Sisyphus repository
Last update: 16 january 2019 | SRPMs: 18456 | Visits: 12831331
en ru br
Security fixes

adobe-flash-player-ppapi-32-alt1   build Sergey V Turchin, 2019-01-15


- new version (ALT#34555)
- security fixes:
CVE-2018-15978, CVE-2018-15981, CVE-2018-15982, CVE-2018-15983

wireshark-2.6.6-alt1   build Anton Farygin, 2019-01-13


- 2.6.6
- fixes:
* The 6LoWPAN dissector could crash. CVE-2019-5716
* The P_MUL dissector could crash. CVE-2019-5717
* The RTSE dissector and other dissectors could crash. CVE-2019-5718
* The ISAKMP dissector could crash. CVE-2019-5719

kernel-image-std-debug-4.14.92-alt1   build Kernel Bot, 2019-01-10


- v4.14.92 (Fixes: CVE-2018-19985)

kernel-image-un-def-4.19.14-alt1   build Kernel Bot, 2019-01-10


- v4.19.14 (Fixes: CVE-2018-19985)

polkit-0.115-alt5   build Yuri N. Sedunov, 2019-01-09


- updated to 0.115-26-gc898fdf (fixed CVE-2018-19788)

krb5-1.16.3-alt1   build Ivan A. Melnikov, 2019-01-08


- 1.16.3 (CVE-2018-20217)
- apply bootstrap and e2k tweaks (mike@) (closes: #32982)
+ introduce doc, ldap, selinux, verto knobs (on by default)
+ conditionally package bundled libverto
+ e2k: disable -Werror={pointer-arith,uninitialized} (lcc)

openconnect-8.01-alt1   build Alexey Shabalin, 2019-01-08


- new version 8.01
- fixed clear form submissions before freeing (CVE-2018-20319)

systemd-240-alt3   build Mikhail Efremov, 2019-01-08


- journald: set a limit on the number of fields once more.
- Backported patches from upstream (fixes: CVE-2018-16864, CVE-2018-16865).

mailman-2.1.29-alt1   build Dmitry V. Levin, 2019-01-06


- 2.1.26 -> 2.1.29 (fixes: CVE-2018-0618, CVE-2018-13796).
- Enhanced init script.
- Added tmpfiles.d(5) rules and a systemd unit file for mailman.

tar-1.31-alt1   build Dmitry V. Levin, 2019-01-02


- tar: release_1_30-38-g3c2a2cd -> release_1_31 (fixes: CVE-2018-20482).
- gnulib: v0.1-2305-g95c96b6dd -> v0.1-2313-g4652c7baf.

patch-2.7.6.0.17.9c98-alt1   build Dmitry V. Levin, 2018-12-26


- patch:
+ v2.7.6-15-g369dccc -> v2.7.6-17-g9c98635 (fixes: CVE-2018-6952);
+ Fix error handling with git-style patches (by Lubomir Rintel).
- gnulib: v0.1-1209-g24b3216 -> v0.1-2305-g95c96b6dd.

libraw-0.19.2-alt1   build Yuri N. Sedunov, 2018-12-24


- 0.19.2 (fixed CVE-2018-20363, CVE-2018-20364, CVE-2018-20365)

samba-4.9.4-alt1   build Evgeny Sinelnikov, 2018-12-20


- Update to first winter security release
- Security fixes regressions:
+ CVE-2018-16853 Do not segfault if client is not set
+ CVE-2018-14629 Fix CNAME loop prevention using counter regression

samba-DC-4.9.4-alt1   build Evgeny Sinelnikov, 2018-12-20


- Update to first winter security release
- Security fixes regressions:
+ CVE-2018-16853 Do not segfault if client is not set
+ CVE-2018-14629 Fix CNAME loop prevention using counter regression

firefox-64.0-alt1   build Alexey Gladkov, 2018-12-20


- New release (64.0).
- Fixed:
+ CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
+ CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492: Use-after-free with select element
+ CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
+ CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
+ CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
+ CVE-2018-18498: Integer overflow when calculating buffer sizes for images
+ CVE-2018-12406: Memory safety bugs fixed in Firefox 64
+ CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

chromium-71.0.3578.98-alt1   build Alexey Gladkov, 2018-12-14


- New version (71.0.3578.98).
- Security fixes:
- CVE-2018-17481: Use after free in PDFium.

kernel-image-std-pae-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

kernel-image-std-def-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

kernel-image-un-def-4.19.9-alt1   build Kernel Bot, 2018-12-13


- v4.19.9 (Fixes: CVE-2018-14625)

kernel-image-std-debug-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

firefox-esr-60.4.0-alt1   build Andrey Cherepanov, 2018-12-11


- New ESR version (60.4.0)
- Fixed:
+ CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492 Use-after-free with select element
+ CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18498 Integer overflow when calculating buffer sizes for images
+ CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

cve-manager-0.19.0-alt1   build Alexey Appolonov, 2018-12-10


- Ability to run in multiprocessing mode;
- Ability to exclude data sources;
- Modified user interface of the cve-monitor;
- Showing CVSS score in cve-monitor reports;
- Ability to order monitoring results in various ways;
- Ability to group packages with unfixed vulnerabilities in cve-monitor reports;
- All printing operations carried by Printer class, which not only makes life
easier but brings cool features like buffering the input for later mailout;
- Ability to run in 'silent' mode;
- Ability to send emails with cve-monitor reports.

nettle-3.4.1-alt1   build Mikhail Efremov, 2018-12-06


- Updated to 3.4.1 (fixes: CVE-2018-16869).

kernel-image-std-pae-4.14.86-alt1   build Kernel Bot, 2018-12-06


- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)

gnutls30-3.6.5-alt1   build Mikhail Efremov, 2018-12-06


- Updated to 3.6.5 (fixes: CVE-2018-16868).
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin