Sisyphus repository
Last update: 15 january 2021 | SRPMs: 17777 | Visits: 20051174
en ru br
Security fixes

kernel-image-std-def-5.4.89-alt1   build Kernel Bot, 2021-01-13

- v5.4.89 (Fixes: CVE-2020-28374)

kernel-image-un-def-5.10.7-alt1   build Kernel Bot, 2021-01-13

- v5.10.7 (Fixes: CVE-2020-28374)

kernel-image-std-debug-5.4.89-alt1   build Kernel Bot, 2021-01-13

- v5.4.89 (Fixes: CVE-2020-28374)

dovecot-2.3.13-alt1   build Andrey Cherepanov, 2021-01-12

- Updated to 2.3.13 (fixes CVE-2020-24386, CVE-2020-25275).

thunderbird-78.6.1-alt1   build Andrey Cherepanov, 2021-01-12

- New version (78.6.1).
- Security fixes:
+ CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

chromium-87.0.4280.141-alt1   build Alexey Gladkov, 2021-01-08

- New version (87.0.4280.141).
- Security fixes:
- CVE-2020-15995: Out of bounds write in V8.
- CVE-2020-16043: Insufficient data validation in networking.
- CVE-2021-21106: Use after free in autofill.
- CVE-2021-21107: Use after free in drag and drop.
- CVE-2021-21108: Use after free in media.
- CVE-2021-21109: Use after free in payments.
- CVE-2021-21110: Use after free in safe browsing.
- CVE-2021-21111: Insufficient policy enforcement in WebUI.
- CVE-2021-21112: Use after free in Blink.
- CVE-2021-21113: Heap buffer overflow in Skia.
- CVE-2021-21114: Use after free in audio.
- CVE-2021-21115: Use after free in safe browsing.
- CVE-2021-21116: Heap buffer overflow in audio.

firefox-84.0.2-alt1   build Alexey Gladkov, 2021-01-06

- New release (84.0.2).
- Security fixes:
+ CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
- Add firefox GNOME Shell search provider.
- Enable smooth scrolling option.

firefox-esr-78.6.1-alt1   build Andrey Cherepanov, 2021-01-06

- New version (78.6.1).
- Security fixes:
+ CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

curl-7.74.0-alt1   build Anton Farygin, 2020-12-30

- 7.74.0
- Fixes:
* CVE-2020-8286 Inferior OCSP verification
* CVE-2020-8285 FTP wildcard stack overflow
* CVE-2020-8284 trusting FTP PASV responses

libopenjpeg2.0-2.4.0-alt1   build Yuri N. Sedunov, 2020-12-29

- updated to v2.4.0-2-gb897e2cb (fixed CVE-2020-8112, CVE-2020-6851
CVE-2019-6988, CVE-2019-12973)
- new -devel-doc subpackage
- fixed License tag

roundcube-1.4.10-alt1   build Vitaly Lipatov, 2020-12-28

- new version 1.4.10 (with rpmrb script)
- CVE-2020-35730

openldap-2.4.56-alt1   build Alexey Shabalin, 2020-12-27

- 2.4.55 (Fixes: CVE-2020-25692)

ceph-15.2.8-alt1   build Alexey Shabalin, 2020-12-24

- 15.2.8
- Fixes for the following security vulnerabilities:
+ CVE-2020-27781 OpenStack Manila use of library
allowed tenant access to any Ceph credential's secret.

mediawiki-1.35.1-alt1   build Vitaly Lipatov, 2020-12-23

- new version 1.35.1 (with rpmrb script)
- T268894, CVE-2020-35474, T268917, CVE-2020-35475
- T268938, CVE-2020-35478, CVE-2020-35479
- T205908, CVE-2020-35477, T120883, CVE-2020-35480

chromium-87.0.4280.88-alt1   build Alexey Gladkov, 2020-12-20

- New version (87.0.4280.88).
- Security fixes:
- CVE-2020-16037: Use after free in clipboard.
- CVE-2020-16038: Use after free in media.
- CVE-2020-16039: Use after free in extensions.
- CVE-2020-16040: Insufficient data validation in V8.
- CVE-2020-16041: Out of bounds read in networking.
- CVE-2020-16042: Uninitialized Use in V8.

libdb4.7-4.7.25-alt10   build Dmitry V. Levin, 2020-12-19

- Do not access DB_CONFIG when env->db_home is not set (fixes: CVE-2017-10140).
- Build without RPC support.

wildmidi-0.4.3-alt1   build Aleksei Nikiforov, 2020-12-18

- Updated to upstream version 0.4.3 (Fixes: CVE-2017-1000418).

a2ps-4.14-alt3   build Aleksei Nikiforov, 2020-12-18

- Applied security patches from Debian and Gentoo (Fixes: CVE-2014-0466, CVE-2015-8107).

icoutils-0.32.3-alt1   build Aleksei Nikiforov, 2020-12-17

- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208,
CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).

dnstracer-1.9-alt2   build Aleksei Nikiforov, 2020-12-17

- Applied security patch from Gentoo (Fixes: CVE-2017-9430).

firefox-84.0-alt1   build Alexey Gladkov, 2020-12-17

- New release (84.0).
- Security fixes:
+ CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
+ CVE-2020-26971: Heap buffer overflow in WebGL
+ CVE-2020-26972: Use-After-Free in WebGL
+ CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
+ CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
+ CVE-2020-26975: Malicious applications on Android could have induced Firefox for Android into sending arbitrary attacker-specified headers
+ CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
+ CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
+ CVE-2020-26979: When entering an address in the address or search bars, a website could have redirected the user before they were navigated to the intended url
+ CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
+ CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
+ CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
+ CVE-2020-35114: Memory safety bugs fixed in Firefox 84

mgetty-1.2.1-alt1   build Aleksei Nikiforov, 2020-12-16

- Updated to upstream version 1.2.1 (Fixes: CVE-2018-16741, CVE-2018-16742,
CVE-2018-16743, CVE-2018-16744, CVE-2018-16745, CVE-2019-1010189, CVE-2019-1010190).

glibc-2.32-alt1   build Gleb F-Malinovskiy, 2020-12-16

- Updated to glibc-2.32-23-g050022910b from 2.32 branch
(fixes CVE-2016-10228, CVE-2020-27618).

dpdk-19.11.5-alt1   build Alexey Shabalin, 2020-12-16

- Update to LTS release 19.11.5
- Add libdpdk package
- Fixes for the following security vulnerabilities:
+ CVE-2020-14374 vhost/crypto: fix data length check
+ CVE-2020-14378 vhost/crypto: fix incorrect descriptor deduction
+ CVE-2020-14376, CVE-2020-14377 vhost/crypto: fix missed request check for copy mode
+ CVE-2020-14375 vhost/crypto: fix possible TOCTOU attack

gdm-   build Yuri N. Sedunov, 2020-12-15

- (fixed CVE-2020-27837)
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin