Sisyphus repository
Last update: 23 april 2021 | SRPMs: 17825 | Visits: 20784002
en ru br
Security fixes

SPICE-0.15.0-alt1   build Alexey Shabalin, 2021-04-22


- 0.15.0 (Fixes: CVE-2020-14355)

NetworkManager-1.30.4-alt1   build Mikhail Efremov, 2021-04-22


- Updated to 1.30.4 (fixes: CVE-2021-20297).

MySQL-8.0.24-alt1   build Nikolai Kostrigin, 2021-04-21


- new version
+ (fixes: CVE-2020-1971, CVE-2020-28196, CVE-2021-2144, CVE-2021-2146)
+ (fixes: CVE-2021-2154, CVE-2021-2160, CVE-2021-2162, CVE-2021-2164)
+ (fixes: CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171)
+ (fixes: CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179)
+ (fixes: CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196)
+ (fixes: CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208)
+ (fixes: CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217)
+ (fixes: CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278)
+ (fixes: CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300)
+ (fixes: CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307)
+ (fixes: CVE-2021-2308, CVE-2021-23841, CVE-2021-3449)
+ keyring utilities added
- spec: add mysql_keyring_encryption_test, mysql_migrate_keyring to
server subpackage file section

firefox-esr-78.10.0-alt1   build Andrey Cherepanov, 2021-04-21


- New version (78.10.0).
- Security fixes:
+ CVE-2021-23994 Out of bound write due to lazy initialization
+ CVE-2021-23995 Use-after-free in Responsive Design Mode
+ CVE-2021-23998 Secure Lock icon could have been spoofed
+ CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23999 Blob URLs may have been granted additional privileges
+ CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29946 Port blocking could be bypassed

ceph-15.2.11-alt1   build Alexey Shabalin, 2021-04-20


- 15.2.11 (Fixes: CVE-2021-20288).

firefox-88.0-alt1   build Alexey Gladkov, 2021-04-19


- New release (88.0).
- Security fixes:
+ CVE-2021-23994: Out of bound write due to lazy initialization
+ CVE-2021-23995: Use-after-free in Responsive Design Mode
+ CVE-2021-23996: Content rendered outside of webpage viewport
+ CVE-2021-23997: Use-after-free when freeing fonts from cache
+ CVE-2021-23998: Secure Lock icon could have been spoofed
+ CVE-2021-23999: Blob URLs may have been granted additional privileges
+ CVE-2021-24000: requestPointerLock() could be applied to a tab different from the visible tab
+ CVE-2021-24001: Testing code could have enabled session history manipulations by a compromised content process
+ CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader View
+ CVE-2021-29946: Port blocking could be bypassed
+ CVE-2021-29947: Memory safety bugs fixed in Firefox 88

cve-manager-0.51.0-alt1   build Alexey Appolonov, 2021-04-17


- Disputed vulnerabilities are highlighted in cve-monitor reports;
- Improved algorithm of partial matching;
- Fixed handling of prescribed name matches (in some cases the prescriptions
had no effect).

kernel-image-un-def-5.11.15-alt1   build Kernel Bot, 2021-04-16


- v5.11.15 (Fixes: CVE-2020-25670, CVE-2020-25671, CVE-2020-25672)

chromium-90.0.4430.72-alt1   build Alexey Gladkov, 2021-04-15


- New version (90.0.4430.72).
- Security fixes:
- CVE-2021-21201: Use after free in permissions.
- CVE-2021-21202: Use after free in extensions.
- CVE-2021-21203: Use after free in Blink.
- CVE-2021-21204: Use after free in Blink.
- CVE-2021-21205: Insufficient policy enforcement in navigation.
- CVE-2021-21207: Use after free in IndexedDB.
- CVE-2021-21208: Insufficient data validation in QR scanner.
- CVE-2021-21209: Inappropriate implementation in storage.
- CVE-2021-21210: Inappropriate implementation in Network.
- CVE-2021-21211: Inappropriate implementation in Navigation.
- CVE-2021-21212: Incorrect security UI in Network Config UI.
- CVE-2021-21213: Use after free in WebMIDI.
- CVE-2021-21214: Use after free in Network API.
- CVE-2021-21215: Inappropriate implementation in Autofill.
- CVE-2021-21216: Inappropriate implementation in Autofill.
- CVE-2021-21217: Uninitialized Use in PDFium.
- CVE-2021-21218: Uninitialized Use in PDFium.
- CVE-2021-21219: Uninitialized Use in PDFium.
- CVE-2021-21221: Insufficient validation of untrusted input in Mojo.

clamav-0.103.2-alt1   build Sergey Y. Afonin, 2021-04-10


- 0.103.2
+ CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only.
+ CVE-2021-1404 - 0.103.1 and prior

dnsmasq-2.85-alt1   build Mikhail Efremov, 2021-04-09


- Dropped obsoleted patch.
- Updated to 2.83 (fixes: CVE-2021-3448).

chromium-89.0.4389.114-alt1   build Alexey Gladkov, 2021-04-08


- New version (89.0.4389.114).
- Security fixes:
- CVE-2021-21194: Use after free in screen capture.
- CVE-2021-21195: Use after free in V8.
- CVE-2021-21196: Heap buffer overflow in TabStrip.
- CVE-2021-21197: Heap buffer overflow in TabStrip.
- CVE-2021-21198: Out of bounds read in IPC.
- CVE-2021-21199: Use Use after free in Aura.

chromium-gost-89.0.4389.114-alt0   build Alexey Gladkov, 2021-04-08


- New version (89.0.4389.114).
- Security fixes:
- CVE-2021-21194: Use after free in screen capture.
- CVE-2021-21195: Use after free in V8.
- CVE-2021-21196: Heap buffer overflow in TabStrip.
- CVE-2021-21197: Heap buffer overflow in TabStrip.
- CVE-2021-21198: Out of bounds read in IPC.
- CVE-2021-21199: Use Use after free in Aura.

python3-module-Pillow-8.1.2-alt1   build Sergey Bolshakov, 2021-04-08


- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)

kernel-image-un-def-5.11.12-alt1   build Kernel Bot, 2021-04-08


- v5.11.12 (Fixes: CVE-2021-29657)

cve-manager-0.49.4-alt1   build Alexey Appolonov, 2021-04-07


- Fix of the custom ordering of entries of cve-monitor reports;
- Proper handling of invalid combinations of cve-monitor parameters.

salt-3003-alt2   build Andrey Cherepanov, 2021-04-02


- Fixed: CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-3148,
CVE-2021-3144, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283,
CVE-2021-25284, CVE-2021-25315, CVE-2021-3197, CVE-2020-16846,
CVE-2020-17490, CVE-2020-25592

curl-7.76.0-alt1   build Anton Farygin, 2021-03-31


- 7.76.0
- Fixes:
* CVE-2021-22876 strip credentials from the auto-referer header field
* CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()

glpi-9.5.4-alt1   build Pavel Zilke, 2021-03-31


- New version 9.5.4
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-21326 : Horizontal Privilege Escalation
+ CVE-2021-21255 : entities switch IDOR
+ CVE-2021-21258 : XSS injection in ajax/kanban
+ CVE-2021-21314 : XSS injection on ticket update
+ CVE-2021-21312 : Stored XSS on documents
+ CVE-2021-21313 : XSS on tabs
+ CVE-2021-21325 : Stored XSS in budget type
+ CVE-2021-21327 : Unsafe Reflection in getItemForItemtype()
+ CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"

spamassassin-3.4.5-alt1   build L.A. Kostis, 2021-03-25


- 3.4.5 (fixes: CVE-2020-1946)
- remove dkim patch (fixed by upstream).

samba-4.14.2-alt1   build Evgeny Sinelnikov, 2021-03-25


- Update to latest stable security release of the Samba 4.14
- Security fixes:
+ CVE-2020-27840: Heap corruption via crafted DN strings
+ CVE-2021-20277: Out of bounds read in AD DC LDAP server

openssl1.1-1.1.1k-alt1   build Gleb F-Malinovskiy, 2021-03-25


- Updated to 1.1.1k (fixes CVE-2021-3450, CVE-2021-3449).

firefox-87.0-alt1   build Alexey Gladkov, 2021-03-24


- New release (87.0).
- Security fixes:
+ CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
+ CVE-2021-23984: Malicious extensions could have spoofed popup information
+ CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
+ CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
+ CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
+ CVE-2021-23988: Memory safety bugs fixed in Firefox 87

firefox-esr-78.9.0-alt1   build Andrey Cherepanov, 2021-03-23


- New version (78.9.0).
- Security fixes:
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- Do not build for ppc64le.

kernel-image-std-debug-5.4.107-alt1   build Kernel Bot, 2021-03-23


- v5.4.107 (Fixes: CVE-2019-2308)
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin