Sisyphus repository
Last update: 19 september 2020 | SRPMs: 17690 | Visits: 19250518
en ru br
Security fixes

samba-4.11.13-alt1   build Evgeny Sinelikov, 2020-09-19


- Update to latest stable security release of the Samba 4.11
- Security fixes:
+ CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon")
https://www.samba.org/samba/security/CVE-2020-1472.html

node-14.11.0-alt1   build Vitaly Lipatov, 2020-09-16


- new version 14.11.0 (with rpmrb script)
- CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical)
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High)

golang-1.15.2-alt1   build Alexey Shabalin, 2020-09-11


- New version (1.15.2). (Fixes: CVE-2020-24553)

kernel-image-std-pae-5.4.64-alt1   build Kernel Bot, 2020-09-10


- v5.4.64 (Fixes: CVE-2020-12888, CVE-2020-14386)

kernel-image-std-debug-5.4.64-alt1   build Kernel Bot, 2020-09-10


- v5.4.64 (Fixes: CVE-2020-12888, CVE-2020-14386)

gnutls30-3.6.15-alt1   build Mikhail Efremov, 2020-09-09


- Updated Url tag.
- Updated to 3.6.15 (fixes: CVE-2020-24659).

cve-manager-0.36.4-alt1   build Alexey Appolonov, 2020-09-02


- Handling of a situation when a branch that being processed with the
cve-history module has no *_src or *_issues tables;
- Comparisons of symbolic versions versus numeric versions are filtered out
during a detection of issues.

thunderbird-78.2.1-alt1   build Andrey Cherepanov, 2020-09-02


- New version (78.2.1).
- Fixes:
+ CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664 Attacker-induced prompt for extension installation
+ CVE-2020-15670 Memory safety bugs fixed in Thunderbird 78.2
- Build without thunderbird-enigmail because this extension is not compatible
with Thunderbird 78.x.

chromium-85.0.4183.83-alt1   build Alexey Gladkov, 2020-08-31


- New version (85.0.4183.83).
- Security fixes:
- CVE-2020-6558: Insufficient policy enforcement in iOS.
- CVE-2020-6559: Use after free in presentation API.
- CVE-2020-6560: Insufficient policy enforcement in autofill.
- CVE-2020-6561: Inappropriate implementation in Content Security Policy.
- CVE-2020-6562: Insufficient policy enforcement in Blink.
- CVE-2020-6563: Insufficient policy enforcement in intent handling.
- CVE-2020-6564: Incorrect security UI in permissions.
- CVE-2020-6565: Incorrect security UI in Omnibox.
- CVE-2020-6566: Insufficient policy enforcement in media.
- CVE-2020-6567: Insufficient validation of untrusted input in command line handling.
- CVE-2020-6568: Insufficient policy enforcement in intent handling.
- CVE-2020-6569: Integer overflow in WebUSB.
- CVE-2020-6570: Side-channel information leakage in WebRTC.
- CVE-2020-6571: Incorrect security UI in Omnibox.

sudo-1.8.31p2-alt1   build Evgeny Sinelnikov, 2020-08-30


- Update to latest release (Fixes: CVE-2019-18634)

firefox-80.0-alt1   build Alexey Gladkov, 2020-08-27


- New release (80.0).
- Security fixes:
+ CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664: Attacker-induced prompt for extension installation
+ CVE-2020-12401: Timing-attack on ECDSA signature generation
+ CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
+ CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
+ CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
+ CVE-2020-15666: MediaError message property leaks cross-origin response status
+ CVE-2020-15667: Heap overflow when processing an update file
+ CVE-2020-15668: Data Race when reading certificate information
+ CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

chrony-3.5.1-alt1   build Anton Farygin, 2020-08-26


- 3.5.1 (fixes: CVE-2020-14367)

libX11-1.6.12-alt1   build Valery Inozemtsev, 2020-08-25


- 1.6.12 (fixes: CVE-2020-14363)

libvncserver-0.9.13-alt1   build Sergey V Turchin, 2020-08-25


- new version
- security (fixes: CVE-2018-21247, CVE-2019-20839, CVE-2019-20840,
CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399,
CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403,
CVE-2020-14404, CVE-2020-14405)

xorg-server-1.20.9-alt1   build Valery Inozemtsev, 2020-08-25


- 1.20.9 (fixes: CVE-2020-14346, CVE-2020-14361, CVE-2020-1436)

firefox-esr-78.2.0-alt1   build Andrey Cherepanov, 2020-08-25


- New release (78.2.0).
+ CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
+ CVE-2020-15664 Attacker-induced prompt for extension installation
+ CVE-2020-15670 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

kernel-image-std-debug-5.4.60-alt1   build Kernel Bot, 2020-08-24


- v5.4.60 (Fixes: CVE-2019-19448, CVE-2019-19770, CVE-2020-14331)

kernel-image-std-pae-5.4.60-alt1   build Kernel Bot, 2020-08-24


- v5.4.60 (Fixes: CVE-2019-19448, CVE-2019-19770, CVE-2020-14331)

kernel-image-std-def-5.4.60-alt1   build Kernel Bot, 2020-08-24


- v5.4.60 (Fixes: CVE-2019-19448, CVE-2019-19770, CVE-2020-14331)

libexif-0.6.22-alt2   build Dmitriy Khanzhin, 2020-08-21


- added upstream commits:
+ fixed another unsigned integer overflow (fixes CVE-2020-0198)
+ use correct integer type on PowerPC/RISC-based systems

bind-9.11.22-alt1   build Stanislav Levin, 2020-08-21


- 9.11.20 -> 9.11.22 (fixes: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624).

firejail-0.9.62.4-alt1   build Aleksei Nikiforov, 2020-08-19


- Updated to upstream version 0.9.62.4 (Fixes: CVE-2020-17367, CVE-2020-17368).

curl-7.72.0-alt1   build Anton Farygin, 2020-08-19


- 7.72.0
- fixes:
* CVE-2020-8231: libcurl: wrong connect-only connection

thunderbird-78.1.1-alt1   build Aleksei Nikiforov, 2020-08-18


- Updated to upstream version 78.1.1 (thx to cas@ and sbolshakov@).
- Fixes:
+ CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker
+ CVE-2020-6514 WebRTC data channel leaks internal address to peer
+ CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy
+ CVE-2020-15653 Bypassing iframe sandbox when allowing popups
+ CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ CVE-2020-15656 Type confusion for special arguments in IonMonkey
+ CVE-2020-15658 Overriding file type when saving to disk
+ CVE-2020-15657 DLL hijacking due to incorrect loading path
+ CVE-2020-15654 Custom cursor can overlay user interface
+ CVE-2020-15659 Memory safety bugs fixed in Thunderbird 78.1

lilypond-2.20.0-alt3   build Vladimir D. Seleznev, 2020-08-16


- Fixes CVE-2020-17353.
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin