Sisyphus repository
Last update: 24 april 2019 | SRPMs: 17669 | Visits: 13464012
en ru br
Security fixes

gnome-desktop3-   build Yuri N. Sedunov, 2019-04-23

- (fixed CVE-2019-11459)

python-module-urllib3-1.24.2-alt1   build Stanislav Levin, 2019-04-22

- 1.24.1 -> 1.24.2 (fixes: CVE-2019-11324).

kernel-image-std-pae-4.19.35-alt1   build Kernel Bot, 2019-04-17

- v4.19.35 (Fixes: CVE-2019-3887)

kernel-image-std-def-4.19.35-alt1   build Kernel Bot, 2019-04-17

- v4.19.35 (Fixes: CVE-2019-3887)

cve-manager-0.21.0-alt1   build Alexey Appolonov, 2019-04-17

- Compatibility with MySQL 8.*;
- Modifyed mapping process - src/bin lists of all the branches are combined
as src_united/bin_united and then processed in that combined form;
- Much more intelligent approach to parallel execution of the modules,
especially two most time consuming modules - cpe-map and cve-issues;
- Improved feedback in multiprocessing mode;
- 'CURE' suggestions in cve-monitor's reports.

kernel-image-un-def-5.0.8-alt1   build Kernel Bot, 2019-04-17

- v5.0.8 (Fixes: CVE-2019-3887)

kernel-image-std-debug-4.19.35-alt1   build Kernel Bot, 2019-04-17

- v4.19.35 (Fixes: CVE-2019-3887)

graphviz-2.40.1-alt5   build Vitaly Lipatov, 2019-04-16

- build without internal libltdl (ALT bug 36596)
- applied patches from Fedora
- CVE-2018-10196

samba-4.10.2-alt1   build Evgeny Sinelikov, 2019-04-11

- Update to spring security release
- Security fixes:
+ CVE-2019-3870 World writable files in Samba AD DC private/ dir
+ CVE-2019-3880 Save registry file outside share as unprivileged user

wireshark-3.0.1-alt1   build Anton Farygin, 2019-04-10

- 3.0.1
- fixes:
* NetScaler file parser crash. CVE-2019-10895
* SRVLOC dissector crash. CVE-2019-10899
* IEEE 802.11 dissector infinite loop. CVE-2019-10897
* GSUP dissector infinite loop. CVE-2019-10898
* Rbm dissector infinite loop. CVE-2019-10900
* GSS-API dissector crash. CVE-2019-10894
* DOF dissector crash. CVE-2019-10896
* TSDNS dissector crash. CVE-2019-10902
* LDSS dissector crash. CVE-2019-10901
* DCERPC SPOOLSS dissector crash. CVE-2019-10903

libtiff-   build Vladimir D. Seleznev, 2019-04-09

- Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677).
- Applied SUSE patches:
+ tiff-4.0.3-seek.patch;
+ tiff-4.0.3-compress-warning.patch;
+ tiff-CVE-2018-12900.patch.
- Built with support of:
+ libjbig;
+ libwebp;
+ libzstd.
- Fixes:
+ CVE-2012-4564 Zero size buffer exploit in ppm2tiff;
+ CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip();
+ CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image();
+ CVE-2013-4243 Heap-based buffer overflow in the readgifimage();
+ CVE-2013-4244 DoS or possible RCE via crafted GIF image;
+ CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool;
+ CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf;
+ CVE-2014-8130 Divide-by-zero error in _TIFFmalloc();
+ CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif;
+ CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak);
+ CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().

libwebkitgtk4-2.24.1-alt1   build Yuri N. Sedunov, 2019-04-09

- 2.24.1 (fixed CVE-2019-6251)

flatpak-1.2.4-alt1   build Yuri N. Sedunov, 2019-04-07

- 1.2.4 (fixed CVE-2019-10063)

libopenjpeg2.0-2.3.1-alt1   build Yuri N. Sedunov, 2019-04-03

- 2.3.1 (fixed CVE-2017-14041, CVE-2018-6616, CVE-2018-5785, CVE-2018-14423)

cracklib-2.9.7-alt1   build Yuri N. Sedunov, 2019-04-02

- 2.9.7 (fixed CVE-2016-6318)

edk2-20190308-alt1   build Alexey Shabalin, 2019-04-02

- edk2-stable201903 (Fixes: CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2018-3630)

apache2-2.4.39-alt1   build Anton Farygin, 2019-04-02

- 2.4.39
- fixes:
* Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211
* mod_auth_digest access control bypass. CVE-2019-0217
* mod_ssl access control bypass. CVE-2019-0215
* Apache httpd URL normalization inconsistincy. CVE-2019-0220

exiv2-0.26-alt3   build Michael Shigorin, 2019-04-01

- E2K: tweaked CVE-2017-17725 patch to fix ftbfs with lcc-1.23

clamav-0.101.2-alt1   build Sergey Y. Afonin, 2019-03-28

- 0.101.2
+ CVE-2019-1787, CVE-2019-1789, CVE-2019-1788 - 0.101.1 and prior
+ CVE-2019-1786, CVE-2019-1785, CVE-2019-1798 - 0.101.1 and 0.101.0 only
- switched to libpcre2

gnutls30-3.6.7-alt1   build Mikhail Efremov, 2019-03-28

- Updated to 3.6.7 (fixes: CVE-2019-3836, CVE-2019-3829).
- Don't make check in parallel mode.

ruby-loofah-2.2.3-alt1   build Ivan A. Melnikov, 2019-03-27

- 2.2.3 (CVE-2018-16468);
- fix version in gamespec for packaging (closes: #36441).

firefox-66.0.1-alt1   build Alexey Gladkov, 2019-03-27

- New release (66.0.1).
- Use cairo-gtk3-wayland toolkit.
- Add firefox-wayland sub-package.
- Fixed:
+ CVE-2019-9790: Use-after-free when removing in-use DOM elements
+ CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
+ CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
+ CVE-2019-9794: Command line arguments not discarded during execution
+ CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
+ CVE-2019-9796: Use-after-free with SMIL animation controller
+ CVE-2019-9797: Cross-origin theft of images with createImageBitmap
+ CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location
+ CVE-2019-9799: Information disclosure via IPC channel messages
+ CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
+ CVE-2019-9802: Chrome process information leak
+ CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
+ CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
+ CVE-2019-9805: Potential use of uninitialized memory in Prio
+ CVE-2019-9806: Denial of service through successive FTP authorization prompts
+ CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages
+ CVE-2019-9809: Denial of service through FTP modal alert error messages
+ CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs
+ CVE-2019-9789: Memory safety bugs fixed in Firefox 66
+ CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
+ CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
+ CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations

thunderbird-60.6.1-alt1   build Andrey Cherepanov, 2019-03-26

- New version (60.6.1).
- Fixes:
+ CVE-2019-9810 IonMonkey MArraySlice has incorrect alias information
+ CVE-2019-9813 Ionmonkey type confusion with __proto__ mutations

ffmpeg-4.1.2-alt1   build Anton Farygin, 2019-03-25

- 4.1.2 (fixes: CVE-2019-9718, CVE-2019-9721)

libssh2-1.8.1-alt1   build Alexey Shabalin, 2019-03-24

- 1.8.1
- Fixes for the following security vulnerabilities:
+ Fixed possible integer overflow when reading a specially crafted packet
+ Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
+ Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
+ Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
+ Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
+ Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
+ Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
+ Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
+ Fixed possible out of bounds reads in _libssh2_packet_require(v)
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin