Sisyphus repositório
Última atualização: 18 fevereiro 2019 | SRPMs: 18500 | Visitas: 13037992
en ru br
As correcções de segurança

kernel-image-std-pae-4.14.101-alt1   build Kernel Bot, 2019-02-15


- v4.14.101 (Fixes: CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)

elfutils-0.176-alt1   build Dmitry V. Levin, 2019-02-15


- 0.175 -> 0.176 (fixes: CVE-2019-7146, CVE-2019-7148,
CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665).

firefox-esr-60.5.1-alt1   build Andrey Cherepanov, 2019-02-15


- New ESR version (60.5.1).
- Fixed:
+ CVE-2018-18356 Use-after-free in Skia
+ CVE-2019-5785 Integer overflow in Skia
+ CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D

kernel-image-std-debug-4.14.101-alt1   build Kernel Bot, 2019-02-15


- v4.14.101 (Fixes: CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)

thunderbird-60.5.1-alt1   build Andrey Cherepanov, 2019-02-15


- New version (60.5.1).
- Fixes:
+ CVE-2018-18356 Use-after-free in Skia
+ CVE-2019-5785 Integer overflow in Skia
+ CVE-2018-18335 Buffer overflow in Skia with accelerated Canvas 2D
+ CVE-2018-18509 S/MIME signature spoofing

containerd-1.2.3-alt1   build Alexey Shabalin, 2019-02-13


- Snapshot of release/1.2 branch
- Fixes CVE-2019-5736.

runc-1.0.0-alt7.git0a012df   build Alexey Shabalin, 2019-02-13


- snapshot of master branch.
- Fixes CVE-2019-5736.

lxc-3.0.3-alt3   build Denis Pynkin, 2019-02-13


- Apply patch fixing the startup of LXD containers (after CVE-2019-5736)

pve-lxc-3.1.0-alt2   build Valery Inozemtsev, 2019-02-12


- merge fix for CVE-2019-5736

lxc-3.0.3-alt2   build Vladimir D. Seleznev, 2019-02-12


- built lxc-3.0.3-15-g94bb05e0 snapshot.
- fixes:
+ CVE-2019-5736: (runC) rexec callers as memfd.

mosquitto-1.5.6-alt1   build Pavel Vainerman, 2019-02-11


- new version (1.5.6) with rpmgs script
- fix CVE-2018-12551, CVE-2018-12550, CVE-2018-12546

kernel-image-un-def-4.19.20-alt1   build Kernel Bot, 2019-02-08


- v4.19.20 (Fixes: CVE-2018-16880)

curl-7.64.0-alt1   build Anton Farygin, 2019-02-06


- 7.64.0
- fixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read

chromium-72.0.3626.81-alt1   build Alexey Gladkov, 2019-02-04


- New version (72.0.3626.81).
- Security fixes:
- CVE-2019-5754: Inappropriate implementation in QUIC Networking.
- CVE-2019-5755: Inappropriate implementation in V8.
- CVE-2019-5756: Use after free in PDFium.
- CVE-2019-5757: Type Confusion in SVG.
- CVE-2019-5758: Use after free in Blink.
- CVE-2019-5759: Use after free in HTML select elements.
- CVE-2019-5760: Use after free in WebRTC.
- CVE-2019-5761: Use after free in SwiftShader.
- CVE-2019-5762: Use after free in PDFium.
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
- CVE-2019-5764: Use after free in WebRTC.
- CVE-2019-5765: Insufficient policy enforcement in the browser.
- CVE-2019-5766: Insufficient policy enforcement in Canvas.
- CVE-2019-5767: Incorrect security UI in WebAPKs.
- CVE-2019-5768: Insufficient policy enforcement in DevTools.
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
- CVE-2019-5770: Heap buffer overflow in WebGL.
- CVE-2019-5771: Heap buffer overflow in SwiftShader.
- CVE-2019-5772: Use after free in PDFium.
- CVE-2019-5773: Insufficient data validation in IndexedDB.
- CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
- CVE-2019-5775: Insufficient policy enforcement in Omnibox.
- CVE-2019-5776: Insufficient policy enforcement in Omnibox.
- CVE-2019-5777: Insufficient policy enforcement in Omnibox.
- CVE-2019-5778: Insufficient policy enforcement in Extensions.
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
- CVE-2019-5780: Insufficient policy enforcement.
- CVE-2019-5781: Insufficient policy enforcement in Omnibox.
- CVE-2019-5782: Inappropriate implementation in V8.
- CVE-2019-5783: Insufficient validation of untrusted input in DevTools.

firefox-esr-60.5.0-alt1   build Andrey Cherepanov, 2019-02-01


- New ESR version (60.5.0).
- Fixed:
+ CVE-2018-18500 Use-after-free parsing HTML5 stream
+ CVE-2018-18505 Privilege escalation through IPC channel messages
+ CVE-2018-18501 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

thunderbird-60.5.0-alt1   build Andrey Cherepanov, 2019-02-01


- New version (60.5.0).
- Fixes:
+ CVE-2018-18500 Use-after-free parsing HTML5 stream
+ CVE-2018-18505 Privilege escalation through IPC channel messages
+ CVE-2016-5824 DoS (use-after-free) via a crafted ics file
+ CVE-2018-18501 Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

firefox-65.0-alt1   build Alexey Gladkov, 2019-01-31


- New release (65.0).
- Fixed:
+ CVE-2018-18500: Use-after-free parsing HTML5 stream
+ CVE-2018-18503: Memory corruption with Audio Buffer
+ CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer
+ CVE-2018-18505: Privilege escalation through IPC channel messages
+ CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
+ CVE-2018-18502: Memory safety bugs fixed in Firefox 65
+ CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

python3-3.6.8-alt1   build Aleksei Nikiforov, 2019-01-29


- Updated to upstream version 3.6.8
- Removed dependency on rpm-build-python3 from python3 package (Closes: #35992)
- Applied security fix (Fixes: CVE-2019-5010)

libvorbis-1.3.6-alt2   build Dmitry V. Levin, 2019-01-28


- Backported upstream fixes (fixes: CVE-2017-14160, CVE-2018-10392, CVE-2018-10393).
- Fixed probabilistic behaviour of %check.

ghostscript-9.26-alt2   build Fr. Br. George, 2019-01-28


- Update patchset (CVE-2019-6116)

apache2-2.4.38-alt1   build Anton Farygin, 2019-01-25


- 2.4.38
- fixes:
* important: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190
* low: mod_session_cookie does not respect expiry time. CVE-2018-17199
* low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189

golang-1.11.5-alt1   build Alexey Shabalin, 2019-01-24


- 1.11.5
- fixed CPU DoS vulnerability affecting P-521 and P-384 (Fixes: CVE-2019-6486)
- add ppc64le to go_arches

kernel-image-std-pae-4.14.95-alt1   build Kernel Bot, 2019-01-24


- v4.14.95 (Fixes: CVE-2019-3701)

kernel-image-std-def-4.14.95-alt1   build Kernel Bot, 2019-01-24


- v4.14.95 (Fixes: CVE-2019-3701)

kernel-image-std-debug-4.14.95-alt1   build Kernel Bot, 2019-01-24


- v4.14.95 (Fixes: CVE-2019-3701)
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009