Репозиторий Sisyphus
Последнее обновление: 4 декабря 2020 | Пакетов: 17763 | Посещений: 19758587
en ru br
Исправления уязвимостей

unbound-1.13.0-alt1   сборка Alexei Takaseev, 2020-12-04


- 1.13.0 (Fixes CVE-2020-28935)

libsndfile-1.0.30-alt1   сборка Aleksei Nikiforov, 2020-12-03


- Updated to upstream version 1.0.30 (Fixes: CVE-2017-8362, CVE-2017-14245,
CVE-2017-14246, CVE-2017-14634, CVE-2018-13139, CVE-2018-13419, CVE-2018-19432,
CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832)

xorg-server-1.20.10-alt1   сборка Valery Inozemtsev, 2020-12-02


- 1.20.10 (fixes: CVE-2020-25712, CVE-2020-14360)

nsd-4.3.4-alt1   сборка Alexei Takaseev, 2020-12-02


- 4.3.4 (Fixes: CVE-2020-28935)

thunderbird-78.5.1-alt1   сборка Andrey Cherepanov, 2020-12-02


- New version (78.5.1).
- Security fixes:
+ CVE-2020-26970 Stack overflow due to incorrect parsing of SMTP server response codes

gem-rails-5.2.4.4-alt1   сборка Pavel Skrylev, 2020-11-30


- ^ 5.2.4.1 -> 5.2.4.3
- ! CVE-2020-15169
- * railsctl to support locale setup

cve-manager-0.43.0-alt1   сборка Alexey Appolonov, 2020-11-30


- Optimised DB structure;
- Improved performance of the cve-issues module;
- The '-d <distro_list>' option of the cve-import module is removed.

helm-3.4.1-alt1   сборка Aleksei Nikiforov, 2020-11-23


- Updated to upstream version 3.4.1 (Fixes: CVE-2020-4053, CVE-2020-11013,
CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187).

cacti-1.2.15-alt1   сборка Aleksei Nikiforov, 2020-11-23


- Updated to upstream version 1.2.15 (Fixes: CVE-2020-13230, CVE-2020-13231).

kernel-image-std-pae-5.4.79-alt1   сборка Kernel Bot, 2020-11-22


- v5.4.79 (Fixes: CVE-2020-4788)

kernel-image-std-def-5.4.79-alt1   сборка Kernel Bot, 2020-11-22


- v5.4.79 (Fixes: CVE-2020-4788)

kernel-image-std-debug-5.4.79-alt1   сборка Kernel Bot, 2020-11-22


- v5.4.79 (Fixes: CVE-2020-4788)

chromium-87.0.4280.66-alt1   сборка Alexey Gladkov, 2020-11-21


- New version (87.0.4280.66).
- Security fixes:
- CVE-2019-8075: Insufficient data validation in Flash.
- CVE-2020-16012: Side-channel information leakage in graphics.
- CVE-2020-16014: Use after free in PPAPI.
- CVE-2020-16015: Insufficient data validation in WASM.
- CVE-2020-16018: Use after free in payments.
- CVE-2020-16019: Inappropriate implementation in filesystem.
- CVE-2020-16020: Inappropriate implementation in cryptohome.
- CVE-2020-16021: Race in ImageBurner.
- CVE-2020-16022: Insufficient policy enforcement in networking.
- CVE-2020-16023: Use after free in WebCodecs.
- CVE-2020-16024: Heap buffer overflow in UI.
- CVE-2020-16025: Heap buffer overflow in clipboard.
- CVE-2020-16026: Use after free in WebRTC.
- CVE-2020-16027: Insufficient policy enforcement in developer tools.
- CVE-2020-16028: Heap buffer overflow in WebRTC.
- CVE-2020-16029: Inappropriate implementation in PDFium.
- CVE-2020-16030: Insufficient data validation in Blink.
- CVE-2020-16031: Incorrect security UI in tab preview.
- CVE-2020-16032: Incorrect security UI in sharing.
- CVE-2020-16033: Incorrect security UI in WebUSB.
- CVE-2020-16034: Inappropriate implementation in WebRTC.
- CVE-2020-16035: Insufficient data validation in cros-disks.
- CVE-2020-16036: Inappropriate implementation in cookies.

jbig2dec-0.19-alt1   сборка Aleksei Nikiforov, 2020-11-20


- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).

sqliteodbc-0.9996-alt3   сборка Aleksei Nikiforov, 2020-11-20


- Updated rpm post script (Fixes: CVE-2020-12050).

consul-1.8.6-alt1   сборка Aleksei Nikiforov, 2020-11-20


- Updated to upstream version 1.8.6 (Fixes: CVE-2019-9764, CVE-2019-12291,
CVE-2020-7219, CVE-2020-7955, CVE-2020-12797, CVE-2020-13170, CVE-2020-13250).

python-2.7.18-alt2   сборка Vladimir D. Seleznev, 2020-11-19


- Fixed CVE-2019-20907 and CVE-2019-CVE-2020-26116.

cifs-utils-6.11-alt1   сборка Aleksei Nikiforov, 2020-11-19


- Updated to upstream version 6.11 (Fixes: CVE-2020-14342).

dovecot-2.3.11.3-alt1   сборка Aleksei Nikiforov, 2020-11-19


- Updated to 2.3.11.3 (Fixes: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674).

krb5-1.18.3-alt1   сборка Ivan A. Melnikov, 2020-11-19


- 1.18.3 (Fixes: CVE-2020-28196)

ceph-15.2.6-alt1   сборка Alexey Shabalin, 2020-11-19


- 15.2.6
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks

thunderbird-78.5.0-alt1   сборка Andrey Cherepanov, 2020-11-19


- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Thunderbird 78.5
- Fix guess timezone for calendar (ALT #38081).

libXrender-0.9.10-alt1   сборка Valery Inozemtsev, 2020-11-17


- 0.9.10
- securuty fixes: CVE-2016-7949, CVE-2016-7950

libXtst-1.2.3-alt1   сборка Valery Inozemtsev, 2020-11-17


- 1.2.3
- securuty fixes: CVE-2016-7951, CVE-2016-7952

firefox-83.0-alt1   сборка Alexey Gladkov, 2020-11-17


- New release (83.0).
- Security fixes:
+ CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
+ CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
+ CVE-2020-26956: XSS through paste (manual and clipboard API)
+ CVE-2020-26957: OneCRL was not working in Firefox for Android
+ CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959: Use-after-free in WebRequestService
+ CVE-2020-26960: Potential use-after-free in uses of nsTArray
+ CVE-2020-15999: Heap buffer overflow in freetype
+ CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26962: Cross-origin iframes supported login autofill
+ CVE-2020-26963: History and Location interfaces could have been used to hang the browser
+ CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
+ CVE-2020-26965: Software keyboards may have remembered typed passwords
+ CVE-2020-26966: Single-word search queries were also broadcast to local network
+ CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
+ CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
+ CVE-2020-26969: Memory safety bugs fixed in Firefox 83
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin