As correcções de segurança
kernel-image-std-pae-5.4.28-alt1
build Kernel Bot,
2020-03-25
- v5.4.28 (Fixes: CVE-2019-19769)
kernel-image-std-def-5.4.28-alt1 build Kernel Bot, 2020-03-25
- v5.4.28 (Fixes: CVE-2019-19769)
kernel-image-un-def-5.5.12-alt1 build Kernel Bot, 2020-03-25
- v5.5.12 (Fixes: CVE-2019-19769)
php7-7.3.16-alt1 build Anton Farygin, 2020-03-24
- 7.3.16 (Fixes: CVE-2020-7064, CVE-2020-7065, CVE-2020-7066)
prometheus-2.16.0-alt1 build Alexey Shabalin, 2020-03-18
- 2.16.0 (Fixes: CVE-2019-10215)
tor-0.4.2.7-alt1 build Vladimir Didenko, 2020-03-18
- new version (fixes CVE-2020-10592)
freeradius-3.0.20-alt1 build Alexey Shabalin, 2020-03-16
- 3.0.20 (Fixes: CVE-2019-17185)
- migrate to python3 module
- build with winbind support (ALT #37119)
bluez-5.54-alt1 build L.A. Kostis, 2020-03-15
- 5.54;
- remove merged patches;
- security fixes:
+ CVE-2020-0556 (closes #38220).
cacti-1.2.10-alt1 build Alexey Shabalin, 2020-03-15
- 1.2.10
- Fixes:
+ CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
+ CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
+ CVE-2019-16723 Security issue allows to view all graphs
+ CVE-2020-7106 Lack of escaping on some pages can lead to XSS exposure
+ CVE-2020-7237 Remote Code Execution due to input validation failure in Performance Boost Debug Log
+ CVE-2020-8813 When guest users have access to realtime graphs, remote code could be executed
squid-4.10-alt1 build Alexey Shabalin, 2020-03-14
- Updated to 4.10.
- Fixed:
+ CVE-2019-12526 Heap Overflow issue in URN processing.
+ CVE-2019-12523 Multiple issues in URI processing.
+ CVE-2019-18676 Multiple issues in URI processing.
+ CVE-2019-18677 Cross-Site Request Forgery issue in HTTP Request processing.
+ CVE-2019-18678 HTTP Request Splitting issue in HTTP message processing.
+ CVE-2019-18679 Information Disclosure issue in HTTP Digest Authentication.
+ CVE-2020-8449 Improper Input Validation issues in HTTP Request processing.
+ CVE-2020-8450 Improper Input Validation issues in HTTP Request processing.
+ CVE-2019-12528 Information Disclosure issue in FTP Gateway.
+ CVE-2020-8517 Buffer Overflow issue in ext_lm_group_acl helper.
thunderbird-68.6.0-alt1 build Andrey Cherepanov, 2020-03-14
- New version (68.6.0).
- Fixed:
+ CVE-2020-6805 Use-after-free when removing data about origins
+ CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
+ CVE-2020-6807 Use-after-free in cubeb during stream destruction
+ CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
+ CVE-2020-6814 Memory safety bugs fixed in Thunderbird 68.6
kernel-image-std-pae-5.4.25-alt1 build Kernel Bot, 2020-03-13
- v5.4.25 (Fixes: CVE-2020-8647, CVE-2020-8648, CVE-2020-8649)
kernel-image-std-def-5.4.25-alt1 build Kernel Bot, 2020-03-13
- v5.4.25 (Fixes: CVE-2020-8647, CVE-2020-8648, CVE-2020-8649)
wireshark-3.0.9-alt1 build Anton Farygin, 2020-03-12
- 3.0.9
- fixes:
* LTE RRC dissector could leak memory. CVE-2020-9431
* WiMax DLMAP dissector could crash. CVE-2020-9430
firefox-74.0-alt1 build Alexey Gladkov, 2020-03-12
- New release (74.0).
- Security fixes:
+ CVE-2020-6805: Use-after-free when removing data about origins
+ CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
+ CVE-2020-6807: Use-after-free in cubeb during stream destruction
+ CVE-2020-6808: URL Spoofing via javascript: URL
+ CVE-2020-6809: Web Extensions with the all-urls permission could access local files
+ CVE-2020-6810: Focusing a popup while in fullscreen could have obscured the fullscreen notification
+ CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
+ CVE-2020-6813: @import statements in CSS could bypass the Content Security Policy nonce feature
+ CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
+ CVE-2020-6815: Memory and script safety bugs fixed in Firefox 74
ansible-2.8.10-alt1 build Alexey Shabalin, 2020-03-12
- 2.8.10
- Fixes:
+ CVE-2019-14846
+ CVE-2019-14856
+ CVE-2019-14864
+ CVE-2019-14904
+ CVE-2019-14905
docker-ce-19.03.8-alt1 build Vladimir Didenko, 2020-03-12
- 19.03.8 (better mitigation for CVE-2019-14271)
kernel-image-un-def-5.5.9-alt1 build Kernel Bot, 2020-03-12
- v5.5.9 (Fixes: CVE-2020-8647, CVE-2020-8648, CVE-2020-8649)
pve-qemu-4.1.1-alt4 build Valery Inozemtsev, 2020-03-11
- 4.1.1-4 (fix CVE-2020-8608)
firefox-esr-68.6.0-alt1 build Andrey Cherepanov, 2020-03-10
- New ESR version (68.6.0).
- Fix license tag according to SPDX.
- Fixed:
+ CVE-2020-6805 Use-after-free when removing data about origins
+ CVE-2020-6806 BodyStream::OnInputStreamReady was missing protections against state confusion
+ CVE-2020-6807 Use-after-free in cubeb during stream destruction
+ CVE-2020-6811 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
+ CVE-2019-20503 Out of bounds reads in sctp_load_addresses_from_init
+ CVE-2020-6812 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
+ CVE-2020-6814 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
ppp-2.4.8-alt1 build Alexey Shabalin, 2020-03-07
- 2.4.8
- build with -fstack-protector from now on (mike@)
- Fixes:
+ CVE-2020-8597 rhostname buffer overflow in the eap_request and eap_response functions
chromium-80.0.3987.132-alt1 build Alexey Gladkov, 2020-03-06
- New version (80.0.3987.132).
- Security fixes:
- CVE-2019-18197: Multiple vulnerabilities in XML.
- CVE-2019-19923: Out of bounds memory access in SQLite.
- CVE-2019-19925: Multiple vulnerabilities in SQLite.
- CVE-2019-19926: Inappropriate implementation in SQLite.
- CVE-2020-6381: Integer overflow in JavaScript.
- CVE-2020-6382: Type Confusion in JavaScript.
- CVE-2020-6383: Type confusion in V8.
- CVE-2020-6384: Use after free in WebAudio.
- CVE-2020-6385: Insufficient policy enforcement in storage.
- CVE-2020-6386: Use after free in speech.
- CVE-2020-6387: Out of bounds write in WebRTC.
- CVE-2020-6388: Out of bounds memory access in WebAudio.
- CVE-2020-6389: Out of bounds write in WebRTC.
- CVE-2020-6390: Out of bounds memory access in streams.
- CVE-2020-6391: Insufficient validation of untrusted input in Blink.
- CVE-2020-6392: Insufficient policy enforcement in extensions.
- CVE-2020-6393: Insufficient policy enforcement in Blink.
- CVE-2020-6394: Insufficient policy enforcement in Blink.
- CVE-2020-6395: Out of bounds read in JavaScript.
- CVE-2020-6396: Inappropriate implementation in Skia.
- CVE-2020-6397: Incorrect security UI in sharing.
- CVE-2020-6398: Uninitialized use in PDFium.
- CVE-2020-6399: Insufficient policy enforcement in AppCache.
- CVE-2020-6400: Inappropriate implementation in CORS.
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6402: Insufficient policy enforcement in downloads.
- CVE-2020-6403: Incorrect security UI in Omnibox.
- CVE-2020-6404: Inappropriate implementation in Blink.
- CVE-2020-6405: Out of bounds read in SQLite.
- CVE-2020-6406: Use after free in audio.
- CVE-2020-6407: Out of bounds memory access in streams.
- CVE-2020-6408: Insufficient policy enforcement in CORS.
- CVE-2020-6409: Inappropriate implementation in Omnibox.
- CVE-2020-6410: Insufficient policy enforcement in navigation.
- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6413: Inappropriate implementation in Blink.
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing.
- CVE-2020-6415: Inappropriate implementation in JavaScript.
- CVE-2020-6416: Insufficient data validation in streams.
- CVE-2020-6417: Inappropriate implementation in installer.
- CVE-2020-6418: Type confusion in V8.
- CVE-2020-6420: Insufficient policy enforcement in media.
pve-qemu-4.1.1-alt3 build Valery Inozemtsev, 2020-03-06
- 4.1.1-3 (fix CVE-2019-20382)
kernel-image-std-pae-5.4.22-alt1 build Kernel Bot, 2020-02-25
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009