Sisyphus repositório
Última atualização: 16 agosto 2017 | SRPMs: 17976 | Visitas: 9819099
en ru br
As correcções de segurança

libsoup-2.58.2-alt1   build Yuri N. Sedunov, 2017-08-14


- 2.58.2 (fixed CVE-2017-2885)

firefox-55.0.1-alt1   build Alexey Gladkov, 2017-08-13


- New release (55.0.1).
- Fixed:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7806: Use-after-free in layer manager with SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7808: CSP information leak with frame-ancestors containing paths
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
+ CVE-2017-7794: Linux file truncation via sandbox broker
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7799: Self-XSS XUL injection in about:webrtc
+ CVE-2017-7783: DOS attack through long username in URL
+ CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
+ CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
+ CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
+ CVE-2017-7796: Windows updater can delete any file named update.log
+ CVE-2017-7797: Response header name interning leaks across origins
+ CVE-2017-7780: Memory safety bugs fixed in Firefox 55
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

postgresql9.4-9.4.13-alt1   build Alexei Takaseev, 2017-08-09


- 9.4.13
- fix CVE-2017-7547

perl-5.24.2-alt1   build Igor Vlasenko, 2017-08-09


- 5.24.1 -> 5.24.2 (CVE-2016-1238)

postgresql9.5-9.5.8-alt1   build Alexei Takaseev, 2017-08-09


- 9.5.8
- fix CVE-2017-7547

postgresql9.6-9.6.4-alt1   build Alexei Takaseev, 2017-08-09


- 9.6.4
- fix CVE-2017-7547

postgresql9.3-9.3.18-alt1   build Alexei Takaseev, 2017-08-09


- 9.3.18
- fix CVE-2017-7547

postgresql9.6-1C-9.6.4-alt1   build Alexei Takaseev, 2017-08-09


- 9.6.4
- fix CVE-2017-7547

curl-7.55.0-alt1.S1   build Anton Farygin, 2017-08-09


- new version with following security fixes:
* CVE-2017-1000101 glob: do not parse after a strtoul() overflow range
* CVE-2017-1000100 tftp: reject file name lengths that don't fit
* CVE-2017-1000099 file: output the correct buffer to the user

libssh-0.7.5-alt1.S1   build Sergey V Turchin, 2017-08-08


- new version
- security fix: CVE-2016-0739

c-ares-1.13.0-alt1.S1   build Anton Farygin, 2017-08-08


- 1.13.0 with these security fixes:
* CVE-2016-5180 - Heap-based buffer overflow in the ares_create_query function.
* CVE-2017-1000381 - NAPTR parser out of bounds access.

firefox-esr-52.3.0-alt1   build Andrey Cherepanov, 2017-08-08


- New ESR version (52.3.0)
- Security fixes:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

pve-qemu-2.9.0-alt3   build Valery Inozemtsev, 2017-08-07


- fix CVE-2017-7539, CVE-2017-11434, CVE-2017-11334, CVE-2017-10806, CVE-2017-10664, CVE-2017-9524, CVE-2017-9503

ffmpeg-3.3.3-alt1   build Anton Farygin, 2017-08-01


- 3.3.3 with fixes for following vulnerabilities:
* CVE-2017-11399 remote DoS via crafted APE file
* CVE-2017-11665 remote DoS via crafted RTMP stream
* CVE-2017-11719 remote DoS via crafted crafted DNxHD file

chromium-60.0.3112.78-alt1   build Alexey Gladkov, 2017-08-01


- New version (60.0.3112.78).
- Security fixes:
- CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson on 2017-06-02
- CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15
- CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera on 2015-10-31
- CVE-2017-5094: Type confusion in extensions. Reported by Anonymous on 2017-03-19
- CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous on 2017-06-13
- CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada on 2017-04-23
- CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous on 2017-07-11
- CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim on 2017-07-11
- CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15
- CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous on 2017-05-04
- CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera on 2017-01-17
- CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous on 2017-05-30
- CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous on 2017-05-25
- CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani on 2017-06-02
- CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
- CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora on 2017-06-06
- CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac on 2017-04-24
- CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner of UC San Diego on 2017-01-27
- CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24
- CVE-2017-5109: UI spoofing in browser. Reported by Jose Maria Acuna Morgado on 2017-04-11
- CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr of Tencent's Xuanwu Lab on 2017-05-02

libwebkitgtk4-2.16.6-alt1   build Yuri N. Sedunov, 2017-07-27


- 2.16.6 (fixed CVE-2017-7039, CVE-2017-7018, CVE-2017-7030,
CVE-2017-7037, CVE-2017-7034, CVE-2017-7055, CVE-2017-7056,
CVE-2017-7064, CVE-2017-7061, CVE-2017-7048, CVE-2017-7046)

autotrace-0.31.1-alt7.S1   build Anton Farygin, 2017-07-25


- fixed CVE-2016-7392

MySQL-5.5.57-alt1   build Denis Medvedev, 2017-07-24


- 5.5.57 (Fixes: CVE-2017-3653, CVE-2017-3651, CVE-2017-3652, CVE-2017-3648, CVE-2017-3641, CVE-2017-3636, CVE-2017-3635)
- Fixes various memory and pointer mishandlings.

wireshark-2.2.8-alt1.S1   build Anton Farygin, 2017-07-21


- new version:
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702, CVE-2017-11410
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350, CVE-2017-11411
* wnpa-sec-2017-34 AMQP dissector crash CVE-2017-11408
* wnpa-sec-2017-35 MQ dissector crash CVE-2017-11407
* wnpa-sec-2017-36 DOCSIS infinite loop CVE-2017-11406

librsvg-2.40.18-alt1   build Yuri N. Sedunov, 2017-07-20


- 2.40.18 (fixed CVE-2017-11464)

virtualbox-5.1.24-alt1.S1   build Denis Medvedev, 2017-07-20


- new version 5.1.24
(Fixes: CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242)

evince-3.24.0-alt2   build Yuri N. Sedunov, 2017-07-14


- updated to 3.24.0-12-g717df38 (fixed BGO ##691448, 779614,
784630 (CVE-2017-1000083))

mpg123-1.25.2-alt1   build Yuri N. Sedunov, 2017-07-13


- 1.25.2 (fixed CVE-2017-11126)

openvswitch-2.7.1-alt1   build Anton Farygin, 2017-07-13


- 2.7.1 with security fixes:
+ CVE-2017-9214 Buffer overrread in ofputil_pull_queue_get_config_reply10().
+ CVE-2017-9263 remote DoS attack by a malicious switch.
+ CVE-2017-9265 buffer over-read while parsing the group mod OpenFlow message sent from the controller

davfs2-1.5.4-alt1.S1   build Anton Farygin, 2017-07-12


- new version with security fixes:
+ CVE-2013-4362 Unsecure use of system()
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009