As correcções de segurança
libxslt-1.1.33-alt2
build Vladimir D. Seleznev,
2019-09-12
- Fixes:
+ CVE-2019-11068 security framework bypass;
+ CVE-2019-13117 uninitialized read of xsl:number token;
+ CVE-2019-13118 uninitialized read with UTF-8 grouping chars.
avahi-0.7-alt1 build Sergey Bolshakov, 2019-09-12
- 0.7 released (fixes: CVE-2017-6519, CVE-2018-100084)
- qt bindings droppped
xymon-4.3.29-alt1 build Sergey Y. Afonin, 2019-09-12
- new version (fixes: CVE-2019-13451, CVE-2019-13452, CVE-2019-13455,
CVE-2019-13473, CVE-2019-13474, CVE-2019-13484, CVE-2019-13485,
CVE-2019-13486)
- fixed handling /var/run on tmpfs
libvterm-bzr726-alt2 build Vladimir D. Seleznev, 2019-09-12
- Fixes CVE-2018-20786.
bird-1.6.7-alt1 build Anton Farygin, 2019-09-12
- 1.6.7 (Fixes: CVE-2019-16159)
curl-7.66.0-alt1 build Anton Farygin, 2019-09-11
- 7.66.0
- fixes:
* CVE-2019-5481: FTP-KRB double-free
* CVE-2019-5482: TFTP small blocksize heap buffer overflow
firefox-69.0-alt1 build Alexey Gladkov, 2019-09-11
- New release (69.0).
- Fixed:
+ CVE-2019-11751: Malicious code execution through command line parameters
+ CVE-2019-11746: Use-after-free while manipulating video
+ CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812: Sandbox escape through Firefox Sync
+ CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
+ CVE-2019-11743: Cross-origin access to unload event attributes
+ CVE-2019-11748: Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749: Camera information available without prompting using getUserMedia
+ CVE-2019-5849: Out-of-bounds read in Skia
+ CVE-2019-11750: Type confusion in Spidermonkey
+ CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
+ CVE-2019-11738: Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11734: Memory safety bugs fixed in Firefox 69
+ CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
ffmpeg-4.2.1-alt1 build Anton Farygin, 2019-09-11
- 4.2.1 (Fixes: CVE-2019-15942)
ghostscript-9.28-alt0.rc1.1 build Fr. Br. George, 2019-09-10
- Fix changelog according to altlinux.org/Vulnerability_Policy
- Fixes:
+ CVE-2019-14811
+ CVE-2019-14812
+ CVE-2019-14813
+ CVE-2019-14817
python-module-jinja2-2.10.1-alt1 build Anton Farygin, 2019-09-09
- 2.10.1 (Fixes: CVE-2019-10906)
firmware-intel-ucode-10-alt1.20190618.1 build L.A. Kostis, 2019-09-09
- Sync with Debian 3.20190618.1:
+ New upstream microcode datafile 20190618
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
for Sandybridge server and Core-X processors
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
ghostscript-9.27.9-alt1 build Fr. Br. George, 2019-09-04
- Update to 9.28rc1
- Update patches
- Fix CVE-2019-1481[1237]
firefox-esr-68.1.0-alt1 build Andrey Cherepanov, 2019-09-04
- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- Build in 8 jobs.
samba-4.10.8-alt1 build Evgeny Sinelikov, 2019-09-03
- Update to first security autumn release
- Fix samba-gpupdate check sysvol path with ignore case for compatibility
- Security fixes:
+ CVE-2019-10197 Permissions check deny can allow user to escape from the share
clamav-0.101.4-alt1 build Sergey Y. Afonin, 2019-09-02
- 0.101.4 (CVE-2019-12900, additional handling CVE-2019-12625 which
has been mitigated in 0.101.3)
libnghttp2-1.39.2-alt1 build Vladimir Lettiev, 2019-09-01
- 1.39.2 (Closes: #37170)
- Security fixes: CVE-2019-9511, CVE-2019-9513
grafana-6.3.4-alt1 build Alexey Shabalin, 2019-08-30
- 6.3.4 (Fixes: CVE-2019-15043)
libgcrypt-1.8.5-alt1 build Paul Wolneykien, 2019-08-29
- Freshed up to version 1.8.5 (fixes CVE-2019-13627).
- Upstream: Improve ECDSA unblinding.
- Upstream: Provide a pkg-config file for libgcrypt.
libcgroup-0.41-alt3 build Alexey Shabalin, 2019-08-28
- backport several upstream fixes (Fixes: CVE-2018-14348)
- set Delegate property for cgconfig service to make sure complete
cgroup hierarchy is always created by systemd
dovecot-2.3.7.2-alt1 build Gleb F-Malinovskiy, 2019-08-28
- Updated to 2.3.7.2 (fixes CVE-2019-11500).
dovecot-pigeonhole-0.5.7.2-alt1 build Gleb F-Malinovskiy, 2019-08-28
- Updated to 0.5.7.2 (fixes CVE-2019-11500).
openldap-2.4.48-alt1 build Alexey Shabalin, 2019-08-28
- 2.4.48 (Fixes: CVE-2019-13057, CVE-2019-13565)
qt4-4.8.7-alt17 build Sergey V Turchin, 2019-08-28
- security fix
(Fixes: CVE-2018-15518, CVE-2018-19869, CVE-2018-19870,
CVE-2018-19871, CVE-2018-19872, CVE-2018-19873)
libvncserver-0.9.11-alt4 build Sergey V Turchin, 2019-08-27
projeto & código: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009