As correcções de segurança
firefox-esr-60.4.0-alt1
build Andrey Cherepanov,
2018-12-11
- New ESR version (60.4.0)
- Fixed:
+ CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492 Use-after-free with select element
+ CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18498 Integer overflow when calculating buffer sizes for images
+ CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
nettle-3.4.1-alt1 build Mikhail Efremov, 2018-12-06
- Updated to 3.4.1 (fixes: CVE-2018-16869).
kernel-image-std-pae-4.14.86-alt1 build Kernel Bot, 2018-12-06
- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)
gnutls30-3.6.5-alt1 build Mikhail Efremov, 2018-12-06
- Updated to 3.6.5 (fixes: CVE-2018-16868).
kernel-image-std-def-4.14.86-alt1 build Kernel Bot, 2018-12-06
- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)
polkit-0.115-alt4 build Alexey Shabalin, 2018-12-06
- updated to 0.115-23fd211e
- Port the JS authority to mozjs-60
- Move D-Bus policy file to /usr/share/dbus-1/system.d/
- Drop deprecated use of g_type_class_add_private()
- Allow negative uids/gids in PolkitUnixUser and Group objects (fixed CVE-2018-19788)
kernel-image-std-debug-4.14.86-alt1 build Kernel Bot, 2018-12-06
- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)
wireshark-2.6.5-alt1 build Anton Farygin, 2018-12-03
- 2.6.5
- added devel package (closes: #29869)
- fixes:
* The Wireshark dissection engine could crash. CVE-2018-19625
* The DCOM dissector could crash. CVE-2018-19626
* The LBMPDM dissector could crash. CVE-2018-19623
* The MMSE dissector could go into an infinite loop. CVE-2018-19622
* The IxVeriWave file parser could crash. CVE-2018-19627
* The PVFS dissector could crash. CVE-2018-19624
* The ZigBee ZCL dissector could crash. CVE-2018-19628
kernel-image-std-pae-4.14.85-alt1 build Kernel Bot, 2018-12-02
- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)
kernel-image-std-def-4.14.85-alt1 build Kernel Bot, 2018-12-02
- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)
kernel-image-std-debug-4.14.85-alt1 build Kernel Bot, 2018-12-02
- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)
openslp-2.0.0-alt2 build Stanislav Levin, 2018-12-01
- Fixed libslp namespace (closes: #35692).
- Enabled SLPv2 Security.
- Enabled testing.
- Applied security fixes (fixes: CVE-2012-4428, CVE-2016-4912, CVE-2016-7567,
CVE-2017-17833).
node-10.14.1-alt1 build Vitaly Lipatov, 2018-11-30
- new version 10.14.1 (with rpmrb script)
- disable internal doc
- 2018-11-27, Version 10.14.0 'Dubnium' (LTS), @rvagg
- CVE-2018-12121, CVE-2018-12122, CVE-2018-12123
mariadb-10.3.11-alt1 build Alexey Shabalin, 2018-11-28
- 10.3.11
- Fixes for the following security vulnerabilities:
+ CVE-2018-3282
+ CVE-2016-9843
+ CVE-2018-3174
+ CVE-2018-3143
+ CVE-2018-3156
+ CVE-2018-3251
+ CVE-2018-3185
+ CVE-2018-3277
+ CVE-2018-3162
+ CVE-2018-3173
+ CVE-2018-3200
+ CVE-2018-3284
samba-DC-4.9.3-alt1 build Evgeny Sinelnikov, 2018-11-28
- Update to autumn security release
- Revert Samba DC to build with internal Heimdal Kerberos implementation
- Clean test module of third_party/iso8601 and subunit modules
- Security fixes:
+ CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD Internal DNS server
+ CVE-2018-16841 Double-free in Samba AD DC KDC with PKINIT
+ CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
+ CVE-2018-16852 NULL pointer de-reference in Samba AD DC DNS servers
+ CVE-2018-16853 Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)
+ CVE-2018-16857 Bad password count in AD DC not always effective
glibc-2.27-alt7 build Dmitry V. Levin, 2018-11-27
- Updated to glibc-2.27-89-g9f433fc791 from 2.27 branch
(fixes CVE-2018-19591).
libsoundtouch-2.1.1-alt1 build Yuri N. Sedunov, 2018-11-22
- 2.1.1 (fixed CVE-2018-17097)
kernel-image-std-pae-4.14.82-alt1 build Kernel Bot, 2018-11-22
- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)
kernel-image-std-def-4.14.82-alt1 build Kernel Bot, 2018-11-22
- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)
kernel-image-std-debug-4.14.82-alt1 build Kernel Bot, 2018-11-22
- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)
kernel-image-un-def-4.19.3-alt1 build Kernel Bot, 2018-11-22
- v4.19.3 (Fixes: CVE-2018-10940, CVE-2018-16658)
kernel-image-un-def-4.19.2-alt1 build Kernel Bot, 2018-11-14
- v4.19.2 (Fixes: CVE-2018-18955)
kde5-kio-extras-18.04.3-alt2 build Sergey V Turchin, 2018-11-13
- don't package htmlthumbnail plugin
- security fixes: CVE-2018-19120
firefox-63.0.1-alt1 build Alexey Gladkov, 2018-11-13
- New release (63.0.1).
- Fixed:
+ CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
+ CVE-2018-12392: Crash with nested event loops
+ CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
+ CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
+ CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
+ CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
+ CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
+ CVE-2018-12399: Spoofing of protocol registration notification bar
+ CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
+ CVE-2018-12401: DOS attack through special resource URI parsing
+ CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
+ CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
+ CVE-2018-12388: Memory safety bugs fixed in Firefox 63
+ CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
postgresql10-10.6-alt1 build Alexei Takaseev, 2018-11-08
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009