Sisyphus repository
Last update: 18 january 2021 | SRPMs: 17780 | Visits: 20077504
en ru br
Security fixes

italc3-3.0.3-alt3   build Andrey Cherepanov, 2021-01-15


- Apply patches from Debian (fixes CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20748, CVE-2018-20748, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681).

kernel-image-std-def-5.4.89-alt1   build Kernel Bot, 2021-01-13


- v5.4.89 (Fixes: CVE-2020-28374)

kernel-image-un-def-5.10.7-alt1   build Kernel Bot, 2021-01-13


- v5.10.7 (Fixes: CVE-2020-28374)

kernel-image-std-debug-5.4.89-alt1   build Kernel Bot, 2021-01-13


- v5.4.89 (Fixes: CVE-2020-28374)

dovecot-2.3.13-alt1   build Andrey Cherepanov, 2021-01-12


- Updated to 2.3.13 (fixes CVE-2020-24386, CVE-2020-25275).

thunderbird-78.6.1-alt1   build Andrey Cherepanov, 2021-01-12


- New version (78.6.1).
- Security fixes:
+ CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

chromium-gost-87.0.4280.141-alt0   build Alexey Gladkov, 2021-01-08


- New version (87.0.4280.141).
- Security fixes:
- CVE-2020-15995: Out of bounds write in V8.
- CVE-2020-16043: Insufficient data validation in networking.
- CVE-2021-21106: Use after free in autofill.
- CVE-2021-21107: Use after free in drag and drop.
- CVE-2021-21108: Use after free in media.
- CVE-2021-21109: Use after free in payments.
- CVE-2021-21110: Use after free in safe browsing.
- CVE-2021-21111: Insufficient policy enforcement in WebUI.
- CVE-2021-21112: Use after free in Blink.
- CVE-2021-21113: Heap buffer overflow in Skia.
- CVE-2021-21114: Use after free in audio.
- CVE-2021-21115: Use after free in safe browsing.
- CVE-2021-21116: Heap buffer overflow in audio.

chromium-87.0.4280.141-alt1   build Alexey Gladkov, 2021-01-08


- New version (87.0.4280.141).
- Security fixes:
- CVE-2020-15995: Out of bounds write in V8.
- CVE-2020-16043: Insufficient data validation in networking.
- CVE-2021-21106: Use after free in autofill.
- CVE-2021-21107: Use after free in drag and drop.
- CVE-2021-21108: Use after free in media.
- CVE-2021-21109: Use after free in payments.
- CVE-2021-21110: Use after free in safe browsing.
- CVE-2021-21111: Insufficient policy enforcement in WebUI.
- CVE-2021-21112: Use after free in Blink.
- CVE-2021-21113: Heap buffer overflow in Skia.
- CVE-2021-21114: Use after free in audio.
- CVE-2021-21115: Use after free in safe browsing.
- CVE-2021-21116: Heap buffer overflow in audio.

firefox-84.0.2-alt1   build Alexey Gladkov, 2021-01-06


- New release (84.0.2).
- Security fixes:
+ CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
- Add firefox GNOME Shell search provider.
- Enable smooth scrolling option.

firefox-esr-78.6.1-alt1   build Andrey Cherepanov, 2021-01-06


- New version (78.6.1).
- Security fixes:
+ CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

curl-7.74.0-alt1   build Anton Farygin, 2020-12-30


- 7.74.0
- Fixes:
* CVE-2020-8286 Inferior OCSP verification
* CVE-2020-8285 FTP wildcard stack overflow
* CVE-2020-8284 trusting FTP PASV responses

libopenjpeg2.0-2.4.0-alt1   build Yuri N. Sedunov, 2020-12-29


- updated to v2.4.0-2-gb897e2cb (fixed CVE-2020-8112, CVE-2020-6851
CVE-2019-6988, CVE-2019-12973)
- new -devel-doc subpackage
- fixed License tag

roundcube-1.4.10-alt1   build Vitaly Lipatov, 2020-12-28


- new version 1.4.10 (with rpmrb script)
- CVE-2020-35730

openldap-2.4.56-alt1   build Alexey Shabalin, 2020-12-27


- 2.4.55 (Fixes: CVE-2020-25692)

ceph-15.2.8-alt1   build Alexey Shabalin, 2020-12-24


- 15.2.8
- Fixes for the following security vulnerabilities:
+ CVE-2020-27781 OpenStack Manila use of ceph_volume_client.py library
allowed tenant access to any Ceph credential's secret.

mediawiki-1.35.1-alt1   build Vitaly Lipatov, 2020-12-23


- new version 1.35.1 (with rpmrb script)
- T268894, CVE-2020-35474, T268917, CVE-2020-35475
- T268938, CVE-2020-35478, CVE-2020-35479
- T205908, CVE-2020-35477, T120883, CVE-2020-35480

chromium-gost-87.0.4280.88-alt1   build Alexey Gladkov, 2020-12-20


- New version (87.0.4280.88).
- Security fixes:
- CVE-2020-16037: Use after free in clipboard.
- CVE-2020-16038: Use after free in media.
- CVE-2020-16039: Use after free in extensions.
- CVE-2020-16040: Insufficient data validation in V8.
- CVE-2020-16041: Out of bounds read in networking.
- CVE-2020-16042: Uninitialized Use in V8.

chromium-87.0.4280.88-alt1   build Alexey Gladkov, 2020-12-20


- New version (87.0.4280.88).
- Security fixes:
- CVE-2020-16037: Use after free in clipboard.
- CVE-2020-16038: Use after free in media.
- CVE-2020-16039: Use after free in extensions.
- CVE-2020-16040: Insufficient data validation in V8.
- CVE-2020-16041: Out of bounds read in networking.
- CVE-2020-16042: Uninitialized Use in V8.

libdb4.7-4.7.25-alt10   build Dmitry V. Levin, 2020-12-19


- Do not access DB_CONFIG when env->db_home is not set (fixes: CVE-2017-10140).
- Build without RPC support.

wildmidi-0.4.3-alt1   build Aleksei Nikiforov, 2020-12-18


- Updated to upstream version 0.4.3 (Fixes: CVE-2017-1000418).

a2ps-4.14-alt3   build Aleksei Nikiforov, 2020-12-18


- Applied security patches from Debian and Gentoo (Fixes: CVE-2014-0466, CVE-2015-8107).

icoutils-0.32.3-alt1   build Aleksei Nikiforov, 2020-12-17


- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208,
CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).

dnstracer-1.9-alt2   build Aleksei Nikiforov, 2020-12-17


- Applied security patch from Gentoo (Fixes: CVE-2017-9430).

firefox-84.0-alt1   build Alexey Gladkov, 2020-12-17


- New release (84.0).
- Security fixes:
+ CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
+ CVE-2020-26971: Heap buffer overflow in WebGL
+ CVE-2020-26972: Use-After-Free in WebGL
+ CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
+ CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
+ CVE-2020-26975: Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers
+ CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
+ CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
+ CVE-2020-26979: When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended url
+ CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
+ CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
+ CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
+ CVE-2020-35114: Memory safety bugs fixed in Firefox 84

mgetty-1.2.1-alt1   build Aleksei Nikiforov, 2020-12-16


- Updated to upstream version 1.2.1 (Fixes: CVE-2018-16741, CVE-2018-16742,
CVE-2018-16743, CVE-2018-16744, CVE-2018-16745, CVE-2019-1010189, CVE-2019-1010190).
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin