Security fixes
pidgin-mini-2.7.2-alt1
build Slava Semushin,
2010-07-24
- Updated to 2.7.2
+ CVE-2010-2528: crash bug that can be triggered by remove users
libwebkit-1.2.3-alt1 build Alexey Shabalin, 2010-07-18
- 1.2.3
- disable patch1(webkit-1.1.23-alt-icu4.4.patch); upstream fixed
- fixed the following CVEs (thanks to the Debian security team):
+ CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
+ CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
+ CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
+ CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
+ CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
+ CVE-2010-1772 CVE-2010-1773 CVE-2010-1774
openldap2.4-2.4.23-alt1 build Vitaly Kuznetsov, 2010-06-30
- 2.4.23
- security fixes: CVE-2010-0212 and CVE-2010-0211
libpng-1.2.44-alt1 build Dmitry V. Levin, 2010-06-29
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).
389-ds-1.2.5-alt2 build Vitaly Kuznetsov, 2010-06-17
- CVE-2010-2222
mozilla-plugin-adobe-flash-10.1.53.64-alt1 build Sergey V Turchin, 2010-06-14
- only 32-bit new version (ALT#17168)
- only 32-bit fixes CVE-2008-4546 CVE-2009-3793 CVE-2010-1297 CVE-2010-2160
CVE-2010-2161 CVE-2010-2162 CVE-2010-2163 CVE-2010-2164 CVE-2010-2165
CVE-2010-2166 CVE-2010-2167 CVE-2010-2169 CVE-2010-2170 CVE-2010-2171
CVE-2010-2172 CVE-2010-2173 CVE-2010-2174 CVE-2010-2175 CVE-2010-2176
CVE-2010-2177 CVE-2010-2178 CVE-2010-2179 CVE-2010-2180 CVE-2010-2181
CVE-2010-2182 CVE-2010-2183 CVE-2010-2184 CVE-2010-2185 CVE-2010-2186
CVE-2010-2187 CVE-2010-2188 CVE-2010-2189
pidgin-mini-2.7.1-alt1 build Slava Semushin, 2010-06-13
- Updated to 2.7.1
+ CVE-2010-0013: MSN local file disclosure vulnerability
+ CVE-2010-0277: remote MSN SLP crash
+ CVE-2010-0420: remote Finch XMPP crash
+ CVE-2010-0423: remote smiley freeze/CPU pegging DoS
+ CVE-2010-1624: MSN emoticon DoS
- Added Conflicts to pidgin-devel and libpurple-devel
(noted by repocop)
sudo-1.6.8p12-alt8 build Dmitry V. Levin, 2010-06-01
- Backported upstream fix for CVE-2010-1163 (env_reset, ignore_dot and
secure_path sudoers options all had to be explicitly disabled
to make an attack possible).
- Backported upstream fix for CVE-2010-1646 (env_reset sudoers option
had to be explicitly disabled to make an attack possible).
qt4-4.6.2-alt3 build Sergey V Turchin, 2010-05-19
- update kde-qt patches
- add cups fixes
- add fixes for CVE-2010-0047 CVE-2010-0051 CVE-2010-0054 CVE-2010-0648
CVE-2010-0656 CVE-2010-0046 CVE-2010-0049 CVE-2010-0050 CVE-2010-0052
(ALT#23506)
fetchmail-6.3.17-alt1 build Andrey Rahmatullin, 2010-05-09
- 6.3.17
+ CVE-2010-1167: DoS in debug mode with multichar locales
irssi-0.8.15-alt1 build Vladimir V. Kamarzin, 2010-04-19
- 0.8.15 (Closes: #23317). Security fixes:
+ CVE-2010-1155 (poor verification the hostname of the server when
using SSL connections)
+ CVE-2010-1156 (A NULL-pointer dereference error in
src/core/nicklist.c can be exploited to cause a crash)
zabbix-1.8.2-alt1.svn.11296 build Vladimir V. Kamarzin, 2010-04-05
- Update to 11296 svn rev. of 1.8 branch.
- Security fix: CVE-2010-1144 Zabbix PHP Frontend "user" SQL Injection
Vulnerability. See http://secunia.com/advisories/39119/ for datails.
- Enable ipv6 support.
fetchmail-6.3.14-alt1 build Andrey Rahmatullin, 2010-03-27
- 6.3.14
+ CVE-2010-0562: heap overrun in verbose SSL cert' info display
- package COPYING
- remove Packager:
- fix buildreqs
- fix configure warnings about GSSAPI headers
- fix using optflags
GraphicsMagick-1.3.12-alt1 build Slava Dubrovskiy, 2010-03-26
- New version
- Bugfix release (CVE-2010-0205)
tomcat5-5.5.27-alt4_7.4jpp5 build Igor Vlasenko, 2010-03-19
- updated to fc 7.4
- CVE-2009-0033, CVE-2009-0580 (closes: 20311, 20314)
- su -s /bin/sh -c instead of su - (closes: #23073)
apache-1.3.42rusPL30.24-alt1 build Aleksey Avdeev, 2010-03-16
- 1.3.42rusPL30.24 (Closes: #22912)
- Security fixes (CVE-2010-0010)
- Generate SSL key from httpd-perl initscript
tar-1.23-alt1 build Dmitry V. Levin, 2010-03-10
- Updated to 1.23 (fixes CVE-2010-0624).
libpng-1.2.43-alt1 build Dmitry V. Levin, 2010-03-09
- Updated to 1.2.43 (fixes CVE-2010-0205).
cups-1.4.2-alt3 build Stanislav Ievlev, 2010-03-07
- CVE-2010-0302, CVE-2009-3553
transmission-1.76-alt3 build Anton Farygin, 2010-02-24
- add patches from upstream 1.7x branch with fix for CVE-2010-0012 (closes: #23019)
sudo-1.6.8p12-alt7 build Dmitry V. Levin, 2010-02-23
- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could
give a user with permission to run sudoedit the ability to run
arbitrary commands; env_reset sudoers option had to be
explicitly disabled to make an attack possible).
sendmail-8.14.4-alt1 build Sergey Y. Afonin, 2010-02-22
- New version, security update (CVE-2009-4565)
addition: look to Errata 2010-01-04 on http://www.sendmail.org/releases/8.14.4
if used FEATURE(`ldap_routing')
pidgin-2.6.6-alt1 build Alexey Shabalin, 2010-02-22
- 2.6.6:
+ Fixes a remote MSN SLP crash (CVE-2010-0277) (Closes: #566775)
+ Fixes a remote Finch XMPP crash (CVE-2010-0420)
+ Fixes a remote smiley freeze/CPU pegging DoS (CVE-2010-0423)
- drop %add_findprov_lib_path for %_libdir/pidgin %_libdir/purple-2 %_libdir/finch
otrs-2.4.7-alt1 build Pavel Zilke, 2010-02-21
- Security fixes:
+ Vulnerability in OTRS-Core allows SQL-Injection; CVE-2010-0438 (ALT #22947)
netpbm-10.35.73-alt1 build Vladimir Lettiev, 2010-02-12
- 10.35.32 -> 10.35.73
+ fixed stack-based buffer overflow (CVE-2009-4274)
- build fixes
+ netpbm-10.35-alt-fix-overflow-destination-buffer.patch
+ netpbm-10.35-alt-fix-userguide-name.patch
- patches merged upstream
+ netpbm-10.33-alt-ppmquantall-syntax.patch
+ netpbm-10.35-rh-pbmtog3-segv.patch
+ netpbm-10.35-rh-pbmtomacp.patch
- sync RedHat patches (10.35.58)
+ netpbm-10.34-rh-security-overflows.patch updated
+ netpbm-10.35-rh-pnmtofiascoleaks.patch (new)
+ netpbm-10.35-rh-docfix.patch (new)
+ netpbm-10.35-rh-glibc.patch (new)
+ netpbm-10.17-rh-time.patch (new)
+ netpbm-10.35-rh-ximtoppmsegfault.patch (new)
+ netpbm-10.35-rh-rgbtxt.patch (new)
+ netpbm-10.35-rh-pnmmontagefix.patch (new)
+ netpbm-10.35-rh-64bitfix.patch (new)
+ netpbm-9.24-rh-strip.patch (new)
+ netpbm-10.35-rh-svgtopam.patch (new)
+ netpbm-10.33-rh-multilib.patch (new)
design & coding: Vladimir Lettiev aka crux © 2004-2005
current maintainer: Andrew Avramenko aka liks © 2007-2008
current maintainer: Andrew Avramenko aka liks © 2007-2008