Sisyphus repository
Last update: 18 november 2017 | SRPMs: 17918 | Visits: 10396772
en ru br
Security fixes

openvpn-2.4.4-alt1   build Nikolay A. Fetisov, 2017-11-18


- New version
- Security fixes:
+ CVE-2017-12166: Buffer overflow when using (obsolete) '--key-method 1'

kernel-image-std-def-4.9.63-alt1   build Kernel Bot, 2017-11-18


- v4.9.63 (Fixes: CVE-2017-13080)

kernel-image-un-def-4.13.14-alt1   build Kernel Bot, 2017-11-18


- v4.13.14 (Fixes: CVE-2017-13080)

kernel-image-std-pae-4.4.99-alt1   build Kernel Bot, 2017-11-18


- v4.4.99 (Fixes: CVE-2017-13080)

libxslt-1.1.32-alt1   build Vladimir D. Seleznev, 2017-11-15


- Updated to 1.1.32.
- Upstream support for SOURCE_DATE_EPOCH (ALT#32814).
- Fixes:
+ CVE-2017-5029 generation of text nodes integer overflow,
+ CVE-2016-1684 integer overflow (mishandle the i format token for
xsl:number),
+ CVE-2016-1683 out-of-bounds heap memory access (mishandle namespace nodes).

firefox-esr-52.5.0-alt1   build Andrey Cherepanov, 2017-11-15


- New ESR version (52.5.0)
- Fixes:
+ CVE-2017-7828 Use-after-free of PressShell while restyling layout
+ CVE-2017-7830 Cross-origin URL information leak through Resource
+ CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR

virtualbox-5.1.30-alt1   build Denis Medvedev, 2017-11-13


- new version 5.1.30
No more %ubt - too much changes between branches.
(Fixes: CVE-2017-10392,
CVE-2017-10407,
CVE-2017-10408,
CVE-2017-3733,
CVE-2017-10428)

chromium-62.0.3202.89-alt1   build Alexey Gladkov, 2017-11-13


- New version (62.0.3202.89).
- Security fixes:
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.

libwebkitgtk4-2.18.3-alt1   build Yuri N. Sedunov, 2017-11-11


- 2.18.3 (fixed CVE-2017-13798, CVE-2017-13788, CVE-2017-13803)

roundcube-1.3.3-alt1   build Vitaly Lipatov, 2017-11-10


- new version 1.3.3 (with rpmrb script)
- CVE-2017-16651

openssl10-1.0.2m-alt1   build Gleb F-Malinovskiy, 2017-11-04


- Updated to v1.0.2m (fixes CVE-2017-3735, CVE-2017-3736).

php5-5.6.32-alt1.S1   build Anton Farygin, 2017-11-03


- new version (Fixes: CVE-2016-1283)
- switched to the use a system-wide timezone configuration, patch from Debian (closes: #32202)

php7-7.1.11-alt1.S1   build Anton Farygin, 2017-11-03


- 7.1.11 (Fixes: CVE-2016-1283)

kernel-image-std-def-4.9.60-alt1   build Kernel Bot, 2017-11-02


- v4.9.60 (Fixes: CVE-2017-12193)

kernel-image-un-def-4.13.11-alt1   build Kernel Bot, 2017-11-02


- v4.13.11 (Fixes: CVE-2017-12193)

kernel-image-std-pae-4.4.96-alt1   build Kernel Bot, 2017-11-02


- v4.4.96 (Fixes: CVE-2017-12193)

libvirt-3.8.0-alt1.S1   build Alexey Shabalin, 2017-10-30


- 3.8.0
- fixed CVE-2017-1000256

adobe-flash-player-ppapi-27-alt3.S1   build Sergey V Turchin, 2017-10-30


- new version
- security fixes: CVE-2017-11292

ffmpeg-3.3.5-alt1   build Anton Farygin, 2017-10-28


- 3.3.4
- fixes:
* CVE-2017-15186 double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder.

wget-1.19.2-alt1   build Michael Shigorin, 2017-10-27


- 1.19.2 (fixes: CVE-2017-13089, CVE-2017-13090)

glibc-2.25-alt3   build Gleb F-Malinovskiy, 2017-10-26


- Backported upstream fixes for sw bugs: 21209 21242 21265 21298 21386 21624
21654 21778 21972 (fixes for CVE-2017-15670 CVE-2017-15804).
- Packaged glibc sources as a separate package.

bzip2-1.0.6-alt5   build Dmitry V. Levin, 2017-10-24


- bzip2recover: fixed a use-after-free bug (by sem@; fixes: CVE-2016-3189).

chromium-62.0.3202.75-alt1   build Alexey Gladkov, 2017-10-24


- New version (62.0.3202.75).
- Security fixes:
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.

curl-7.56.1-alt1.S1   build Anton Farygin, 2017-10-23


- new version
- fixes:
* CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler

telegram-desktop-1.1.23-alt3   build Vitaly Lipatov, 2017-10-21


- fix old lang code in settings
- fix CVE-2016-10351: Insecure cWorkingDir permissions
- sync CMakeLists.txt with Gentoo, fix build with new Qt 5.9.2
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin