Sisyphus repositório
Última atualização: 15 setembro 2019 | SRPMs: 17432 | Visitas: 15098781
en ru br
As correcções de segurança

libxslt-1.1.33-alt2   build Vladimir D. Seleznev, 2019-09-12


- Fixes:
+ CVE-2019-11068 security framework bypass;
+ CVE-2019-13117 uninitialized read of xsl:number token;
+ CVE-2019-13118 uninitialized read with UTF-8 grouping chars.

avahi-0.7-alt1   build Sergey Bolshakov, 2019-09-12


- 0.7 released (fixes: CVE-2017-6519, CVE-2018-100084)
- qt bindings droppped

xymon-4.3.29-alt1   build Sergey Y. Afonin, 2019-09-12


- new version (fixes: CVE-2019-13451, CVE-2019-13452, CVE-2019-13455,
CVE-2019-13473, CVE-2019-13474, CVE-2019-13484, CVE-2019-13485,
CVE-2019-13486)
- fixed handling /var/run on tmpfs

libvterm-bzr726-alt2   build Vladimir D. Seleznev, 2019-09-12


- Fixes CVE-2018-20786.

bird-1.6.7-alt1   build Anton Farygin, 2019-09-12


- 1.6.7 (Fixes: CVE-2019-16159)

curl-7.66.0-alt1   build Anton Farygin, 2019-09-11


- 7.66.0
- fixes:
* CVE-2019-5481: FTP-KRB double-free
* CVE-2019-5482: TFTP small blocksize heap buffer overflow

firefox-69.0-alt1   build Alexey Gladkov, 2019-09-11


- New release (69.0).
- Fixed:
+ CVE-2019-11751: Malicious code execution through command line parameters
+ CVE-2019-11746: Use-after-free while manipulating video
+ CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812: Sandbox escape through Firefox Sync
+ CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
+ CVE-2019-11743: Cross-origin access to unload event attributes
+ CVE-2019-11748: Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749: Camera information available without prompting using getUserMedia
+ CVE-2019-5849: Out-of-bounds read in Skia
+ CVE-2019-11750: Type confusion in Spidermonkey
+ CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
+ CVE-2019-11738: Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11734: Memory safety bugs fixed in Firefox 69
+ CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9

ffmpeg-4.2.1-alt1   build Anton Farygin, 2019-09-11


- 4.2.1 (Fixes: CVE-2019-15942)

ghostscript-9.28-alt0.rc1.1   build Fr. Br. George, 2019-09-10


- Fix changelog according to altlinux.org/Vulnerability_Policy
- Fixes:
+ CVE-2019-14811
+ CVE-2019-14812
+ CVE-2019-14813
+ CVE-2019-14817

python-module-jinja2-2.10.1-alt1   build Anton Farygin, 2019-09-09


- 2.10.1 (Fixes: CVE-2019-10906)

firmware-intel-ucode-10-alt1.20190618.1   build L.A. Kostis, 2019-09-09


- Sync with Debian 3.20190618.1:
+ New upstream microcode datafile 20190618
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
for Sandybridge server and Core-X processors
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456

ghostscript-9.27.9-alt1   build Fr. Br. George, 2019-09-04


- Update to 9.28rc1
- Update patches
- Fix CVE-2019-1481[1237]

firefox-esr-68.1.0-alt1   build Andrey Cherepanov, 2019-09-04


- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- Build in 8 jobs.

samba-4.10.8-alt1   build Evgeny Sinelikov, 2019-09-03


- Update to first security autumn release
- Fix samba-gpupdate check sysvol path with ignore case for compatibility
- Security fixes:
+ CVE-2019-10197 Permissions check deny can allow user to escape from the share

clamav-0.101.4-alt1   build Sergey Y. Afonin, 2019-09-02


- 0.101.4 (CVE-2019-12900, additional handling CVE-2019-12625 which
has been mitigated in 0.101.3)

libnghttp2-1.39.2-alt1   build Vladimir Lettiev, 2019-09-01


- 1.39.2 (Closes: #37170)
- Security fixes: CVE-2019-9511, CVE-2019-9513

grafana-6.3.4-alt1   build Alexey Shabalin, 2019-08-30


- 6.3.4 (Fixes: CVE-2019-15043)

libgcrypt-1.8.5-alt1   build Paul Wolneykien, 2019-08-29


- Freshed up to version 1.8.5 (fixes CVE-2019-13627).
- Upstream: Improve ECDSA unblinding.
- Upstream: Provide a pkg-config file for libgcrypt.

libcgroup-0.41-alt3   build Alexey Shabalin, 2019-08-28


- backport several upstream fixes (Fixes: CVE-2018-14348)
- set Delegate property for cgconfig service to make sure complete
cgroup hierarchy is always created by systemd

dovecot-2.3.7.2-alt1   build Gleb F-Malinovskiy, 2019-08-28


- Updated to 2.3.7.2 (fixes CVE-2019-11500).

dovecot-pigeonhole-0.5.7.2-alt1   build Gleb F-Malinovskiy, 2019-08-28


- Updated to 0.5.7.2 (fixes CVE-2019-11500).

openldap-2.4.48-alt1   build Alexey Shabalin, 2019-08-28


- 2.4.48 (Fixes: CVE-2019-13057, CVE-2019-13565)

qt4-4.8.7-alt17   build Sergey V Turchin, 2019-08-28


- security fix
(Fixes: CVE-2018-15518, CVE-2018-19869, CVE-2018-19870,
CVE-2018-19871, CVE-2018-19872, CVE-2018-19873)

libvncserver-0.9.11-alt4   build Sergey V Turchin, 2019-08-27


- security (Fixes: CVE-2018-7225)

opensc-0.19.0-alt4   build Paul Wolneykien, 2019-08-27


- Added patch closing a small memory leak issue (fixes CVE-2019-6502).
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009