Репозиторий Sisyphus
Последнее обновление: 23 июля 2017 | Пакетов: 17935 | Посещений: 9695214
en ru br
Исправления уязвимостей

wireshark-2.2.8-alt1.S1   сборка Anton Farygin, 2017-07-21


- new version:
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702, CVE-2017-11410
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350, CVE-2017-11411
* wnpa-sec-2017-34 AMQP dissector crash CVE-2017-11408
* wnpa-sec-2017-35 MQ dissector crash CVE-2017-11407
* wnpa-sec-2017-36 DOCSIS infinite loop CVE-2017-11406

librsvg-2.40.18-alt1   сборка Yuri N. Sedunov, 2017-07-20


- 2.40.18 (fixed CVE-2017-11464)

virtualbox-5.1.24-alt1.S1   сборка Denis Medvedev, 2017-07-20


- new version 5.1.24
(Fixes: CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242)

evince-3.24.0-alt2   сборка Yuri N. Sedunov, 2017-07-14


- updated to 3.24.0-12-g717df38 (fixed BGO ##691448, 779614,
784630 (CVE-2017-1000083))

mpg123-1.25.2-alt1   сборка Yuri N. Sedunov, 2017-07-13


- 1.25.2 (fixed CVE-2017-11126)

openvswitch-2.7.1-alt1   сборка Anton Farygin, 2017-07-13


- 2.7.1 with security fixes:
+ CVE-2017-9214 Buffer overrread in ofputil_pull_queue_get_config_reply10().
+ CVE-2017-9263 remote DoS attack by a malicious switch.
+ CVE-2017-9265 buffer over-read while parsing the group mod OpenFlow message sent from the controller

davfs2-1.5.4-alt1.S1   сборка Anton Farygin, 2017-07-12


- new version with security fixes:
+ CVE-2013-4362 Unsecure use of system()

oniguruma-6.4.0-alt1.S1   сборка Anton Farygin, 2017-07-12


- new version with security fixes (CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

samba-4.6.6-alt1.S1   сборка Evgeny Sinelnikov, 2017-07-12


- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation
(Samba binaries built against MIT Kerberos are not vulnerable.)

samba-DC-4.6.6-alt1.S1   сборка Evgeny Sinelnikov, 2017-07-12


- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation

nginx-1.12.1-alt1.S1   сборка Gleb F-Malinovskiy, 2017-07-11


- Updated to 1.12.1 (Fixes CVE-2017-7529).

php5-5.6.31-alt1.S1   сборка Anton Farygin, 2017-07-07


- new version with security fixes for mbstring (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

libgcrypt-1.6.6-alt2.S1   сборка Sergey V Turchin, 2017-07-06


- security fixes: CVE-2017-7526

kernel-image-ovz-el-2.6.32-alt154   сборка Gleb F-Malinovskiy, 2017-07-04


- Updated to 042stab123.9 (Updated fix for CVE-2017-1000364).

ocaml-4.04.2-alt1.S1   сборка Anton Farygin, 2017-07-04


- new version with security fixes:
+ CVE-2017-9772 Local privilege escalation issue with ocaml binaries

tor-0.3.0.9-alt1.S1   сборка Vladimir Didenko, 2017-06-30


- new version (Fixes: CVE-2017-0377)

kernel-image-ovz-el-2.6.32-alt153   сборка Gleb F-Malinovskiy, 2017-06-27


- Updated to 042stab123.8 (Fixes: CVE-2017-9077 CVE-2017-9076 CVE-2017-9075
CVE-2017-9074 CVE-2017-8890 CVE-2017-1000364).

firefox-54.0-alt1   сборка Alexey Gladkov, 2017-06-25


- New release (54.0).
- Fixed:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7759: Android intent URLs can cause navigation to local file system
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7762: Addressbar spoofing in Reader mode
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
+ CVE-2017-5471: Memory safety bugs fixed in Firefox 54
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

libwebkitgtk4-2.16.4-alt1   сборка Yuri N. Sedunov, 2017-06-22


- 2.16.4 (fixed CVE-2017-2538)

thunderbird-52.2.0-alt1   сборка Andrey Cherepanov, 2017-06-22


- New version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

openvpn-2.4.3-alt1   сборка Nikolay A. Fetisov, 2017-06-21


- New version
- Security fixes:
+ CVE-2017-7522 Post-authentication --x509-track remote DoS
+ CVE-2017-7521 Post-authentication remote-triggerable memory leaks
+ CVE-2017-7521 Potential post-authentication remote code execution
on servers that use the --x509-username-field option
+ CVE-2017-7520 Pre-authentication remote crash / information disclosure
for clients
+ CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- Force to use built-in PIN prompt with PKCS11 regardless
of systemd presence (OpenVPN bug 538)

firefox-esr-52.2.0-alt1   сборка Andrey Cherepanov, 2017-06-21


- New ESR version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

kernel-image-std-def-4.9.33-alt3   сборка Kernel Bot, 2017-06-19


- (Fixes: CVE-2017-1000364)

curl-7.54.1-alt1.S1   сборка Anton Farygin, 2017-06-14


- new version with security fixes:
CVE-2017-9502: URL file scheme drive letter buffer overflow

adobe-flash-player-ppapi-26-alt1.S1   сборка Sergey V Turchin, 2017-06-14

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin