Sisyphus repository
Last update: 25 may 2020 | SRPMs: 17559 | Visits: 18609503
en ru br
Security fixes

wireshark-3.2.4-alt1   build Anton Farygin, 2020-05-25


- 3.2.4
- fixes:
* the NFS dissector could crash. CVE-2020-13164

ffmpeg-4.2.3-alt1   build Anton Farygin, 2020-05-25


- 4.2.3 (Fixes: CVE-2019-13312,CVE-2020-12284)

unbound-1.10.2-alt1   build Alexei Takaseev, 2020-05-22


- 1.10.2
- (Fixes CVE-2020-12662, CVE-2020-12663)

knot-resolver-5.1.1-alt1   build Alexey Shabalin, 2020-05-22


- 5.1.1 (Fixes: CVE-2020-12667)

dovecot-2.3.10.1-alt1   build Gleb F-Malinovskiy, 2020-05-20


- Updated to 2.3.10.1 (fixes CVE-2020-10957, CVE-2020-10958, CVE-2020-10967).

sqlite3-3.31.1-alt1   build Vladimir D. Seleznev, 2020-05-19


- Updated to 3.31.1.
- Backported fix for problems in the constant propagation optimization.
- Backported CVE fixes (fixes CVE-2020-9327 and CVE-2020-11655).

bind-9.11.19-alt1   build Stanislav Levin, 2020-05-19


- 9.11.18 -> 9.11.19 (fixes: CVE-2020-8616, CVE-2020-8617).

edk2-20200229-alt1   build Alexey Shabalin, 2020-05-16


- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)

edk2-tools-20200229-alt1   build Alexey Shabalin, 2020-05-16


- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)

grafana-6.7.3-alt1   build Alexey Shabalin, 2020-05-15


- 6.7.3
- create grafana.db on first installation
- change permissions of /var/lib/grafana to 750 (Fixes: CVE-2020-12458)
- change permissions of /var/lib/grafana/grafana.db to 640 and
user/group grafana:grafana (CVE-2020-12458)

chromium-81.0.4044.138-alt1   build Alexey Gladkov, 2020-05-13


- New version (81.0.4044.138).
- Security fixes:
- CVE-2020-6464: Type Confusion in Blink.
- CVE-2020-6831: Stack buffer overflow in SCTP.
- CVE-2020-6461: Use after free in storage.
- CVE-2020-6462: Use after free in task scheduling.
- CVE-2020-6458: Out of bounds read and write in PDFium.
- CVE-2020-6459: Use after free in payments.
- CVE-2020-6460: Insufficient data validation in URL formatting.
- CVE-2020-6463: Use after free in ANGLE.

kde5-kio-extras-19.12.3-alt2   build Sergey V Turchin, 2020-05-12


- don't store unasked fish:/ passwords (Fixes: CVE-2020-12755)

oddjob-0.34.6-alt1   build Stanislav Levin, 2020-05-12


- 0.34.4 -> 0.34.6 (fixes: CVE-2020-10737).

freerdp-2.1.0-alt1   build Andrey Cherepanov, 2020-05-10


- New version (2.1.0) (Fixes: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018).

salt-3000.2-alt1   build Andrey Cherepanov, 2020-05-08


- New version.
- Remove local copy documentation mention in service files.
- Fix build with Python 3.8.
- Improve detection of ALT distro.
- Fixes:
+ CVE-2020-11651
+ CVE-2020-11652

libslirp-4.3.0-alt1   build Alexey Shabalin, 2020-05-08


- new version 4.3.0 (Fixes: CVE-2020-1983)

firefox-76.0-alt1   build Alexey Gladkov, 2020-05-06


- New release (76.0).
- Security fixes:
+ CVE-2020-12387: Use-after-free during worker shutdown
+ CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
+ CVE-2020-12389: Sandbox escape with improperly separated process types
+ CVE-2020-6831: Buffer overflow in SCTP chunk input validation
+ CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
+ CVE-2020-12391: Content-Security-Policy bypass using object elements
+ CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2020-12394: URL spoofing in location bar when unfocussed
+ CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
+ CVE-2020-12396: Memory safety bugs fixed in Firefox 76

firefox-esr-68.8.0-alt1   build Andrey Cherepanov, 2020-05-05


- New ESR version (68.8.0).
- Fixes:
+ CVE-2020-12387 Use-after-free during worker shutdown
+ CVE-2020-12388 Sandbox escape with improperly guarded Access Tokens
+ CVE-2020-12389 Sandbox escape with improperly separated process types
+ CVE-2020-6831 Buffer overflow in SCTP chunk input validation
+ CVE-2020-12392 Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2020-12395 Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8

thunderbird-68.8.0-alt1   build Andrey Cherepanov, 2020-05-05


- New version (68.8.0).
- Fixes:
+ CVE-2020-12397 Sender Email Address Spoofing using encoded Unicode characters
+ CVE-2020-12387 Use-after-free during worker shutdown
+ CVE-2020-6831 Buffer overflow in SCTP chunk input validation
+ CVE-2020-12392 Arbitrary local file access with 'Copy as cURL'
+ CVE-2020-12393 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2020-12395 Memory safety bugs fixed in Thunderbird 68.8.0

kernel-image-std-def-5.4.36-alt1   build Kernel Bot, 2020-04-30


- v5.4.36 (Fixes: CVE-2020-11884)

kernel-image-std-debug-5.4.36-alt1   build Kernel Bot, 2020-04-30


- v5.4.36 (Fixes: CVE-2020-11884)

samba-4.11.8-alt1   build Evgeny Sinelikov, 2020-04-28


- Update to latest stable security release of the Samba 4.11
- Security fixes:
+ CVE-2020-10700: Fix use-after-free in AD DC LDAP server when ASQ and paged_results combined
+ CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in Samba AD DC

MySQL-8.0.20-alt1   build Nikolai Kostrigin, 2020-04-28


- new version
+ (fixes: CVE-2019-15601, CVE-2020-2780, CVE-2020-2804, CVE-2020-2760)
+ (fixes: CVE-2020-2893, CVE-2020-2895, CVE-2020-2898, CVE-2020-2903)
+ (fixes: CVE-2020-2896, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897)
+ (fixes: CVE-2020-2923, CVE-2020-2924, CVE-2020-2901, CVE-2020-2928)
+ (fixes: CVE-2020-2904, CVE-2020-2925, CVE-2020-2759, CVE-2020-2763)
+ (fixes: CVE-2020-2812, CVE-2020-2926, CVE-2020-2921, CVE-2020-2930)
- spec: fix bogus dates and trailing space in changelog
- update alt-chroot patch
- update alt-client patch
- solve unpackaged files warnings

opensc-0.20.0-alt1   build Andrey Cherepanov, 2020-04-27


- New version.
- Fixes:
+ CVE-2019-6502 (#1586)
+ CVE-2019-15946 (a3fc769)
+ CVE-2019-15945 (412a614)
+ CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7)
+ CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278)
+ CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2)
- Fix License tag according to SPDX.

kernel-image-std-pae-5.4.35-alt1   build Kernel Bot, 2020-04-24


- v5.4.35 (Fixes: CVE-2019-19377)
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin