Sisyphus repositório
Última atualização: 5 dezembro 2016 | SRPMs: 17656 | Visitas: 8311242
en ru br
As correcções de segurança

firefox-50.0.2-alt1   build Alexey Gladkov, 2016-12-02


- New release (50.0.2).
- Fixed:
+ CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
+ CVE-2016-9079: Use-after-free in SVG Animation

xen-4.7.1-alt2   build Dmitriy D. Shadrinov, 2016-11-25


- Upstream updates:
- x86/hvm: Fix the handling of non-present segments.
This is CVE-2016-9386 / XSA-191.
- x86/HVM: don't load LDTR with VM86 mode attrs during task switch.
This is CVE-2016-9382 / XSA-192.
- x86/PV: writes of %fs and %gs base MSRs require canonical addresses
This is CVE-2016-9385 / XSA-193.
- libelf: fix stack memory leak when loading 32 bit symbol tables.
This is CVE-2016-9384 / XSA-164.
- x86emul: fix huge bit offset handling.
This is CVE-2016-9383 / XSA-195.
- x86/emul: correct the IDT entry calculation in inject_swint().
This is CVE-2016-9377 / part of XSA-196.
- x86/svm: fix injection of software interrupts.
This is CVE-2016-9378 / part of XSA-196.
- pygrub: Properly quote results, when returning them to the caller.
This is CVE-2016-9379 and CVE-2016-9380 / XSA-198.

wireshark-2.2.2-alt1   build Anton Farygin, 2016-11-21


- new version, in which following vulnerabilities have been fixed:
* CVE-2016-9372 Profinet I/O long loop.
* CVE-2016-9373 DCERPC crash.
* CVE-2016-9374 AllJoyn crash.
* CVE-2016-9375 DTN infinite loop.
* CVE-2016-9376 OpenFlow crash.

firefox-50.0-alt1   build Alexey Gladkov, 2016-11-16


- New release (50.0).
- Fixed:
+ CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+ CVE-2016-5292: URL parsing causes crash
+ CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
+ CVE-2016-5294: Arbitrary target directory for result files of update process
+ CVE-2016-5297: Incorrect argument length checking in JavaScript
+ CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
+ CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
+ CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
+ CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
+ CVE-2016-9068: heap-use-after-free in nsRefreshDriver
+ CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
+ CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
+ CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
+ CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
+ CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
+ CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
+ CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
+ CVE-2016-9061: API key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
+ CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
+ CVE-2016-9070: Sidebar bookmark can have reference to chrome window
+ CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
+ CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
+ CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
+ CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
+ CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
+ CVE-2016-5289: Memory safety bugs fixed in Firefox 50
+ CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

libsndfile-1.0.27-alt1   build Yuri N. Sedunov, 2016-11-14


- 1.0.27 (fixed CVE-2014-9496, CVE-2014-9756, CVE-2015-7805)

adobe-flash-player-ppapi-23-alt7   build Sergey V Turchin, 2016-11-09


- new version
- security fixes:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860,
CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864,
CVE-2016-7865

adobe-flash-player-11-alt68   build Sergey V Turchin, 2016-11-09


- new version
- security fixes:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860,
CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864,
CVE-2016-7865

libgit2-0.24.3-alt1   build Yuri N. Sedunov, 2016-11-08


- 0.24.3 (fixed CVE-2016-8568, CVE-2016-8569)

bind-9.9.8-alt5   build Gleb F-Malinovskiy, 2016-11-02


- Applied upstream fix for CVE-2016-8864.

memcached-1.4.33-alt1   build Alexey Shabalin, 2016-11-02


- 1.4.33
- fixed CVE-2016-8705,CVE-2016-8704,CVE-2016-8706
- update systemd unit

curl-7.51.0-alt1   build Anton Farygin, 2016-11-02


- new version with security fixes:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

adobe-flash-player-11-alt67   build Sergey V Turchin, 2016-10-27


- new version
- security fixes: CVE-2016-7855

adobe-flash-player-ppapi-23-alt5   build Sergey V Turchin, 2016-10-27


- new version
- security fixes: CVE-2016-7855

mariadb-10.1.18-alt1   build Alexey Shabalin, 2016-10-25


- 10.1.18
- Fixes for the following security vulnerabilities:
+ CVE-2016-6663
+ CVE-2016-5616
+ CVE-2016-5624
+ CVE-2016-5626
+ CVE-2016-3492
+ CVE-2016-5629
+ CVE-2016-8283

python-module-django-1.8.15-alt1   build Alexey Shabalin, 2016-10-24


- 1.8.15
- fixed CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401

kernel-image-ovz-el-2.6.32-alt144   build Gleb F-Malinovskiy, 2016-10-21


- Added fix for CVE-2016-5195.

firefox-49.0.2-alt1   build Alexey Gladkov, 2016-10-21


- New release (49.0.2).
- Fixed:
+ CVE-2016-5287: Crash in nsTArray_base<T>::SwapArrayElements
+ CVE-2016-5288: Web content can read cache entries

openssh-7.2p2-alt2   build Gleb F-Malinovskiy, 2016-10-20


- Backported upstream fixes for CVE-2015-8325, CVE-2016-6210,
CVE-2016-8858.

mpg123-1.23.8-alt1   build Yuri N. Sedunov, 2016-10-19


- 1.23.8 (fixed CVE-2016-1000247)

guile20-2.0.13-alt1   build Yuri N. Sedunov, 2016-10-14


- 2.0.13 (fixed CVE-2016-8606)

adobe-flash-player-11-alt66   build Sergey V Turchin, 2016-10-12


- new version
- security fixes:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982,
CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

adobe-flash-player-ppapi-23-alt4   build Sergey V Turchin, 2016-10-12


- new version
- security fixes:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982,
CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986,
CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992

bind-9.9.8-alt4   build Gleb F-Malinovskiy, 2016-09-27


- Applied upstream fix for CVE-2016-2776.

firefox-49.0.1-alt1   build Alexey Gladkov, 2016-09-27


- New release (49.0.1).
- Fixed:
+ CVE-2016-2827: Out-of-bounds read in mozilla::net::IsValidReferrerPolicy
+ CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
+ CVE-2016-5271: Out-of-bounds read in PropertyProvider::GetSpacingInternal
+ CVE-2016-5272: Bad cast in nsImageGeometryMixin
+ CVE-2016-5273: crash in mozilla::a11y::HyperTextAccessible::GetChildOffset
+ CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList
+ CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState
+ CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick
+ CVE-2016-5275: A buffer overflow when working with empty filters during canvas rendering
+ CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
+ CVE-2016-5279: Full local path of files is available to web pages after drag and drop
+ CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
+ CVE-2016-5281: use-after-free in DOMSVGLength
+ CVE-2016-5282: Don't allow content to request favicons from non-whitelisted schemes
+ CVE-2016-5283: Iframe src fragment timing attack can reveal cross-origin data
+ CVE-2016-5284: Add-on update site certificate pin expiration
+ CVE-2016-5256: Memory safety bugs fixed in Firefox 49
+ CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4

openssl10-1.0.2j-alt1   build Gleb F-Malinovskiy, 2016-09-26


- Updated to v1.0.2j (fixes CVE-2016-6309).
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009