Sisyphus repositório
Última atualização: 23 outubro 2017 | SRPMs: 17947 | Visitas: 10223722
en ru br
As correcções de segurança

kernel-image-std-def-4.9.57-alt1.1   build Kernel Bot, 2017-10-18


- v4.9.57 (Fixes: CVE-2017-12188, CVE-2017-15265)

kernel-image-un-def-4.13.8-alt1.1   build Kernel Bot, 2017-10-18


- v4.13.8 (Fixes: CVE-2017-12188, CVE-2017-15265)

kernel-image-std-pae-4.4.93-alt1.1   build Kernel Bot, 2017-10-18


- v4.4.93 (Fixes: CVE-2017-0786, CVE-2017-15265)

kernel-image-std-def-4.9.56-alt1.1   build Kernel Bot, 2017-10-17


- Local root in alsa fixed (Fixes: CVE-2017-15265)

kernel-image-un-def-4.13.7-alt1.1   build Kernel Bot, 2017-10-17


- Local root in alsa fixed (Fixes: CVE-2017-15265)

kernel-image-std-pae-4.4.92-alt1.1   build Kernel Bot, 2017-10-17


- Local root in alsa fixed (Fixes: CVE-2017-15265)

hostapd-2.6-alt2   build Sergey Bolshakov, 2017-10-16


- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088

wpa_supplicant-2.6-alt2   build Sergey Bolshakov, 2017-10-16


- multiple vulnerabilities (so-called KRACK attack) fixed:
+ CVE-2017-13077
+ CVE-2017-13078
+ CVE-2017-13079
+ CVE-2017-13080
+ CVE-2017-13081
+ CVE-2017-13082
+ CVE-2017-13086
+ CVE-2017-13087
+ CVE-2017-13088

kernel-image-un-def-4.13.7-alt1   build Kernel Bot, 2017-10-15


- v4.13.7 (Fixes: CVE-2017-5123)

wireshark-2.4.2-alt1.S1   build Anton Farygin, 2017-10-15


- 2.4.2
- fixes:
* wnpa-sec-2017-42 BT ATT dissector crash CVE-2017-15192
* wnpa-sec-2017-43 MBIM dissector crash CVE-2017-15193
* wnpa-sec-2017-44 DMP dissector crash CVE-2017-15191
* wnpa-sec-2017-45 RTSP dissector crash CVE-2017-15190
* wnpa-sec-2017-46 DOCSIS infinite loop CVE-2017-15189

kernel-image-std-def-4.9.56-alt1   build Kernel Bot, 2017-10-13


- v4.9.56 (Fixes: CVE-2017-0786, CVE-2017-1000255, CVE-2017-7518)

kernel-image-un-def-4.13.6-alt1   build Kernel Bot, 2017-10-13


- v4.13.6 (Fixes: CVE-2017-0786, CVE-2017-1000255)

ruby-2.4.2-alt2   build Andrey Cherepanov, 2017-10-12


- Merge rubygems-2.6.14 changes
- Fixes:
+ CVE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems

apache2-2.4.28-alt1.S1   build Anton Farygin, 2017-10-10


- new version 2.4.28
- disabled NameVirtualHost directive in ports_all.conf (closes: #32269)
- increased timeout for restarting httpd on SysVinit sytems (closes: #31062)
- increased LOOPSSTART and TimeoutStartSec (closes: #33978)
- fixes:
* CVE-2017-9798 Corrupted or freed memory access

firefox-56.0-alt1   build Alexey Gladkov, 2017-10-08


- New release (56.0).
- Fixed:
+ CVE-2017-7793: Use-after-free with Fetch API
+ CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode
+ CVE-2017-7818: Use-after-free during ARIA array manipulation
+ CVE-2017-7819: Use-after-free while resizing images in design mode
+ CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files
+ CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7813: Integer truncation in the JavaScript parser
+ CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations
+ CVE-2017-7816: WebExtensions can load about: URLs in extension UI
+ CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction
+ CVE-2017-7823: CSP sandbox directive did not create a unique origin
+ CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV
+ CVE-2017-7820: Xray wrapper bypass with new tab and web console
+ CVE-2017-7811: Memory safety bugs fixed in Firefox 56
+ CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

dnsmasq-2.78-alt1   build Mikhail Efremov, 2017-10-06


- Updated to 2.78 (fixes: CVE-2017-13704, CVE-2017-14491,
CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495,
CVE-2017-14496).

kernel-image-std-def-4.9.53-alt1   build Kernel Bot, 2017-10-05


- v4.9.53 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

kernel-image-un-def-4.13.5-alt1   build Kernel Bot, 2017-10-05


- v4.13.5 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

kernel-image-std-pae-4.4.90-alt1   build Kernel Bot, 2017-10-05


- v4.4.90 (Fixes: CVE-2017-1000252, CVE-2017-12153, CVE-2017-12154)

curl-7.56.0-alt1.S1   build Anton Farygin, 2017-10-04


- new version
- fixes:
* CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP.

newsbeuter-2.9-alt3   build Vladimir D. Seleznev, 2017-10-03


- Fixes:
+ CVE-2017-12904
+ CVE-2017-14500

firefox-esr-52.4.0-alt1   build Andrey Cherepanov, 2017-09-29


- New ESR version (52.4.0)
- Fixes:
+ CVE-2017-7793 Use-after-free with Fetch API
+ CVE-2017-7818 Use-after-free during ARIA array manipulation
+ CVE-2017-7819 Use-after-free while resizing images in design mode
+ CVE-2017-7824 Buffer overflow when drawing and validating elements with ANGLE
+ CVE-2017-7805 Use-after-free in TLS 1.2 generating handshake hashes
+ CVE-2017-7814 Blob and data URLs bypass phishing and malware protection warnings
+ CVE-2017-7825 OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ CVE-2017-7823 CSP sandbox directive did not create a unique origin
+ CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

nagios-3.0.6-alt5   build Denis Medvedev, 2017-09-28


- (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214,
CVE-2013-7108, CVE-2013-7205)

log4j-2.5-alt1_5jpp8   build Igor Vlasenko, 2017-09-28

projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009