Sisyphus repositório
Última atualização: 5 março 2021 | SRPMs: 17846 | Visitas: 20402394
en ru br
As correcções de segurança

qt4-4.8.7-alt22   build Aleksei Nikiforov, 2021-03-04


- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.

wpa_supplicant-2.9-alt4   build Sergey Bolshakov, 2021-03-01


- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)

firefox-86.0-alt1   build Alexey Gladkov, 2021-03-01


- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86

ipmitool-1.8.18-alt4   build Anton Farygin, 2021-02-27


- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10

cve-manager-0.48.0-alt1   build Alexey Appolonov, 2021-02-26


- URLs of distro lists turned into custom parameters;
- Execution of the "cve-download" module is terminated immediately if any of
the required info can't be downloaded;
- Ability to download FSTEC vulnerability list is fixed;
- Tolerance to the FSTEC source (the FSTEC source is not yet fully supported,
but cve-manager does not fail if the FSTEC source is not excluded and if any
operation regarding FSTEC fails).

thunderbird-78.8.0-alt1   build Andrey Cherepanov, 2021-02-25


- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8

python3-module-django-2.2.19-alt1   build Alexey Shabalin, 2021-02-24


- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()

libjpeg-turbo-2.0.6-alt1   build Sergey Bolshakov, 2021-02-24


- 2.0.6 released (fixes: CVE-2020-13790)

wireshark-3.4.3-alt1   build Anton Farygin, 2021-02-24


- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)

xterm-366-alt1   build Fr. Br. George, 2021-02-24


- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)

firefox-esr-78.8.0-alt1   build Andrey Cherepanov, 2021-02-23


- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

node-14.16.0-alt1   build Vitaly Lipatov, 2021-02-23


- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect

bind-9.11.28-alt1   build Stanislav Levin, 2021-02-18


- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).

dotnet-bootstrap-5.0-5.0.3-alt1   build Vitaly Lipatov, 2021-02-17


- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-2.1-2.1.25-alt1   build Vitaly Lipatov, 2021-02-17


- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-3.1-3.1.12-alt1   build Vitaly Lipatov, 2021-02-17


- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt1   build Vitaly Lipatov, 2021-02-17


- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-3.1-3.1.12-alt1   build Vitaly Lipatov, 2021-02-17


- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-2.1-2.1.25-alt1   build Vitaly Lipatov, 2021-02-17


- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-3.1-3.1.12-alt1   build Vitaly Lipatov, 2021-02-17


- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-corefx-3.1-3.1.12-alt1   build Vitaly Lipatov, 2021-02-17


- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt1   build Vitaly Lipatov, 2021-02-17


- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-3.1-3.1.406-alt1   build Vitaly Lipatov, 2021-02-17


- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt1   build Vitaly Lipatov, 2021-02-17


- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

lldpd-1.0.8-alt1   build Alexey Shabalin, 2021-02-16


- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009