Sisyphus repositório
Última atualização: 31 outubro 2014 | SRPMs: 15947 | Visitas: 5913122
en ru br
As correcções de segurança

openssl10-1.0.1j-alt1   build Gleb F-Malinovskiy, 2014-10-30


- Updated to 1.0.1j (fixes CVE-2014-3512, CVE-2014-3511, CVE-2014-3510,
CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509,
CVE-2014-5139, CVE-2014-3508, CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566, CVE-2014-3568).
- Updated patches from Fedora openssl-1.0.1j-2.
- kssl.h: include <krb5/krb5.h> instead of <krb5/krb5/krb5.h> (ldv@).

wget-1.15-alt2   build Michael Shigorin, 2014-10-28


- added upstream patch for CVE-2014-4877 (arbitrary symlink access)
+ not packaging 1.16 yet due to progresbar regressions in UTF-8 locales

pidgin-2.10.10-alt1   build Gleb F-Malinovskiy, 2014-10-27


- New version (CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3697
CVE-2014-3698).

adobe-flash-player-11-alt34   build Sergey V Turchin, 2014-10-15


- new version
- security fixes: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572

rsyslog-8.4.2-alt1   build Alexey Shabalin, 2014-10-09


- 8.4.2 (v8-stable)
- fixed CVE-2014-3634, CVE-2014-3683

chromium-38.0.2125.101-alt1   build Andrey Cherepanov, 2014-10-09


- New version
- Security fixes:
- Critical CVE-2014-3188: A special thanks to Juri Aedla for a
combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.
- High CVE-2014-3189: Out-of-bounds read in PDFium.
- High CVE-2014-3190: Use-after-free in Events.
- High CVE-2014-3191: Use-after-free in Rendering.
- High CVE-2014-3192: Use-after-free in DOM.
- High CVE-2014-3193: Type confusion in Session Management.
- High CVE-2014-3194: Use-after-free in Web Workers.
- Medium CVE-2014-3195: Information Leak in V8.
- Medium CVE-2014-3197: Information Leak in XSS Auditor.
- Medium CVE-2014-3198: Out-of-bounds read in PDFium.
- Low CVE-2014-3199: Release Assert in V8 bindings.
- Replace chromium-support-ModeSwitch-key.patch by upstream version from
commit 8585724

libvirt-1.2.9-alt1   build Alexey Shabalin, 2014-10-03


- 1.2.9
- fixed CVE-2014-3633, CVE-2014-3657

bash4-4.2.50-alt1   build Dmitry V. Levin, 2014-09-28


- Updated to 4.2 patchlevel 50 (fixes: CVE-2014-6278).

bash-3.2.53-alt1   build Dmitry V. Levin, 2014-09-26


- Updated to 3.2 patchlevel 53.
- Applied OOB array access fix from Florian Weimer
(fixes: CVE-2014-7186, CVE-2014-7187).

chromium-37.0.2062.124-alt2   build Andrey Cherepanov, 2014-09-26


- New version
- Security fixes:
- CVE-2014-1568: RSA signature malleability in NSS
- Fix path and version detection of PepperFlash

bash4-4.2.49-alt1   build Dmitry V. Levin, 2014-09-26


- Updated to 4.2 patchlevel 49 (fixes: CVE-2014-7169).
- Applied OOB array access fix from Florian Weimer
(fixes: CVE-2014-7186, CVE-2014-7187).

bash-3.2.52-alt1   build Dmitry V. Levin, 2014-09-25


- Updated to 3.2 patchlevel 52.
- Applied upstream fix for CVE-2014-7169.
- Applied functions export hardening patch from Florian Weimer
(fixes: CVE-2014-6278).

bash4-4.2.45-alt2   build Dmitry V. Levin, 2014-09-23


- Applied upstream fix for CVE-2014-6271.

bash-3.2.51-alt3   build Dmitry V. Levin, 2014-09-22


- Applied upstream fix for CVE-2014-6271.

nginx-1.6.2-alt1   build Denis Smirnov, 2014-09-18


- 1.6.2
- CVE-2014-3616

chromium-37.0.2062.120-alt1   build Andrey Cherepanov, 2014-09-18


- New version
- Security fixes:
- High CVE-2014-3178: Use-after-free in rendering.
- Disable bundled binutils and gold

libmodplug-0.8.8.5-alt1   build Michael Shigorin, 2014-09-10


- 0.8.8.5
+ CVE-2013-4233, CVE-2013-4234 fixes

adobe-flash-player-11-alt33   build Sergey V Turchin, 2014-09-10


- new version
- security fixes:
CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550,
CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554,
CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559

lua5-5.1.5-alt1   build Terechkov Evgenii, 2014-09-07


- Patch for CVE-2014-5461 applied
- 5.1.4 -> 5.1.5
- lua-5.1.4 patches reverted
- applied official pathes #1/#2 from lua.org/bugs.html

python-module-django-horizon-2014.1.2-alt2   build Lenar Shakirov, 2014-09-07


- Tests disabled temporary
- 0101-Add-ru-locale-horizon.patch updated
- 0102-CVE-2014-3594.patch added
- AutoReq: yes, nopython for theme subpackage

xen-4.4.1-alt0.7   build Led, 2014-08-28


- upstream fixes:
+ CVE-2014-4611

chromium-37.0.2062.94-alt1   build Andrey Cherepanov, 2014-08-27


- New version
- Security fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to
lokihardt@asrt for a combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the
sandbox.
- High CVE-2014-3168: Use-after-free in SVG.
- High CVE-2014-3169: Use-after-free in DOM.
- High CVE-2014-3170: Extension permission dialog spoofing.
- High CVE-2014-3171: Use-after-free in bindings.
- Medium CVE-2014-3172: Issue related to extension debugging.
- Medium CVE-2014-3173: Uninitialized memory read in WebGL.
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio.

kernel-image-led-ws-3.15.10-alt4   build Led, 2014-08-21


- updated:
+ fix-arch-s390
+ fix-drivers-iommu--amd_iommu
+ fix-drivers-iommu--intel-iommu
+ fix-fs (CVE-2014-5206, CVE-2014-5207)
+ fix-fs-btrfs
- added:
+ fix-drivers-iommu--iommu
+ fix-drivers-md--raid456
+ fix-fs-autofs4

kernel-image-led-vs-3.15.10-alt4   build Led, 2014-08-21


- updated:
+ fix-arch-s390
+ fix-drivers-iommu--amd_iommu
+ fix-drivers-iommu--intel-iommu
+ fix-fs (CVE-2014-5206, CVE-2014-5207)
+ fix-fs-btrfs
- added:
+ fix-drivers-iommu--iommu
+ fix-drivers-md--raid456
+ fix-fs-autofs4

kernel-image-led-xen-3.15.10-alt4   build Led, 2014-08-21


- updated:
+ fix-arch-s390
+ fix-drivers-iommu--amd_iommu
+ fix-drivers-iommu--intel-iommu
+ fix-fs (CVE-2014-5206, CVE-2014-5207)
+ fix-fs-btrfs
- added:
+ fix-drivers-iommu--iommu
+ fix-drivers-md--raid456
+ fix-fs-autofs4
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009