Security fixes
adobe-flash-player-11-alt19
build Sergey V Turchin,
2013-06-17
- 11.2.202.291 (x86,x86-64)
- security fixes: CVE-2013-3343
kernel-image-el-def-2.6.32-alt7 build Led, 2013-06-13
- 2.6.32-358.11.1.el6:
+ CVE-2013-1935
+ CVE-2013-1943
+ CVE-2013-2017
chromium-27.0.1453.110-alt1.r202711 build Andrey Cherepanov, 2013-06-05
- New version 27.0.1453.110
- Security fixes:
- Critical CVE-2013-2863: Memory corruption in SSL socket handling.
- High CVE-2013-2856: Use-after-free in input handling.
- High CVE-2013-2857: Use-after-free in image handling.
- High CVE-2013-2858: Use-after-free in HTML5 Audio.
- High CVE-2013-2859: Cross-origin namespace pollution.
- High CVE-2013-2860: Use-after-free with workers accessing database APIs.
- High CVE-2013-2861: Use-after-free with SVG.
- High CVE-2013-2862: Memory corruption in Skia GPU handling.
- High CVE-2013-2864: Bad free in PDF viewer.
- High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.
- Medium CVE-2013-2855: Memory corruption in dev tools API.
kernel-image-un-def-3.9.4-alt2 build Anton V. Boyarshinov, 2013-06-04
- CVE-2013-2850 fixed
kernel-image-std-pae-3.9.4-alt2 build Anton V. Boyarshinov, 2013-06-04
- CVE-2013-2850 fixed
kernel-image-std-def-3.9.4-alt2 build Anton V. Boyarshinov, 2013-06-04
- CVE-2013-2850 fixed
adobe-flash-player-11-alt18 build Sergey V Turchin, 2013-06-03
- 11.2.202.285 (x86,x86-64)
- security fixes:
CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326,
CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330,
CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334,
CVE-2013-3335
kernel-image-led-ws-3.4.47-alt4 build Led, 2013-05-31
- added:
+ fix-drivers-target-iscsi (CVE-2013-2850)
+ fix-net-netfilter--xt_LOG
chromium-27.0.1453.93-alt1.r200836 build Andrey Cherepanov, 2013-05-30
- New version 27.0.1453.93
- Security fixes:
- High CVE-2013-2836: Various fixes from internal audits, fuzzing and
other initiatives.
- High CVE-2013-2837: Use-after-free in SVG.
- High CVE-2013-2839: Bad cast in clipboard handling.
- High CVE-2013-2840: Use-after-free in media loader.
- High CVE-2013-2841: Use-after-free in Pepper resource handling.
- High CVE-2013-2842: Use-after-free in widget handling.
- High CVE-2013-2843: Use-after-free in speech handling.
- High CVE-2013-2844: Use-after-free in style resolution.
- High CVE-2013-2845: Memory safety issues in Web Audio.
- High CVE-2013-2846: Use-after-free in media loader.
- High CVE-2013-2847: Use-after-free race condition with workers.
- Medium CVE-2013-2848: Possible data extraction with XSS Auditor.
- Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
- Web pages load 5% faster on average
- New chrome.syncFileSystem API
- Improved ranking of predictions, improved spell correction, and
numerous fundamental improvements for Omnibox predictions. Please see
the Help Center for more information on our updated policies.
socat-1.7.2.2-alt1 build Dmitry V. Levin, 2013-05-27
- Updated to 1.7.2.2 (fixes CVE-2013-3571).
krb5-1.11.2-alt2 build Ivan A. Melnikov, 2013-05-14
- add patch 23 from upstream git to fix kpasswd udp ping-pong
(CVE-2002-2443).
kernel-image-el-def-2.6.32-alt6 build Led, 2013-05-14
- perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)
- added gpu/drm/gma500
kernel-image-ovz-el-2.6.32-alt88 build Led, 2013-05-14
- perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094)
chromium-26.0.1410.57-alt1.r191765 build Andrey Cherepanov, 2013-05-13
- New version 26.0.1410.57
- Security fixes:
- High CVE-2013-0927: Unsafe config option loading in Pango.
- Requires new version speech-dispatcher
kernel-image-led-ws-3.4.43-alt1 build Led, 2013-05-07
- 3.4.43
- updated:
+ fix-drivers-tty
+ fix-mm--mmu
+ fix-net-core (CVE-2013-0290)
- added:
+ fix-net-unix--unix (CVE-2013-0290)
- disabled:
+ UCB1400_CORE
+ GPIO_UCB1400
+ TOUCHSCREEN_UCB1400
nginx-1.4.1-alt1 build Denis Smirnov, 2013-05-07
- 1.4.1
- CVE-2013-2028
strongswan-5.0.4-alt1 build Michael Shigorin, 2013-04-30
- 5.0.4: CVE-2013-2944 fix (ECDSA signature vulnerability
if openssl backend is loaded)
apache2-2.2.24-alt1 build Aleksey Avdeev, 2013-04-14
- 2.2.24
- Security fixes (CVE-2012-3499, CVE-2012-4558, CVE-2012-0883,
CVE-2012-2687)
adobe-flash-player-11-alt17 build Sergey V Turchin, 2013-04-11
- 11.2.202.280 (x86,x86-64)
- security fixes:
CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555
kernel-modules-nvidia-std-pae-310.44-alt1.. build Sergey V Turchin, 2013-04-03
- new releases (310.44 and 304.88)
- security fixes:
CVE-2013-0131
kernel-modules-nvidia-un-def-310.44-alt1.. build Sergey V Turchin, 2013-04-03
- new releases (310.44 and 304.88)
- security fixes:
CVE-2013-0131
kernel-modules-nvidia-hpc-skif-310.44-alt1.. build Sergey V Turchin, 2013-04-03
- new releases (310.44 and 304.88)
- security fixes:
CVE-2013-0131
kernel-modules-nvidia-std-def-310.44-alt1.. build Sergey V Turchin, 2013-04-03
- new releases (310.44 and 304.88)
- security fixes:
CVE-2013-0131
kernel-modules-nvidia-led-ws-310.44-alt1.. build Sergey V Turchin, 2013-04-03
- new releases (310.44 and 304.88)
- security fixes:
CVE-2013-0131
mariadb-5.5.30-alt10 build Michael Shigorin, 2013-04-01
- New version
- NB: 5.5.29 had important security fixes, including:
+ A buffer overflow that can cause a server crash or
arbitrary code execution (a variant of CVE-2012-5611)
+ CVE-2012-5627 fast password brute-forcing using the "change user"
+ CVE-2012-5615 information leakage about existing user accounts
via the protocol handshake
+ fixes for DoS attacks - crashes and server lockups
+ all security fixes from MySQL 5.5.29, such as fix for CVE-2012-5612
- please note that client libraries are now built from MariaDB code;
these should be backwards compatible (but still add 84 symbols),
see also #28289
+ merged fedora's version script changes (but left ours in too)
- selectively synced build options with fedora
+ enabled readline support
+ do not force PBXT storage plugin build (deprecated in 5.5)
- see also https://kb.askmonty.org/en/about-pbxt/
- causes ICE
- removed MySQL-MariaDB subpackage being rather superfluous
- updated BR: (see #16878)
- bumped Release: to be higher than MySQL's, just in case
design & coding: Vladimir Lettiev aka crux © 2004-2005,
Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin
current maintainer: Michael Shigorin