Sisyphus repository
Last update: 3 july 2015 | SRPMs: 17956 | Visits: 6735223
en ru br
Security fixes

chromium-43.0.2357.130-alt1   build Andrey Cherepanov, 2015-06-29


- New version
- Security fixes:
- High CVE-2015-1266: Scheme validation error in WebUI.
- High CVE-2015-1268: Cross-origin bypass in Blink.
- Medium CVE-2015-1267: Cross-origin bypass in Blink.
- Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list.
- use more external shared libraries (especially libv8)

adobe-flash-player-11-alt46   build Sergey V Turchin, 2015-06-24


- new version
- security fixes: CVE-2015-3113

curl-7.43.0-alt1   build Anton Farygin, 2015-06-19


- new version, with fixes for CVE-2015-3236, CVE-2015-3237

libssh-0.6.5-alt1   build Sergey V Turchin, 2015-06-17


- new version
- security fix: CVE-2015-3146

qemu-2.3.0-alt3   build Alexey Shabalin, 2015-06-15


- add aarch64-softmmu to target_list_system
- fixed CVE-2015-4037, CVE-2015-3209

openssl10-1.0.1k-alt3   build Gleb F-Malinovskiy, 2015-06-15


- Fixed CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792,
CVE-2015-0209, CVE-2015-4000.

kernel-image-ovz-el-2.6.32-alt134   build Gleb F-Malinovskiy, 2015-06-12


- Updated to 042stab108.3 (CVE-2015-2925).

adobe-flash-player-11-alt45   build Sergey V Turchin, 2015-06-10


- new version
- security fixes:
CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099,
CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103,
CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107,
CVE-2015-3108

strongswan-5.3.2-alt1   build Michael Shigorin, 2015-06-09


- new version (watch file uupdate)
+ fixes CVE-2015-4171: client info disclosure, see
https://www.strongswan.org/blog/2015/06/08/

polkit-0.112-alt4   build Yuri N. Sedunov, 2015-06-09


- updated to 264cc195e (fixed FDO bugs #90879, 90877, 76358, 90829(CVE-2015-3218))

strongswan-5.3.1-alt1   build Michael Shigorin, 2015-06-02


- new version (watch file uupdate)
+ fixes CVE-2015-3991: DoS with potential code execution, see
https://www.strongswan.org/blog/2015/06/01/

proftpd-1.3.5-alt1.gita31d0ab   build Konstantin A. Lepikhov, 2015-05-20


- Updated to 1.3.5-a31d0ab GIT fixing following CVEs:
+ CVE-2013-4359.
- Include the fix for Bug 4169 (Unauthenticated copying of files
via SITE CPFR/CPTO allowed by mod_copy).
- Configuration changes:
+ enabled pcre support;
+ enabled memcache support (mod_tls_memcache is using it).

chromium-43.0.2357.65-alt1   build Andrey Cherepanov, 2015-05-20


- New version
- Security fixes:
- High CVE-2015-1252: Sandbox escape in Chrome.
- High CVE-2015-1253: Cross-origin bypass in DOM.
- High CVE-2015-1254: Cross-origin bypass in Editing.
- High CVE-2015-1255: Use-after-free in WebAudio.
- High CVE-2015-1256: Use-after-free in SVG.
- High CVE-2015-1251: Use-after-free in Speech.
- Medium CVE-2015-1257: Container-overflow in SVG.
- Medium CVE-2015-1258: Negative-size parameter in Libvpx.
- Medium CVE-2015-1259: Uninitialized value in PDFium.
- Medium CVE-2015-1260: Use-after-free in WebRTC.
- Medium CVE-2015-1261: URL bar spoofing.
- Medium CVE-2015-1262: Uninitialized value in Blink.
- Low CVE-2015-1263: Insecure download of spellcheck dictionary.
- Low CVE-2015-1264: Cross-site scripting in bookmarks.

kde4-webkitpart-1.3.4-alt2   build Sergey V Turchin, 2015-05-15


- security fix: CVE-2014-8600

qemu-2.3.0-alt2   build Alexey Shabalin, 2015-05-14


- fixed CVE-2015-3456

adobe-flash-player-11-alt44   build Sergey V Turchin, 2015-05-14


- new version
- security fixes:
CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,
CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,
CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,
CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,
CVE-2015-3092, CVE-2015-3093

docker-io-1.6.1-alt1   build Evgeny Sinelnikov, 2015-05-08


- Update to new version with security updates
+ Fix read/write /proc paths (CVE-2015-3630)
+ Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
+ Fix opening of file-descriptor 1 (CVE-2015-3627)
+ Fix symlink traversal on container respawn allowing
local privilege escalation (CVE-2015-3629)
+ Prohibit mount of /sys

curl-7.42.1-alt1   build Anton Farygin, 2015-04-29


- new version, with fixes for CVE-2015-3153

chromium-42.0.2311.135-alt1   build Andrey Cherepanov, 2015-04-29


- New version
- Security fixes:
- High CVE-2015-1243: Use-after-free in DOM.

wpa_supplicant-2.4-alt2   build Sergey Bolshakov, 2015-04-24


- CVE-2015-1863

curl-7.42.0-alt1   build Anton Farygin, 2015-04-22


- new version, with fixes for CVE-2015-3148, CVE-2015-3143, CVE-2015-3145
and CVE-2015-3144

chromium-42.0.2311.90-alt1   build Andrey Cherepanov, 2015-04-15


- New version
- Security fixes:
- High CVE-2015-1235: Cross-origin-bypass in HTML parser.
- Medium CVE-2015-1236: Cross-origin-bypass in Blink.
- High CVE-2015-1237: Use-after-free in IPC.
- High CVE-2015-1238: Out-of-bounds write in Skia.
- Medium CVE-2015-1240: Out-of-bounds read in WebGL.
- Medium CVE-2015-1241: Tap-Jacking.
- High CVE-2015-1242: Type confusion in V8.
- Medium CVE-2015-1244: HSTS bypass in WebSockets.
- Medium CVE-2015-1245: Use-after-free in PDFium.
- Medium CVE-2015-1246: Out-of-bounds read in Blink.
- Medium CVE-2015-1247: Scheme issues in OpenSearch.
- Medium CVE-2015-1248: SafeBrowsing bypass.

adobe-flash-player-11-alt43   build Sergey V Turchin, 2015-04-15


- new version
- security fixes:
CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,
CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353,
CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357,
CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038,
CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042,
CVE-2015-3043, CVE-2015-3044

chromium-41.0.2272.118-alt1   build Andrey Cherepanov, 2015-04-02


- New version
- Security fixes:
- Critical CVE-2015-1233: A special thanks to Anonymous for a
combination of V8, Gamepad and IPC bugs that can lead to remote
code execution outside of the sandbox.
- High CVE-2015-1234: Buffer overflow via race condition in GPU.

openssl10-1.0.1k-alt2   build Gleb F-Malinovskiy, 2015-03-19

 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin