Sisyphus repository
Last update: 20 september 2017 | SRPMs: 18013 | Visits: 10006955
en ru br
Security fixes

libgcrypt-1.7.9-alt1.S1   build Sergey V Turchin, 2017-09-18


- new version
- security fixes: CVE-2017-0379

tor-0.3.1.7-alt1.S1   build Vladimir Didenko, 2017-09-18


- new version (Fixes: CVE-2017-0380)

wireshark-2.4.1-alt1.S1   build Anton Farygin, 2017-09-18


- 2.4.1 with following fixes:
* wnpa-sec-2017-38 MSDP dissector infinite loop CVE-2017-13767
* wnpa-sec-2017-39 Profinet I/O buffer overrun CVE-2017-13766
* wnpa-sec-2017-40 Modbus dissector crash CVE-2017-13764
* wnpa-sec-2017-41 IrCOMM dissector buffer overrun CVE-2017-13765

ffmpeg-3.3.4-alt1   build Anton Farygin, 2017-09-18


- 3.3.4 with fixes for multiple vilnerabilities (CVE-2017-14054, CVE-2017-14055,
CVE-2017-14059, CVE-2017-14058, CVE-2017-14057, CVE-2017-14225, CVE-2017-14170,
CVE-2017-14056, CVE-2017-14222, CVE-2017-14169, CVE-2017-14223, CVE-2017-14171)

ruby-2.4.2-alt1   build Andrey Cherepanov, 2017-09-16


- New version 2.4.2
- Security fixes:
+ CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
+ CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
+ CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
+ CVE-2017-14064: Heap exposure in generating JSON

mariadb-10.1.26-alt1.S1   build Alexey Shabalin, 2017-09-14


- 10.1.26
- Fixes for the following security vulnerabilities:
+ CVE-2017-3636
+ CVE-2017-3641
+ CVE-2017-3653

chromium-61.0.3163.79-alt1   build Alexey Gladkov, 2017-09-12


- New version (61.0.3163.79).
- CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen (@l4wio) of KeenLab, Tencent on 2017-06-27
- CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10
- CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20
- CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07
- CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17
- CVE-2017-5116: Type confusion in V8. Reported Guang Gong of Alpha Team, Qihoo 360 on 2017-08-28
- CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04
- CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24
- CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

gdm-3.24.3-alt1   build Yuri N. Sedunov, 2017-09-12


- 3.24.3 (fixed CVE-2017-12164)

openldap-2.4.45-alt1   build Anton V. Boyarshinov, 2017-09-11


- updated to 2.4.45 (Fixes: CVE-2017-9287)

libraw-0.18.3-alt1   build Yuri N. Sedunov, 2017-09-11


- 0.18.3 (fixed CVE-2017-13735)

ruby-2.4.1-alt1   build Andrey Cherepanov, 2017-09-05


- New version 2.4.1 with gems 2.6.13
- Security fixes:
+ CVE-2017-0902 a DNS request hijacking vulnerability
+ CVE-2017-0899 an ANSI escape sequence vulnerability
+ CVE-2017-0900 a DoS vulnerability in the query command
+ CVE-2017-0901 a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
- ext/tk: Tk is removed from stdlib. [Feature #8539]

potrace-1.15-alt1   build Yuri N. Sedunov, 2017-08-19


- 1.15 (fixed CVE-2017-12067)

adobe-flash-player-ppapi-26-alt2.S1   build Sergey V Turchin, 2017-08-17


- new version
- security fixes: CVE-2017-3085, CVE-2017-3106

libsoup-2.58.2-alt1   build Yuri N. Sedunov, 2017-08-14


- 2.58.2 (fixed CVE-2017-2885)

firefox-55.0.1-alt1   build Alexey Gladkov, 2017-08-13


- New release (55.0.1).
- Fixed:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7806: Use-after-free in layer manager with SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7808: CSP information leak with frame-ancestors containing paths
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
+ CVE-2017-7794: Linux file truncation via sandbox broker
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7799: Self-XSS XUL injection in about:webrtc
+ CVE-2017-7783: DOS attack through long username in URL
+ CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
+ CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
+ CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
+ CVE-2017-7796: Windows updater can delete any file named update.log
+ CVE-2017-7797: Response header name interning leaks across origins
+ CVE-2017-7780: Memory safety bugs fixed in Firefox 55
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

perl-5.24.2-alt1   build Igor Vlasenko, 2017-08-09


- 5.24.1 -> 5.24.2 (CVE-2016-1238)

postgresql9.3-9.3.18-alt1   build Alexei Takaseev, 2017-08-09


- 9.3.18
- fix CVE-2017-7547

postgresql9.6-1C-9.6.4-alt1   build Alexei Takaseev, 2017-08-09


- 9.6.4
- fix CVE-2017-7547

postgresql9.4-9.4.13-alt1   build Alexei Takaseev, 2017-08-09


- 9.4.13
- fix CVE-2017-7547

postgresql9.5-9.5.8-alt1   build Alexei Takaseev, 2017-08-09


- 9.5.8
- fix CVE-2017-7547

postgresql9.6-9.6.4-alt1   build Alexei Takaseev, 2017-08-09


- 9.6.4
- fix CVE-2017-7547

curl-7.55.0-alt1.S1   build Anton Farygin, 2017-08-09


- new version with following security fixes:
* CVE-2017-1000101 glob: do not parse after a strtoul() overflow range
* CVE-2017-1000100 tftp: reject file name lengths that don't fit
* CVE-2017-1000099 file: output the correct buffer to the user

libssh-0.7.5-alt1.S1   build Sergey V Turchin, 2017-08-08


- new version
- security fix: CVE-2016-0739

c-ares-1.13.0-alt1.S1   build Anton Farygin, 2017-08-08


- 1.13.0 with these security fixes:
* CVE-2016-5180 - Heap-based buffer overflow in the ares_create_query function.
* CVE-2017-1000381 - NAPTR parser out of bounds access.

firefox-esr-52.3.0-alt1   build Andrey Cherepanov, 2017-08-08


- New ESR version (52.3.0)
- Security fixes:
+ CVE-2017-7798: XUL injection in the style editor in devtools
+ CVE-2017-7800: Use-after-free in WebSockets during disconnection
+ CVE-2017-7801: Use-after-free with marquee during window resizing
+ CVE-2017-7809: Use-after-free while deleting attached editor DOM node
+ CVE-2017-7784: Use-after-free with image observers
+ CVE-2017-7802: Use-after-free resizing image elements
+ CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
+ CVE-2017-7786: Buffer overflow while painting non-displayable SVG
+ CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
+ CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
+ CVE-2017-7807: Domain hijacking through AppCache fallback
+ CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
+ CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
+ CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
+ CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
+ CVE-2017-7803: CSP containing 'sandbox' improperly applied
+ CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin