orientation checks
+ CVE-2019-17005 Buffer overflow in plain text serializer
+ CVE-2019-17011 Use-after-free when retrieving a document in antitracking
+ CVE-2019-17012 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
cve-manager-inner-knowledge-2019.12.04-alt1 build Alexey Appolonov, 2019-12-04
- New type of inner knowledge - discarded matches (matches that should not
be saved in cve-manager DB).
oniguruma-6.9.4-alt1 build Anton Farygin, 2019-12-02
- 6.9.4
- fixes:
* CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range()
* CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len()
* CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()
nss-3.47.1-alt1 build Alexey Gladkov, 2019-12-02
- New version (3.47.1).
- Security fixes:
+ CVE-2019-11745: EncryptUpdate should use maxout, not block size.
chromium-78.0.3904.108-alt1 build Alexey Gladkov, 2019-12-02
- New version (78.0.3904.108).
- Security fixes:
- CVE-2019-13723: Use-after-free in Bluetooth.
- CVE-2019-13724: Out-of-bounds access in Bluetooth.
kernel-image-un-def-5.3.14-alt1 build Kernel Bot, 2019-11-29
- v5.3.14 (Fixes: CVE-2019-18660)
clamav-0.101.5-alt1 build Sergey Y. Afonin, 2019-11-26
- 0.101.5 (CVE-2019-15961)
- fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch)
- updated %License to SPDX syntax (needs revision of exceptions)
- removed rpm-build-licenses from BuildRequires
freeipa-4.7.4-alt1 build Stanislav Levin, 2019-11-26
- 4.7.3 -> 4.7.4 (fixes: CVE-2019-14867, CVE-2019-10195).
cve-manager-inner-knowledge-2019.11.23-alt2 build Alexey Appolonov, 2019-11-25
- cve-manager users are privileged to modify the lists.
cve-manager-0.24.0-alt1 build Alexey Appolonov, 2019-11-24
- Downloading and importing NVD vulnerabilities lists in JSON format
with the use of newly created 'libtree';
- Ability to manually exclude some of the issues and make mapping prescriptions
with the use of newly created 'cve-manager-inner-knowledge'.
bind-9.11.13-alt1 build Stanislav Levin, 2019-11-21
- 9.11.12 -> 9.11.13 (fixes: CVE-2019-6477).
php7-7.3.11-alt1 build Anton Farygin, 2019-11-19
- 7.3.11 (fixes: CVE-2019-11043)
cyrus-imapd-3.0.12-alt1 build Sergey Y. Afonin, 2019-11-16
- 3.0.12 (fixes: CVE-2019-18928)
- logging of reached limits (the patch from the
https://github.com/cyrusimap/cyrus-imapd/issues/2913)
389-ds-base-1.4.1.10-alt1 build Stanislav Levin, 2019-11-14
- 1.4.1.9 -> 1.4.1.10 (fixes: CVE-2019-14824).
libtiff-4.1.0-alt1 build Vladimir D. Seleznev, 2019-11-14
- Updated to 4.1.0.
- Dropped tiff-CVE-2018-12900.patch.
kernel-image-std-def-4.19.84-alt1 build Kernel Bot, 2019-11-13
- v4.19.84 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
chromium-78.0.3904.97-alt1 build Alexey Gladkov, 2019-11-09
- New version (78.0.3904.97).
- Security fixes:
- CVE-2019-13720: Use-after-free in audio.
- CVE-2019-13721: Use-after-free in PDFium.
golang-1.13.4-alt1 build Alexey Shabalin, 2019-11-06
- 1.13.4 (Fixes: CVE-2019-17596)
kernel-image-std-pae-4.19.82-alt1 build Kernel Bot, 2019-11-06
- v4.19.82 (Fixes: CVE-2019-15098)
dbus-1.12.16-alt1 build Valery Inozemtsev, 2019-11-06
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009