As correcções de segurança
json-c-0.14-alt2
build Alexey Shabalin,
2020-07-04
- Fixes: CVE-2020-12762
wireshark-3.2.5-alt1 build Anton Farygin, 2020-07-03
- 3.2.5
- fixes:
* GVCP dissector infinite loop. CVE-2020-15466
bind-9.11.20-alt1 build Stanislav Levin, 2020-06-29
- 9.11.19 -> 9.11.20 (fixes: CVE-2020-8619).
mariadb-10.4.13-alt1 build Alexey Shabalin, 2020-06-28
- 10.4.13
- Fixes for the following security vulnerabilities:
+ CVE-2020-2752
+ CVE-2020-2812
+ CVE-2020-2814
+ CVE-2020-2760
+ CVE-2020-13249
ceph-14.2.10-alt1 build Alexey Shabalin, 2020-06-28
- 14.2.10
- Fixes for the following security vulnerabilities:
+ CVE-2020-10753 HTTP header injection via CORS ExposeHeader tag
vlc-3.0.11-alt1 build Anton Farygin, 2020-06-26
- 3.0.11
- fixes:
* CVE-2020-13428 - a remote user could create a specifically
crafted file that could trigger a buffer overflow in VLC's H26X packetizer
libjpeg8-2.0.5-alt1 build Leontiy Volodin, 2020-06-25
- New version (2.0.5) with rpmgs script.
- Updated license tag.
- Fixes:
+ CVE-2020-13790.
curl-7.71.0-alt1 build Anton Farygin, 2020-06-24
- 7.71.0
- fixes:
* CVE-2020-8177: curl overwrite local file with -J
* CVE-2020-8169: Partial password leak over DNS on HTTP redirect
libgupnp1.2-1.2.3-alt1 build Yuri N. Sedunov, 2020-06-23
- 1.2.3 (Add mitigations for CVE-2020-12695 (CallStranger),
Implement UDA 2.0 April 17 2020 Addendum (Partial fix for CVE-2020-12695))
freerdp-2.1.2-alt1 build Andrey Cherepanov, 2020-06-23
- New version.
- Fixes:
+ CVE-2020-4033 Out of bound read in RLEDECOMPRESS
+ CVE-2020-4031 Use-After-Free in gdi_SelectObject
+ CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order`
+ CVE-2020-4030 OOB read in `TrioParse`
+ CVE-2020-11099 OOB Read in license_read_new_or_upgrade_license_packet
+ CVE-2020-11098 Out-of-bound read in glyph_cache_put
+ CVE-2020-11097 OOB read in ntlm_av_pair_get
+ CVE-2020-11095 Global OOB read in update_recv_primary_order
+ CVE-2020-11096 Global OOB read in update_read_cache_bitmap_v3_order
+ Gateway RPC fixes for windows
+ Fixed resource fee race resulting in double free in USB redirection
+ Fixed wayland client crashes
+ Fixed X11 client mouse mapping issues (X11 mapping on/off)
+ Some proxy related improvements (capture module)
+ Code cleanup (use getlogin_r, ...)
libnghttp2-1.41.0-alt1 build Vladimir Lettiev, 2020-06-20
- 1.40.1 (Closes: #38626)
- Security fix: CVE-2020-11080
node-14.4.0-alt1 build Vitaly Lipatov, 2020-06-19
- new version 14.4.0 (with rpmrb script)
- set libicu >= 6.5
- set libnghttp2 >= 1.41.0
- CVE-2020-8172, CVE-2020-11080, CVE-2020-8174
dpdk-18.11.8-alt1 build Alexey Shabalin, 2020-06-18
- Update to LTS release 18.11.8 (Fixes: CVE-2020-10722, CVE-2020-10723, CVE-2020-10724)
adns-1.5.2-alt1 build Anton Farygin, 2020-06-14
- 1.5.2 (Fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109,
CVE-2017-9106, CVE-2017-9107, CVE-2017-9108)
sqlite3-3.32.2-alt1 build Vladimir D. Seleznev, 2020-06-08
- 3.32.2.
- Applied Debian patch (fixes CVE-2020-13871).
kernel-image-std-pae-5.4.45-alt1 build Kernel Bot, 2020-06-08
- v5.4.45 (Fixes: CVE-2020-10757)
kernel-image-std-debug-5.4.45-alt1 build Kernel Bot, 2020-06-08
- v5.4.45 (Fixes: CVE-2020-10757)
kernel-image-std-def-5.4.45-alt1 build Kernel Bot, 2020-06-08
- v5.4.45 (Fixes: CVE-2020-10757)
kernel-image-un-def-5.7.1-alt1 build Kernel Bot, 2020-06-08
- v5.7.1 (Fixes: CVE-2020-10757)
gnutls30-3.6.14-alt1 build Mikhail Efremov, 2020-06-06
- Updated to 3.6.14 (fixes: CVE-2020-13777).
libnetwork-19.03.11-alt1.git153d076 build Vladimir Didenko, 2020-06-05
- New version for docker 19.03.11-ce (fixes: CVE-2020-13401)
docker-ce-19.03.11-alt1 build Vladimir Didenko, 2020-06-05
- 19.03.11 (fixes: CVE-2020-13401)
nss-3.53.0-alt1 build Alexey Gladkov, 2020-06-04
- New version (3.53).
- Security fixes:
+ CVE-2020-12399 - Force a fixed length for DSA exponentiation
grafana-7.0.3-alt1 build Alexey Shabalin, 2020-06-04
- 7.0.3 (Fixes: CVE-2020-13379)
thunderbird-68.9.0-alt1 build Andrey Cherepanov, 2020-06-04
- New version (68.9.0).
- Fixes:
+ CVE-2020-12399 Timing attack on DSA signatures in NSS library
+ CVE-2020-12405 Use-after-free in SharedWorkerService
+ CVE-2020-12406 JavaScript Type confusion with NativeTypes
+ CVE-2020-12410 Memory safety bugs fixed in Thunderbird 68.9.0
+ CVE-2020-12398 Security downgrade with IMAP STARTTLS leads to information leakage
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009