Sisyphus repositório
Última atualização: 13 novembro 2019 | SRPMs: 17526 | Visitas: 15715576
en ru br
As correcções de segurança

kernel-image-std-def-4.19.84-alt1   build Kernel Bot, 2019-11-13


- v4.19.84 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

chromium-78.0.3904.97-alt1   build Alexey Gladkov, 2019-11-09


- New version (78.0.3904.97).
- Security fixes:
- CVE-2019-13720: Use-after-free in audio.
- CVE-2019-13721: Use-after-free in PDFium.

golang-1.13.4-alt1   build Alexey Shabalin, 2019-11-06


- 1.13.4 (Fixes: CVE-2019-17596)

kernel-image-std-pae-4.19.82-alt1   build Kernel Bot, 2019-11-06


- v4.19.82 (Fixes: CVE-2019-15098)

dbus-1.12.16-alt1   build Valery Inozemtsev, 2019-11-06


- 1.12.16 (Fixes: CVE-2019-12749)

squashfs-tools-4.4-alt1   build Anton Farygin, 2019-11-05


- 4.4 (fixes: CVE-2015-4645, CVE-2015-4646)

samba-4.10.10-alt1   build Evgeny Sinelikov, 2019-10-29


- Update to second security autumn release
- Security fixes:
+ CVE-2019-10218 Client code can return filenames containing path separators
+ CVE-2019-14833 Samba AD DC check password script does not receive the full password
+ CVE-2019-14847 User with "get changes" permission can crash AD DC LDAP server via dirsync

firefox-70.0-alt1   build Alexey Gladkov, 2019-10-28


- New release (70.0).
- Fixed:
+ CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
+ CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
+ CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
+ CVE-2019-11759: Stack buffer overflow in HKDF output
+ CVE-2019-11760: Stack buffer overflow in WebRTC networking
+ CVE-2019-11761: Unintended access to a privileged JSONView object
+ CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
+ CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
+ CVE-2019-11765: Incorrect permissions could be granted to a website
+ CVE-2019-17000: CSP bypass using object tag with data: URI
+ CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
+ CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
+ CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

firefox-esr-68.2.0-alt1   build Andrey Cherepanov, 2019-10-27


- New ESR version (68.2.0).
- Fixed:
+ CVE-2019-15903 Heap overflow in expat library in XML_GetCurrentLineNumber
+ CVE-2019-11757 Use-after-free when creating index updates in IndexedDB
+ CVE-2019-11758 Potentially exploitable crash due to 360 Total Security
+ CVE-2019-11759 Stack buffer overflow in HKDF output
+ CVE-2019-11760 Stack buffer overflow in WebRTC networking
+ CVE-2019-11761 Unintended access to a privileged JSONView object
+ CVE-2019-11762 document.domain-based origin isolation has same-origin-property violation
+ CVE-2019-11763 Incorrect HTML parsing results in XSS bypass technique
+ CVE-2019-11764 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

chromium-78.0.3904.70-alt1   build Alexey Gladkov, 2019-10-24


- New version (78.0.3904.70).
- Security fixes:
- CVE-2019-13699: Use-after-free in media.
- CVE-2019-13700: Buffer overrun in Blink.
- CVE-2019-13701: URL spoof in navigation.
- CVE-2019-13702: Privilege elevation in Installer.
- CVE-2019-13703: URL bar spoofing.
- CVE-2019-13704: CSP bypass.
- CVE-2019-13705: Extension permission bypass.
- CVE-2019-13706: Out-of-bounds read in PDFium.
- CVE-2019-13707: File storage disclosure.
- CVE-2019-13708: HTTP authentication spoof.
- CVE-2019-13709: File download protection bypass.
- CVE-2019-13710: File download protection bypass.
- CVE-2019-13711: Cross-context information leak.
- CVE-2019-13713: Cross-origin data leak.
- CVE-2019-13714: CSS injection.
- CVE-2019-13715: Address bar spoofing.
- CVE-2019-13716: Service worker state error.
- CVE-2019-13717: Notification obscured.
- CVE-2019-13718: IDN spoof.
- CVE-2019-13719: Notification obscured.
- CVE-2019-15903: Buffer overflow in expat.

chromium-77.0.3865.120-alt1   build Alexey Gladkov, 2019-10-21


- New version (77.0.3865.120).
- Security fixes:
- CVE-2019-13693: Use-after-free in IndexedDB.
- CVE-2019-13694: Use-after-free in WebRTC.
- CVE-2019-13695: Use-after-free in audio.
- CVE-2019-13696: Use-after-free in V8.
- CVE-2019-13697: Cross-origin size leak.

tcpdump-4.9.3-alt1   build Nikita Ermakov, 2019-10-17


- Updated to 4.9.3.
- Do not compress CHANGES.
- Make link to tcpdump instead of copy.
- Fixes:
+ CVE-2017-16808
+ CVE-2018-14468
+ CVE-2018-14469
+ CVE-2018-14470
+ CVE-2018-14466
+ CVE-2018-14461
+ CVE-2018-14462
+ CVE-2018-14465
+ CVE-2018-14881
+ CVE-2018-14464
+ CVE-2018-14463
+ CVE-2018-14467
+ CVE-2018-10103
+ CVE-2018-10105
+ CVE-2018-14880
+ CVE-2018-16451
+ CVE-2018-14882
+ CVE-2018-16227
+ CVE-2018-16229
+ CVE-2018-16301
+ CVE-2018-16230
+ CVE-2018-16452
+ CVE-2018-16300
+ CVE-2018-16228
+ CVE-2019-15166
+ CVE-2019-15167
+ CVE-2018-14879

libpcap-1.9.1-alt1   build Nikita Ermakov, 2019-10-17


- Update to 1.9.1.
- Do not compress CHANGES.
- (Fixes CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165)

jss-4.6.2-alt1   build Stanislav Levin, 2019-10-16


- 4.6.1 -> 4.6.2 (closes: CVE-2019-14823).

sudo-1.8.28-alt1   build Evgeny Sinelnikov, 2019-10-15


- Update to autumn security release (closes: 37334)
- Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287)
- Fix post script for sudowheel control in case of upgrade in not default state

rdesktop-1.8.4-alt1   build Vitaly Lipatov, 2019-10-13


- new version 1.8.4 (with rpmrb script) (ALT bug 36068)
- CVE-2018-8794, CVE-2018-8795, CVE-2018-8797, CVE-2018-20175
- CVE-2018-20176, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793
- CVE-2018-8796, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800
- CVE-2018-20174, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179
- CVE-2018-20180, CVE-2018-20181, CVE-2018-20182

mediawiki-1.33.1-alt1   build Vitaly Lipatov, 2019-10-12


- new version 1.33.1 (with rpmrb script)
- CVE-2019-16738

runc-1.0.0-alt10.rc9   build Vladimir Didenko, 2019-10-10


- New version
- fixes: CVE-2019-16884

kernel-image-un-def-5.3.5-alt1   build Kernel Bot, 2019-10-09


- v5.3.5 (Fixes: CVE-2019-14821)

ceph-14.2.4-alt1   build Alexey Shabalin, 2019-10-07


- 14.2.4 (Fixes: CVE-2019-10222)

unbound-1.9.4-alt1   build Alexei Takaseev, 2019-10-04


- 1.9.4 (Fixes CVE-2019-16866)

exim-4.92.3-alt1   build Gremlin from Kremlin, 2019-09-30


- update to 4.92.3 (fix CVE-2019-16928)

firefox-69.0.1-alt1   build Alexey Gladkov, 2019-09-27


- New release (69.0.1).
- Fixed:
+ CVE-2019-11754: Pointer Lock is enabled with no user notification

kubernetes-1.15.3-alt1   build Alexey Shabalin, 2019-09-26


- 1.15.3 (Fixes: CVE-2019-9512, CVE-2019-9514)

chromium-77.0.3865.90-alt1   build Alexey Gladkov, 2019-09-25


- New version (77.0.3865.90).
- Security fixes:
- CVE-2019-13685: Use-after-free in UI.
- CVE-2019-13686: Use-after-free in offline pages.
- CVE-2019-13687: Use-after-free in media.
- CVE-2019-13688: Use-after-free in media.
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009