Репозиторий Sisyphus
Последнее обновление: 19 июля 2019 | Пакетов: 17691 | Посещений: 14367219
en ru br
Исправления уязвимостей

kernel-image-std-pae-4.19.59-alt1   сборка Kernel Bot, 2019-07-16


- v4.19.59 (Fixes: CVE-2019-3846)

kernel-image-un-def-5.1.18-alt1   сборка Kernel Bot, 2019-07-16


- v5.1.18 (Fixes: CVE-2019-3846)

kernel-image-std-def-4.19.59-alt1   сборка Kernel Bot, 2019-07-16


- v4.19.59 (Fixes: CVE-2019-3846)

kernel-image-std-debug-4.19.59-alt1   сборка Kernel Bot, 2019-07-16


- v4.19.59 (Fixes: CVE-2019-3846)

python-module-django-1.11.22-alt1   сборка Alexey Shabalin, 2019-07-15


- 1.11.22
- rename package to python-module-django1.11
- Fixes for the following security vulnerabilities:
+ CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS
+ CVE-2019-12308 AdminURLFieldWidget XSS
+ CVE-2019-6975 Memory exhaustion in django.utils.numberformat.format()
+ CVE-2019-3498 Content spoofing possibility in the default 404 page

squid-4.8-alt1   сборка Alexey Shabalin, 2019-07-15


- Updated to 4.8
- Fixes:
+ CVE-2019-12854 Denial of Service issue in cachemgr.cgi
+ CVE-2019-12529 Denial of Service in HTTP Basic Authentication
+ CVE-2019-12525 Denial of Service in HTTP Digest Authentication
+ CVE-2019-12527 Heap Overflow issue in HTTP Basic Authentication
+ CVE-2019-13345 Multiple Cross-Site Scripting issues in cachemgr.cgi

python3-module-django2.2-2.2.3-alt1   сборка Alexey Shabalin, 2019-07-15


- 2.2.3
- build python3 only
- rename package to python3-module-django2.2
- Fixes for the following security vulnerabilities:
+ CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS
+ CVE-2019-12308 AdminURLFieldWidget XSS
+ CVE-2019-6975 Memory exhaustion in django.utils.numberformat.format()
+ CVE-2019-3498 Content spoofing possibility in the default 404 page
+ CVE-2018-16984 Password hash disclosure to view only admin users
+ CVE-2018-14574 Open redirect possibility in CommonMiddleware
+ CVE-2018-7536 Denial-of-service possibility in urlize and urlizetrunc template filters
+ CVE-2018-7537 Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
+ CVE-2018-6188 Information leakage in AuthenticationForm

firefox-68.0-alt1   сборка Alexey Gladkov, 2019-07-11


- New release (68.0).
- Fixed:
+ CVE-2019-9811: Sandbox escape via installation of malicious language pack
+ CVE-2019-11711: Script injection within domain through inner window reuse
+ CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713: Use-after-free with HTTP/2 cached stream
+ CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
+ CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715: HTML parsing error can contribute to content XSS
+ CVE-2019-11716: globalThis not enumerable until accessed
+ CVE-2019-11717: Caret character improperly escaped in origins
+ CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
+ CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11720: Character encoding XSS vulnerability
+ CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
+ CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
+ CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
+ CVE-2019-11725: Websocket resources bypass safebrowsing protections
+ CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
+ CVE-2019-11728: Port scanning through Alt-Svc header
+ CVE-2019-11710: Memory safety bugs fixed in Firefox 68
+ CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

thunderbird-60.8.0-alt1   сборка Andrey Cherepanov, 2019-07-10


- New version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
- Enigmail 2.0.12.

firefox-esr-60.8.0-alt1   сборка Andrey Cherepanov, 2019-07-09


- New ESR version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

libvirt-5.5.0-alt1   сборка Alexey Shabalin, 2019-07-04


- 5.5.0 (Fixes: CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168)
- build with glusterfs6

virt-manager-2.2.1-alt1   сборка Alexey Shabalin, 2019-07-04


- 2.2.1 (Fixes: CVE-2019-10183)

neovim-0.3.8-alt1   сборка Vladimir Didenko, 2019-07-04


- New version (fixes: #36883, CVE-2019-12735)

kernel-image-std-pae-4.19.55-alt1   сборка Kernel Bot, 2019-06-24


- v4.19.55 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

kernel-image-std-def-4.19.55-alt1   сборка Kernel Bot, 2019-06-24


- v4.19.55 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

kernel-image-std-debug-4.19.55-alt1   сборка Kernel Bot, 2019-06-24


- v4.19.55 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

thunderbird-60.7.2-alt1   сборка Andrey Cherepanov, 2019-06-22


- New version (60.7.2).
- Fixed:
+ CVE-2019-11707 Type confusion in Array.pop
+ CVE-2019-11708 sandbox escape using Prompt:Open

firefox-67.0.4-alt1   сборка Alexey Gladkov, 2019-06-21


- New release (67.0.4).
- Fixed:
+ CVE-2019-11708: sandbox escape using Prompt:Open

postgresql10-10.9-alt1   сборка Alexei Takaseev, 2019-06-20


- 10.9 (Fixes CVE-2019-10164)

firefox-esr-60.7.2-alt1   сборка Andrey Cherepanov, 2019-06-20


- New ESR version (60.7.2).
- Fixed:
+ CVE-2019-11708 sandbox escape using Prompt:Open

bind-9.11.8-alt1   сборка Stanislav Levin, 2019-06-20


- 9.11.7 -> 9.11.8 (fixes: CVE-2019-6471).

postgresql11-11.4-alt1   сборка Alexei Takaseev, 2019-06-20


- 11.4 (Fixes CVE-2019-10164)

postgresql10-1C-10.9-alt1   сборка Alexei Takaseev, 2019-06-20


- 10.9 (Fixes CVE-2019-10164)

kernel-image-un-def-5.1.12-alt1   сборка Kernel Bot, 2019-06-20


- v5.1.12 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

edk2-20190501-alt1   сборка Alexey Shabalin, 2019-06-19


- edk2-stable201905 (Fixes: CVE-2018-12182)
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin