Репозиторий Sisyphus
Последнее обновление: 10 апреля 2021 | Пакетов: 17882 | Посещений: 20686561
en ru br
Исправления уязвимостей

dnsmasq-2.85-alt1   сборка Mikhail Efremov, 2021-04-09


- Dropped obsoleted patch.
- Updated to 2.83 (fixes: CVE-2021-3448).

chromium-89.0.4389.114-alt1   сборка Alexey Gladkov, 2021-04-08


- New version (89.0.4389.114).
- Security fixes:
- CVE-2021-21194: Use after free in screen capture.
- CVE-2021-21195: Use after free in V8.
- CVE-2021-21196: Heap buffer overflow in TabStrip.
- CVE-2021-21197: Heap buffer overflow in TabStrip.
- CVE-2021-21198: Out of bounds read in IPC.
- CVE-2021-21199: Use Use after free in Aura.

python3-module-Pillow-8.1.2-alt1   сборка Sergey Bolshakov, 2021-04-08


- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)

cve-manager-0.49.4-alt1   сборка Alexey Appolonov, 2021-04-07


- Fix of the custom ordering of entries of cve-monitor reports;
- Proper handling of invalid combinations of cve-monitor parameters.

salt-3003-alt2   сборка Andrey Cherepanov, 2021-04-02


- Fixed: CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-3148,
CVE-2021-3144, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283,
CVE-2021-25284, CVE-2021-25315, CVE-2021-3197, CVE-2020-16846,
CVE-2020-17490, CVE-2020-25592

curl-7.76.0-alt1   сборка Anton Farygin, 2021-03-31


- 7.76.0
- Fixes:
* CVE-2021-22876 strip credentials from the auto-referer header field
* CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()

glpi-9.5.4-alt1   сборка Pavel Zilke, 2021-03-31


- New version 9.5.4
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-21326 : Horizontal Privilege Escalation
+ CVE-2021-21255 : entities switch IDOR
+ CVE-2021-21258 : XSS injection in ajax/kanban
+ CVE-2021-21314 : XSS injection on ticket update
+ CVE-2021-21312 : Stored XSS on documents
+ CVE-2021-21313 : XSS on tabs
+ CVE-2021-21325 : Stored XSS in budget type
+ CVE-2021-21327 : Unsafe Reflection in getItemForItemtype()
+ CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"

spamassassin-3.4.5-alt1   сборка L.A. Kostis, 2021-03-25


- 3.4.5 (fixes: CVE-2020-1946)
- remove dkim patch (fixed by upstream).

samba-4.14.2-alt1   сборка Evgeny Sinelnikov, 2021-03-25


- Update to latest stable security release of the Samba 4.14
- Security fixes:
+ CVE-2020-27840: Heap corruption via crafted DN strings
+ CVE-2021-20277: Out of bounds read in AD DC LDAP server

openssl1.1-1.1.1k-alt1   сборка Gleb F-Malinovskiy, 2021-03-25


- Updated to 1.1.1k (fixes CVE-2021-3450, CVE-2021-3449).

firefox-87.0-alt1   сборка Alexey Gladkov, 2021-03-24


- New release (87.0).
- Security fixes:
+ CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
+ CVE-2021-23984: Malicious extensions could have spoofed popup information
+ CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
+ CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
+ CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
+ CVE-2021-23988: Memory safety bugs fixed in Firefox 87

firefox-esr-78.9.0-alt1   сборка Andrey Cherepanov, 2021-03-23


- New version (78.9.0).
- Security fixes:
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- Do not build for ppc64le.

kernel-image-std-debug-5.4.107-alt1   сборка Kernel Bot, 2021-03-23


- v5.4.107 (Fixes: CVE-2019-2308)

kernel-image-std-pae-5.4.107-alt1   сборка Kernel Bot, 2021-03-23


- v5.4.107 (Fixes: CVE-2019-2308)

gnutls30-3.6.15-alt2   сборка Mikhail Efremov, 2021-03-22


- Fixed gnulib tests.
- Fixed CVE-2021-20231, CVE-2021-20232
(fixes: CVE-2021-20231, CVE-2021-20232).
- Fixed testpkcs11.
- Dropped self-provide from devel subpackage.

apache2-mod_perl-2.0.11-alt1   сборка Nikolay A. Fetisov, 2021-03-19


- CVE-2011-2767 Arbitrary Perl code execution in the context
of the user account via a user-owned .htaccess.
- Fix SIGSEGV crash due to wrong use of perl_parse()
- Fix build with recent Apache 2.4.x
- Update Apache::Test module to 1.43

apache2-mod_apreq-2.15-alt1   сборка Nikolay A. Fetisov, 2021-03-18


- New version
- CVE-2019-12412 Fix a NULL pointer dereference when parsing
malformed multipart data
- Fix memory handling in apreq_brigade_concat()

wireshark-3.4.4-alt1   сборка Anton Farygin, 2021-03-17


- 3.4.4 (Fixes: CVE-2021-22191)

python3-module-Pillow-8.1.1-alt1   сборка Sergey Bolshakov, 2021-03-16


- 8.1.1 released (fixes: CVE-2021-25291)

tor-0.4.5.7-alt1   сборка Vladimir Didenko, 2021-03-16


- new version (fixes CVE-2021-28089, CVE-2021-28090)

chromium-89.0.4389.90-alt1   сборка Alexey Gladkov, 2021-03-15


- New version (89.0.4389.90).
- Security fixes:
- CVE-2021-21191: Use after free in WebRTC.
- CVE-2021-21192: Heap buffer overflow in tab groups.
- CVE-2021-21193: Use after free in Blink.

openvswitch-2.14.2-alt1   сборка Alexey Shabalin, 2021-03-14


- 2.14.2 (Fixes: CVE-2020-35498)

cups-2.3.3-alt2.op2   сборка Aleksei Nikiforov, 2021-03-12


- Updated to upstream version 2.3.3op2 (Fixes: CVE-2020-10001).
- Project moved to OpenPrinting.
- Fixed license.

openssl1.1-1.1.1j-alt1   сборка Gleb F-Malinovskiy, 2021-03-12


- Updated to 1.1.1j (fixes CVE-2021-23840, CVE-2021-23841).

cve-manager-0.49.0-alt1   сборка Alexey Appolonov, 2021-03-11


- Ability to write "cve-monitor" reports into files inside specified directory
(the cve-monitor UI changed, use the "--mail --title <category>" option
instead of the "--mail <category>" option);
- Ability to prescribe completely different package names (that are not
"relatives") to a same product;
- Package prefixes "mediawiki-extensions", "kde4" and "kde5" are taken into
account in the same way as other special prefixes;
- Minor improvements throughout the project, including an improved UI of the
"cve-monitor" module (reports will be split by default).
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin