As correcções de segurança
qt4-4.8.7-alt22
build Aleksei Nikiforov,
2021-03-04
- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.
wpa_supplicant-2.9-alt4 build Sergey Bolshakov, 2021-03-01
- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)
firefox-86.0-alt1 build Alexey Gladkov, 2021-03-01
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
ipmitool-1.8.18-alt4 build Anton Farygin, 2021-02-27
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
cve-manager-0.48.0-alt1 build Alexey Appolonov, 2021-02-26
- URLs of distro lists turned into custom parameters;
- Execution of the "cve-download" module is terminated immediately if any of
the required info can't be downloaded;
- Ability to download FSTEC vulnerability list is fixed;
- Tolerance to the FSTEC source (the FSTEC source is not yet fully supported,
but cve-manager does not fail if the FSTEC source is not excluded and if any
operation regarding FSTEC fails).
thunderbird-78.8.0-alt1 build Andrey Cherepanov, 2021-02-25
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8
python3-module-django-2.2.19-alt1 build Alexey Shabalin, 2021-02-24
- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()
libjpeg-turbo-2.0.6-alt1 build Sergey Bolshakov, 2021-02-24
- 2.0.6 released (fixes: CVE-2020-13790)
wireshark-3.4.3-alt1 build Anton Farygin, 2021-02-24
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
xterm-366-alt1 build Fr. Br. George, 2021-02-24
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
firefox-esr-78.8.0-alt1 build Andrey Cherepanov, 2021-02-23
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
node-14.16.0-alt1 build Vitaly Lipatov, 2021-02-23
- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect
bind-9.11.28-alt1 build Stanislav Levin, 2021-02-18
- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).
dotnet-bootstrap-5.0-5.0.3-alt1 build Vitaly Lipatov, 2021-02-17
- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-bootstrap-2.1-2.1.25-alt1 build Vitaly Lipatov, 2021-02-17
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-aspnetcore-3.1-3.1.12-alt1 build Vitaly Lipatov, 2021-02-17
- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-aspnetcore-5.0-5.0.3-alt1 build Vitaly Lipatov, 2021-02-17
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-bootstrap-3.1-3.1.12-alt1 build Vitaly Lipatov, 2021-02-17
- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-coreclr-2.1-2.1.25-alt1 build Vitaly Lipatov, 2021-02-17
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-coreclr-3.1-3.1.12-alt1 build Vitaly Lipatov, 2021-02-17
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-corefx-3.1-3.1.12-alt1 build Vitaly Lipatov, 2021-02-17
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-runtime-5.0-5.0.3-alt1 build Vitaly Lipatov, 2021-02-17
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-sdk-3.1-3.1.406-alt1 build Vitaly Lipatov, 2021-02-17
- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
dotnet-sdk-5.0-5.0.103-alt1 build Vitaly Lipatov, 2021-02-17
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
lldpd-1.0.8-alt1 build Alexey Shabalin, 2021-02-16
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009