Sisyphus repository
Last update: 12 november 2018 | SRPMs: 18666 | Visits: 12530002
en ru br
Security fixes

postgresql10-10.6-alt1   build Alexei Takaseev, 2018-11-08


- 10.6
- Fix CVE-2018-16850

postgresql10-1C-10.6-alt1   build Alexei Takaseev, 2018-11-08


- 10.6
- Fix CVE-2018-16850

postgresql11-11.1-alt1   build Alexei Takaseev, 2018-11-08


- 11.1
- Fix CVE-2018-16850

libopenjpeg2.0-2.3.0-alt2   build Yuri N. Sedunov, 2018-11-07


- use -DBUILD_STATIC_LIBS=OFF (ALT #35586)
- fixed .cmake-files (ALT#35585)
- applied upstream fix for CVE-2018-5785

nginx-1.14.1-alt1   build Anton Farygin, 2018-11-06


- 1.14.1 (fixes: CVE-2018-16845, CVE-2018-16843, CVE-2018-16844)

icecast-2.4.4-alt1   build Aleksei Nikiforov, 2018-11-06


- Updated to upstream version 2.4.4 (Fixes: CVE-2018-18820).

ffmpeg-4.0.3-alt1   build Anton Farygin, 2018-11-05


- 4.0.3 (fixes: CVE-2018-15822)

p7zip-16.02-alt3   build Michael Shigorin, 2018-11-04


- applied debian security patches
(Fixes: CVE-2016-9296, CVE-2017-17969, CVE-2018-5996, CVE-2018-10115)
- avoid tarball compression
- minor spec cleanup

NetworkManager-1.14.5-alt1.gitba83251bba87   build Mikhail Efremov, 2018-11-01


- Upstream git snapshot (nm-1-14 branch) (fixes: CVE-2018-15688).

curl-7.62.0-alt1   build Anton Farygin, 2018-10-31


- 7.62.0
- fixes:
* CVE-2018-16839 - buffer overrun in the SASL authentication code.
* CVE-2018-16840 - use-after-free in handle close
* CVE-2018-16842 - warning message out-of-buffer read

systemd-239-alt3   build Alexey Shabalin, 2018-10-29


- merge with v239-stable
- Fixes for the following security vulnerabilities:
+ CVE-2018-15688 dhcp6: make sure we have enough space for the DHCP6 option header
+ CVE-2018-15687 chown-recursive: rework the recursive logic to use O_PATH

firefox-esr-60.3.0-alt1   build Andrey Cherepanov, 2018-10-23


- New ESR version (60.3.0).
- Fixed:
+ CVE-2018-12391 HTTP Live Stream audio data is accessible cross-origin
+ CVE-2018-12392 Crash with nested event loops
+ CVE-2018-12393 Integer overflow during Unicode conversion while loading JavaScript
+ CVE-2018-12395 WebExtension bypass of domain restrictions through header rewriting
+ CVE-2018-12396 WebExtension content scripts can execute in disallowed contexts
+ CVE-2018-12397 WebExtension can request access to local files without the warning prompt
+ CVE-2018-12389 Memory safety bugs fixed in Firefox ESR 60.3
+ CVE-2018-12390 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

libyaml-cpp0-0.6.2-alt2   build Aleksei Nikiforov, 2018-10-22


- Applied patches from Fedora (Fixes: CVE-2017-5950)

chromium-70.0.3538.67-alt1   build Alexey Gladkov, 2018-10-22


- New version (70.0.3538.67).
- Security fixes:
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.

kernel-image-std-pae-4.4.162-alt1   build Kernel Bot, 2018-10-20


- v4.4.162 (Fixes: CVE-2018-10879)

clamav-0.100.2-alt1   build Sergey Y. Afonin, 2018-10-17


- 0.100.2 (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)

libssh-0.8.4-alt1   build Sergey V Turchin, 2018-10-17


- new version
- security fix: CVE-2018-10933

libssh-0.8.4-alt2   build Sergey V Turchin, 2018-10-17


- fix changelog
- security fixes: CVE-2018-10933

texlive-2018-alt1_4   build Igor Vlasenko, 2018-10-16


- new version; fixes CVE-2018-17407

kernel-image-std-pae-4.4.161-alt1   build Kernel Bot, 2018-10-15


- v4.4.161 (Fixes: CVE-2018-10879, CVE-2018-10880, CVE-2018-7755)

kernel-image-std-def-4.14.76-alt1   build Kernel Bot, 2018-10-15


- v4.14.76 (Fixes: CVE-2018-15471)

cve-manager-0.18.0-alt1   build Alexey Appolonov, 2018-10-15


- Names of avalible branches are section names of the conf;
- Each branch now have a set of params;
- Renaming 'paths' section of the conf to 'common';
- Skipping repetition of branch sections in conf;
- There is no cve-import's "--space" param anymore;
- Russian manual.

kernel-image-un-def-4.18.14-alt1   build Kernel Bot, 2018-10-15


- v4.18.14 (Fixes: CVE-2018-15471)

kernel-image-std-debug-4.14.76-alt1   build Kernel Bot, 2018-10-15


- v4.14.76 (Fixes: CVE-2018-15471)

wireshark-2.6.4-alt1   build Anton Farygin, 2018-10-13


- 2.6.4 (fixes: CVE-2018-18227, CVE-2018-18225, CVE-2018-18225, CVE-2018-12086)
- disabled build gtk+ UI
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin