Репозиторий Sisyphus
Последнее обновление: 12 декабря 2018 | Пакетов: 18651 | Посещений: 12696521
en ru br
Исправления уязвимостей

firefox-esr-60.4.0-alt1   сборка Andrey Cherepanov, 2018-12-11


- New ESR version (60.4.0)
- Fixed:
+ CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492 Use-after-free with select element
+ CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18498 Integer overflow when calculating buffer sizes for images
+ CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

nettle-3.4.1-alt1   сборка Mikhail Efremov, 2018-12-06


- Updated to 3.4.1 (fixes: CVE-2018-16869).

kernel-image-std-pae-4.14.86-alt1   сборка Kernel Bot, 2018-12-06


- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)

gnutls30-3.6.5-alt1   сборка Mikhail Efremov, 2018-12-06


- Updated to 3.6.5 (fixes: CVE-2018-16868).

kernel-image-std-def-4.14.86-alt1   сборка Kernel Bot, 2018-12-06


- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)

polkit-0.115-alt4   сборка Alexey Shabalin, 2018-12-06


- updated to 0.115-23fd211e
- Port the JS authority to mozjs-60
- Move D-Bus policy file to /usr/share/dbus-1/system.d/
- Drop deprecated use of g_type_class_add_private()
- Allow negative uids/gids in PolkitUnixUser and Group objects (fixed CVE-2018-19788)

kernel-image-std-debug-4.14.86-alt1   сборка Kernel Bot, 2018-12-06


- v4.14.86 (Fixes: CVE-2018-1128, CVE-2018-1129)

wireshark-2.6.5-alt1   сборка Anton Farygin, 2018-12-03


- 2.6.5
- added devel package (closes: #29869)
- fixes:
* The Wireshark dissection engine could crash. CVE-2018-19625
* The DCOM dissector could crash. CVE-2018-19626
* The LBMPDM dissector could crash. CVE-2018-19623
* The MMSE dissector could go into an infinite loop. CVE-2018-19622
* The IxVeriWave file parser could crash. CVE-2018-19627
* The PVFS dissector could crash. CVE-2018-19624
* The ZigBee ZCL dissector could crash. CVE-2018-19628

kernel-image-std-pae-4.14.85-alt1   сборка Kernel Bot, 2018-12-02


- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)

kernel-image-std-def-4.14.85-alt1   сборка Kernel Bot, 2018-12-02


- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)

kernel-image-std-debug-4.14.85-alt1   сборка Kernel Bot, 2018-12-02


- v4.14.85 (Fixes: CVE-2000-1134, CVE-2007-3852, CVE-2008-0525, CVE-2009-0416,
CVE-2011-4834, CVE-2015-1838, CVE-2015-7442, CVE-2016-7489)

openslp-2.0.0-alt2   сборка Stanislav Levin, 2018-12-01


- Fixed libslp namespace (closes: #35692).
- Enabled SLPv2 Security.
- Enabled testing.
- Applied security fixes (fixes: CVE-2012-4428, CVE-2016-4912, CVE-2016-7567,
CVE-2017-17833).

node-10.14.1-alt1   сборка Vitaly Lipatov, 2018-11-30


- new version 10.14.1 (with rpmrb script)
- disable internal doc
- 2018-11-27, Version 10.14.0 'Dubnium' (LTS), @rvagg
- CVE-2018-12121, CVE-2018-12122, CVE-2018-12123

mariadb-10.3.11-alt1   сборка Alexey Shabalin, 2018-11-28


- 10.3.11
- Fixes for the following security vulnerabilities:
+ CVE-2018-3282
+ CVE-2016-9843
+ CVE-2018-3174
+ CVE-2018-3143
+ CVE-2018-3156
+ CVE-2018-3251
+ CVE-2018-3185
+ CVE-2018-3277
+ CVE-2018-3162
+ CVE-2018-3173
+ CVE-2018-3200
+ CVE-2018-3284

samba-DC-4.9.3-alt1   сборка Evgeny Sinelnikov, 2018-11-28


- Update to autumn security release
- Revert Samba DC to build with internal Heimdal Kerberos implementation
- Clean test module of third_party/iso8601 and subunit modules
- Security fixes:
+ CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD Internal DNS server
+ CVE-2018-16841 Double-free in Samba AD DC KDC with PKINIT
+ CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
+ CVE-2018-16852 NULL pointer de-reference in Samba AD DC DNS servers
+ CVE-2018-16853 Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)
+ CVE-2018-16857 Bad password count in AD DC not always effective

glibc-2.27-alt7   сборка Dmitry V. Levin, 2018-11-27


- Updated to glibc-2.27-89-g9f433fc791 from 2.27 branch
(fixes CVE-2018-19591).

libsoundtouch-2.1.1-alt1   сборка Yuri N. Sedunov, 2018-11-22


- 2.1.1 (fixed CVE-2018-17097)

kernel-image-std-pae-4.14.82-alt1   сборка Kernel Bot, 2018-11-22


- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)

kernel-image-std-def-4.14.82-alt1   сборка Kernel Bot, 2018-11-22


- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)

kernel-image-std-debug-4.14.82-alt1   сборка Kernel Bot, 2018-11-22


- v4.14.82 (Fixes: CVE-2018-10940, CVE-2018-16658)

kernel-image-un-def-4.19.3-alt1   сборка Kernel Bot, 2018-11-22


- v4.19.3 (Fixes: CVE-2018-10940, CVE-2018-16658)

kernel-image-un-def-4.19.2-alt1   сборка Kernel Bot, 2018-11-14


- v4.19.2 (Fixes: CVE-2018-18955)

kde5-kio-extras-18.04.3-alt2   сборка Sergey V Turchin, 2018-11-13


- don't package htmlthumbnail plugin
- security fixes: CVE-2018-19120

firefox-63.0.1-alt1   сборка Alexey Gladkov, 2018-11-13


- New release (63.0.1).
- Fixed:
+ CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
+ CVE-2018-12392: Crash with nested event loops
+ CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
+ CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
+ CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
+ CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
+ CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
+ CVE-2018-12399: Spoofing of protocol registration notification bar
+ CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
+ CVE-2018-12401: DOS attack through special resource URI parsing
+ CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
+ CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
+ CVE-2018-12388: Memory safety bugs fixed in Firefox 63
+ CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

postgresql10-10.6-alt1   сборка Alexei Takaseev, 2018-11-08


- 10.6
- Fix CVE-2018-16850
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin