Sisyphus repository
Last update: 23 january 2019 | SRPMs: 18475 | Visits: 12887968
en ru br
Security fixes

php7-7.2.14-alt1   build Anton Farygin, 2019-01-15


- 7.2.14 (fixes: CVE-2018-19935)
- removed the .a archive from php7-mysqlnd package (closes: #34521)
- E2K: worked around the lack of gcc5's builtins in lcc-1.23 (closes: #35856)

adobe-flash-player-ppapi-32-alt1   build Sergey V Turchin, 2019-01-15


- new version (ALT#34555)
- security fixes:
CVE-2018-15978, CVE-2018-15981, CVE-2018-15982, CVE-2018-15983

wireshark-2.6.6-alt1   build Anton Farygin, 2019-01-13


- 2.6.6
- fixes:
* The 6LoWPAN dissector could crash. CVE-2019-5716
* The P_MUL dissector could crash. CVE-2019-5717
* The RTSE dissector and other dissectors could crash. CVE-2019-5718
* The ISAKMP dissector could crash. CVE-2019-5719

kernel-image-std-pae-4.14.92-alt1   build Kernel Bot, 2019-01-10


- v4.14.92 (Fixes: CVE-2018-19985)

kernel-image-std-def-4.14.92-alt1   build Kernel Bot, 2019-01-10


- v4.14.92 (Fixes: CVE-2018-19985)

kernel-image-std-debug-4.14.92-alt1   build Kernel Bot, 2019-01-10


- v4.14.92 (Fixes: CVE-2018-19985)

kernel-image-un-def-4.19.14-alt1   build Kernel Bot, 2019-01-10


- v4.19.14 (Fixes: CVE-2018-19985)

polkit-0.115-alt5   build Yuri N. Sedunov, 2019-01-09


- updated to 0.115-26-gc898fdf (fixed CVE-2018-19788)

krb5-1.16.3-alt1   build Ivan A. Melnikov, 2019-01-08


- 1.16.3 (CVE-2018-20217)
- apply bootstrap and e2k tweaks (mike@) (closes: #32982)
+ introduce doc, ldap, selinux, verto knobs (on by default)
+ conditionally package bundled libverto
+ e2k: disable -Werror={pointer-arith,uninitialized} (lcc)

openconnect-8.01-alt1   build Alexey Shabalin, 2019-01-08


- new version 8.01
- fixed clear form submissions before freeing (CVE-2018-20319)

systemd-240-alt3   build Mikhail Efremov, 2019-01-08


- journald: set a limit on the number of fields once more.
- Backported patches from upstream (fixes: CVE-2018-16864, CVE-2018-16865).

mailman-2.1.29-alt1   build Dmitry V. Levin, 2019-01-06


- 2.1.26 -> 2.1.29 (fixes: CVE-2018-0618, CVE-2018-13796).
- Enhanced init script.
- Added tmpfiles.d(5) rules and a systemd unit file for mailman.

tar-1.31-alt1   build Dmitry V. Levin, 2019-01-02


- tar: release_1_30-38-g3c2a2cd -> release_1_31 (fixes: CVE-2018-20482).
- gnulib: v0.1-2305-g95c96b6dd -> v0.1-2313-g4652c7baf.

ruby-2.5.4-alt1   build Pavel Skrylev, 2018-12-28


- Bump to 2.5.4;
- Russian description;
- Split tools to separate modules;
- Fixes:
+ CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives;
+ CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly;
- Modules pilled-out from the package:
+ json
+ minitest
+ update_rubygems
+ did_you_mean
+ net-telnet
+ power_assert
+ rake
+ test-unit
+ xmlrpc
+ rdoc

patch-2.7.6.0.17.9c98-alt1   build Dmitry V. Levin, 2018-12-26


- patch:
+ v2.7.6-15-g369dccc -> v2.7.6-17-g9c98635 (fixes: CVE-2018-6952);
+ Fix error handling with git-style patches (by Lubomir Rintel).
- gnulib: v0.1-1209-g24b3216 -> v0.1-2305-g95c96b6dd.

libraw-0.19.2-alt1   build Yuri N. Sedunov, 2018-12-24


- 0.19.2 (fixed CVE-2018-20363, CVE-2018-20364, CVE-2018-20365)

samba-4.9.4-alt1   build Evgeny Sinelnikov, 2018-12-20


- Update to first winter security release
- Security fixes regressions:
+ CVE-2018-16853 Do not segfault if client is not set
+ CVE-2018-14629 Fix CNAME loop prevention using counter regression

samba-DC-4.9.4-alt1   build Evgeny Sinelnikov, 2018-12-20


- Update to first winter security release
- Security fixes regressions:
+ CVE-2018-16853 Do not segfault if client is not set
+ CVE-2018-14629 Fix CNAME loop prevention using counter regression

firefox-64.0-alt1   build Alexey Gladkov, 2018-12-20


- New release (64.0).
- Fixed:
+ CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
+ CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492: Use-after-free with select element
+ CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
+ CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
+ CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
+ CVE-2018-18498: Integer overflow when calculating buffer sizes for images
+ CVE-2018-12406: Memory safety bugs fixed in Firefox 64
+ CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

chromium-71.0.3578.98-alt1   build Alexey Gladkov, 2018-12-14


- New version (71.0.3578.98).
- Security fixes:
- CVE-2018-17481: Use after free in PDFium.

kernel-image-std-pae-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

kernel-image-std-def-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

kernel-image-std-debug-4.14.88-alt1   build Kernel Bot, 2018-12-13


- v4.14.88 (Fixes: CVE-2018-14625)

kernel-image-un-def-4.19.9-alt1   build Kernel Bot, 2018-12-13


- v4.19.9 (Fixes: CVE-2018-14625)

firefox-esr-60.4.0-alt1   build Andrey Cherepanov, 2018-12-11


- New ESR version (60.4.0)
- Fixed:
+ CVE-2018-17466 Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
+ CVE-2018-18492 Use-after-free with select element
+ CVE-2018-18493 Buffer overflow in accelerated 2D canvas with Skia
+ CVE-2018-18494 Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
+ CVE-2018-18498 Integer overflow when calculating buffer sizes for images
+ CVE-2018-12405 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin