Sisyphus repository
Last update: 22 january 2020 | SRPMs: 17492 | Visits: 16760134
en ru br
Security fixes

wireshark-3.0.8-alt1   build Anton Farygin, 2020-01-21


- 3.0.8
- disabled sharkd build
- fixes:
* BT ATT dissector crash. CVE-2020-7045

kernel-image-std-pae-4.19.96-alt1   build Kernel Bot, 2020-01-15


- v4.19.96(Fixes:_CVE-2019-14615,_CVE-2019-14895)

kernel-image-std-def-4.19.96-alt1   build Kernel Bot, 2020-01-15


- v4.19.96(Fixes:_CVE-2019-14615,_CVE-2019-14895)

kernel-image-un-def-5.4.12-alt1   build Kernel Bot, 2020-01-15


- v5.4.12(Fixes:_CVE-2019-14615,_CVE-2019-14895)

kernel-image-std-debug-4.19.96-alt1   build Kernel Bot, 2020-01-15


- v4.19.96(Fixes:_CVE-2019-14615,_CVE-2019-14895)

firefox-esr-68.4.1-alt1   build Andrey Cherepanov, 2020-01-08


- New ESR version (68.4.1).
- Fixed:
+ CVE-2019-17015 Memory corruption in parent process during new content process initialization on Windows
+ CVE-2019-17016 Bypass of @namespace CSS sanitization during pasting
+ CVE-2019-17017 Type Confusion in XPCVariant.cpp
+ CVE-2019-17021 Heap address disclosure in parent process during content process initialization on Windows
+ CVE-2019-17022 CSS sanitization does not escape HTML tags
+ CVE-2019-17024 Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

cve-manager-0.29.1-alt1   build Alexey Appolonov, 2020-01-06


- Fix of bug that was causing abortion of 'cve-issues' module.

spamassassin-3.4.3-alt1   build Sergey Y. Afonin, 2020-01-03


- 3.4.3 (fixes: CVE-2018-11805, CVE-2019-12420)
- updated %License to SPDX syntax

kernel-image-std-pae-4.19.92-alt1   build Kernel Bot, 2020-01-01


- v4.19.92 (Fixes: CVE-2019-19037)

kernel-image-std-def-4.19.92-alt1   build Kernel Bot, 2020-01-01


- v4.19.92 (Fixes: CVE-2019-19037)

cyrus-imapd-3.0.13-alt1   build Sergey Y. Afonin, 2020-01-01


- 3.0.13 (fixes: CVE-2019-19783)

kernel-image-un-def-5.4.7-alt1   build Kernel Bot, 2020-01-01


- v5.4.7 (Fixes: CVE-2019-19037)

kernel-image-std-debug-4.19.92-alt1   build Kernel Bot, 2020-01-01


- v4.19.92 (Fixes: CVE-2019-19037)

mediawiki-1.34.0-alt1   build Vitaly Lipatov, 2019-12-22


- new version 1.34.0 (with rpmrb script)
- CVE-2019-19709

php7-7.3.13-alt1   build Anton Farygin, 2019-12-20


- 7.3.13. (Fixes: CVE-2019-11046, CVE-2019-11045, CVE-2019-11049,
CVE-2019-11050, CVE-2019-11047)

chromium-79.0.3945.79-alt1   build Alexey Gladkov, 2019-12-16


- New version (79.0.3945.79).
- Security fixes:
- CVE-2019-13725: Use after free in Bluetooth.
- CVE-2019-13726: Heap buffer overflow in password manager.
- CVE-2019-13727: Insufficient policy enforcement in WebSockets.
- CVE-2019-13728: Out of bounds write in V8.
- CVE-2019-13729: Use after free in WebSockets.
- CVE-2019-13730: Type Confusion in V8.
- CVE-2019-13732: Use after free in WebAudio.
- CVE-2019-13734: Out of bounds write in SQLite.
- CVE-2019-13735: Out of bounds write in V8.
- CVE-2019-13736: Integer overflow in PDFium.
- CVE-2019-13737: Insufficient policy enforcement in autocomplete.
- CVE-2019-13738: Insufficient policy enforcement in navigation.
- CVE-2019-13739: Incorrect security UI in Omnibox.
- CVE-2019-13740: Incorrect security UI in sharing.
- CVE-2019-13741: Insufficient validation of untrusted input in Blink.
- CVE-2019-13742: Incorrect security UI in Omnibox.
- CVE-2019-13743: Incorrect security UI in external protocol handling.
- CVE-2019-13744: Insufficient policy enforcement in cookies.
- CVE-2019-13745: Insufficient policy enforcement in audio.
- CVE-2019-13746: Insufficient policy enforcement in Omnibox.
- CVE-2019-13747: Uninitialized Use in rendering.
- CVE-2019-13748: Insufficient policy enforcement in developer tools.
- CVE-2019-13749: Incorrect security UI in Omnibox.
- CVE-2019-13750: Insufficient data validation in SQLite.
- CVE-2019-13751: Uninitialized Use in SQLite.
- CVE-2019-13752: Out of bounds read in SQLite.
- CVE-2019-13753: Out of bounds read in SQLite.
- CVE-2019-13754: Insufficient policy enforcement in extensions.
- CVE-2019-13755: Insufficient policy enforcement in extensions.
- CVE-2019-13756: Incorrect security UI in printing.
- CVE-2019-13757: Incorrect security UI in Omnibox.
- CVE-2019-13758: Insufficient policy enforcement in navigation.
- CVE-2019-13759: Incorrect security UI in interstitials.
- CVE-2019-13761: Incorrect security UI in Omnibox.
- CVE-2019-13762: Insufficient policy enforcement in downloads.
- CVE-2019-13763: Insufficient policy enforcement in payments.
- CVE-2019-13764: Type Confusion in V8.

kernel-image-std-pae-4.19.89-alt1   build Kernel Bot, 2019-12-14


- v4.19.89 (Fixes: CVE-2019-19332)

kernel-image-std-def-4.19.89-alt1   build Kernel Bot, 2019-12-14


- v4.19.89 (Fixes: CVE-2019-19332)

kernel-image-un-def-5.4.3-alt1   build Kernel Bot, 2019-12-14


- v5.4.3 (Fixes: CVE-2019-18660, CVE-2019-19332)

kernel-image-std-debug-4.19.89-alt1   build Kernel Bot, 2019-12-14


- v4.19.89 (Fixes: CVE-2019-19332)

unbound-1.9.6-alt1   build Alexei Takaseev, 2019-12-13


- 1.9.6 (Fixes CVE-2019-18934)

samba-4.10.11-alt1   build Evgeny Sinelikov, 2019-12-13


- Update to last security winter release
- Security fixes:
+ CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server
+ CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC

crun-0.10.6-alt1   build Alexey Shabalin, 2019-12-11


- 0.10.6 (fixes: CVE-2019-18837)

libssh-0.9.3-alt1   build Sergey V Turchin, 2019-12-11


- new version
- security (Fixes: CVE-2019-14889)

wireshark-3.0.7-alt1   build Anton Farygin, 2019-12-09


- 3.0.7
- fixes:
* CMS dissector crash. CVE-2019-19553
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin