Sisyphus repositório
Última atualização: 23 abril 2018 | SRPMs: 18285 | Visitas: 11369593
en ru br
As correcções de segurança

kernel-image-std-def-4.9.95-alt1   build Kernel Bot, 2018-04-21


- v4.9.95 (Fixes: CVE-2017-5715)

kernel-image-std-def-4.9.93-alt1   build Kernel Bot, 2018-04-09


- v4.9.93 (Fixes: CVE-2017-5754)

acpica-20180209-alt1.S1   build Alexey Shabalin, 2018-04-02


- 20180209
- Fixes:
+ CVE-2017-13693
+ CVE-2017-13694
+ CVE-2017-13695

kernel-image-std-pae-4.4.126-alt1   build Kernel Bot, 2018-04-01


- v4.4.126 (Fixes: CVE-2017-8824)

kernel-image-std-def-4.9.92-alt1   build Kernel Bot, 2018-04-01


- v4.9.92 (Fixes: CVE-2017-8824)

libvirt-4.2.0-alt1.S1   build Alexey Shabalin, 2018-04-01


- 4.2.0 (Fixes: CVE-2018-5748)
- Use Python 3 for building
- fix package login-shell

kernel-image-un-def-4.14.32-alt1   build Kernel Bot, 2018-04-01


- v4.14.32 (Fixes: CVE-2017-8824)

apache2-2.4.33-alt1.S1   build Anton Farygin, 2018-03-31


- 2.4.33
- fixes:
* CVE-2018-1303 low: Possible out of bound read in mod_cache_socache
* CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown
* CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request
* CVE-2018-1312 low: Weak Digest auth nonce generation in mod_auth_digest
* CVE-2017-15715 low: <FilesMatch> bypass with a trailing newline in the file name
* CVE-2017-15710 low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
* CVE-2018-1283 medium: Tampering of mod_session data for CGI applications

curl-7.59.0-alt1.S1   build Anton Farygin, 2018-03-31


- new version
- fixes:
* CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121 LDAP NULL pointer dereference
* CVE-2018-1000122 RTSP RTP buffer over-read

ruby-2.5.1-alt1   build Andrey Cherepanov, 2018-03-30


- New version.
- Fixes:
+ CVE-2017-17742: HTTP response splitting in WEBrick
+ CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
+ CVE-2018-8777: DoS by large request in WEBrick
+ CVE-2018-8778: Buffer under-read in String#unpack
+ CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
+ CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

openssl10-1.0.2o-alt1   build Gleb F-Malinovskiy, 2018-03-27


- Updated to v1.0.2o (fixes CVE-2018-0739).

firefox-59.0.2-alt1   build Alexey Gladkov, 2018-03-27


- New release (59.0.2).
- Fixed:
+ CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5128: Use-after-free manipulating editor selection ranges
+ CVE-2018-5129: Out-of-bounds write with malformed IPC messages
+ CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
+ CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources
+ CVE-2018-5132: WebExtension Find API can search privileged pages
+ CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized
+ CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions
+ CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts
+ CVE-2018-5136: Same-origin policy violation with data: URL shared workers
+ CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources
+ CVE-2018-5138: Android Custom Tab address spoofing through long domain names
+ CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol
+ CVE-2018-5141: DOS attack through notifications Push API
+ CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs
+ CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar
+ CVE-2018-5126: Memory safety bugs fixed in Firefox 59
+ CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+ CVE-2018-5146: Out of bounds memory write in libvorbis
+ CVE-2018-5147: Out of bounds memory write in libtremor
+ CVE-2018-5148: Use-after-free in compositor

procmail-3.22-alt10   build Dmitry V. Levin, 2018-03-26


- Applied various fixes from Debian 3.22-26 package, including
fixes for memory corruption bugs in formail (fixes: CVE-2017-16844).

firefox-esr-52.7.3-alt1   build Andrey Cherepanov, 2018-03-26


- New ESR version (52.7.3)
- Fixes:
+ CVE-2018-5148 Use-after-free in compositor

sqlite3-3.22.0-alt1   build Vladimir D. Seleznev, 2018-03-25


- 3.22.0
- Patches from Fedora:
+ sqlite-3.7.7.1-stupid-openfiles-test.patch
+ sqlite-3.22.0-int-float-compare.patch
+ sqlite-3.22.0-corrupt-schema.patch
- Fixes:
+ CVE-2017-15286 a NULL pointer dereference in tableColumnList

thunderbird-52.7.0-alt1   build Andrey Cherepanov, 2018-03-24


- New version (52.7.0)
- Fixes:
+ CVE-2018-5127 Buffer overflow manipulating SVG animatedPathSegList
+ CVE-2018-5129 Out-of-bounds write with malformed IPC messages
+ CVE-2018-5144 Integer overflow during Unicode conversion
+ CVE-2018-5146 Out of bounds memory write in libvorbis
+ CVE-2018-5125 Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7
+ CVE-2018-5145 Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7

libexempi-2.4.5-alt1   build Yuri N. Sedunov, 2018-03-23


- 2.4.5 (fixed CVE-2018-7730, CVE-2018-7728, CVE-2018-7729, CVE-2018-7731)

unbound-1.7.0-alt1   build Alexei Takaseev, 2018-03-23


- 1.7.0
- New version (closes: #34122)
- Add lost libunbound.so and libunbound.pc to libunbound-devel
- Set libunbound-devel arch-depended
- Move unbound-control-setup.8 from unbound-control to unbound
- Fixed CVE-2017-15105

kernel-image-std-pae-4.4.123-alt1   build Kernel Bot, 2018-03-22


- v4.4.123 (Fixes: CVE-2016-0728, CVE-2017-1000405, CVE-2017-15265, CVE-2017-8824)

kernel-image-std-def-4.9.88-alt1   build Kernel Bot, 2018-03-19


- v4.9.88 (Fixes: CVE-2018-1000004)

samba-4.6.14-alt1.S1.1   build Evgeny Sinelnikov, 2018-03-15


- Rebuild security release (Fixes: CVE-2018-1050, CVE-2018-1057) with old
ceph version without libceph-common for c7/c8

samba-DC-4.6.14-alt1.S1.1   build Evgeny Sinelnikov, 2018-03-15


- Rebuild security release (Fixes: CVE-2018-1050, CVE-2018-1057) with old
ceph version without libceph-common for c7/c8

tor-0.3.2.10-alt1.S1   build Vladimir Didenko, 2018-03-13


- new version (Fixes: CVE-2018-0491)

kernel-image-std-def-4.9.87-alt1   build Kernel Bot, 2018-03-12


- v4.9.87 (Fixes: CVE-2011-1161)

samba-4.6.14-alt1.S1   build Evgeny Sinelnikov, 2018-03-12


- Update to spring security release
- Security fixes:
+ CVE-2018-1050 Codenomicon crashes in spoolss server code
+ CVE-2018-1057 Unprivileged user can change any user (and admin) password
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009