Исправления уязвимостей
openttd-1.0.3-alt1
сборка Anton Farygin,
2010-08-31
- new version (fixed CVE-2010-2534)
ssmtp-2.62.2-alt10 сборка Denis Smirnov, 2010-08-27
- ALT #23964
- CVE-2008-7258
libmikmod-3.1.11-alt0.8 сборка Michael Shigorin, 2010-08-26
- imported security fixes from openSUSE 3.1.11a-84.5 package:
+ CVE-2007-6720:
denial of service (crash) by loading multiple MOD files
with different numbers of channels
+ CVE-2009-0179:
denial of service (crash) by loading an XM file
+ CVE-2009-3995:
arbitrary code execution via (1) crafted samples
or (2) crafted instrument definitions in an Impulse Tracker file
+ CVE-2009-3996:
arbitrary code execution via an Ultratracker file
openoffice.org-3.2.1.5-alt1 сборка Valery Inozemtsev, 2010-08-24
- fixed CVE-2010-2935, CVE-2010-2936
kernel-image-tmc-tc-2.6.27-alt10 сборка Michael Shigorin, 2010-08-21
- 2.6.27.52: fixes local root vulnerability CVE-2010-2240
(kernel: mm: keep a guard page below a grow-down stack segment)
+ thanks ldv@ for convenient support (closes: #23914)
kernel-image-el-smp-2.6.32-alt5 сборка Vitaly Kuznetsov, 2010-08-20
- 2.6.32-44.2.el6
- fix CVE-2010-2240 kernel: mm: keep a guard page below (ALT #23912)
vlc-1.1.3-alt1 сборка Konstantin Pavlov, 2010-08-19
- 1.1.3 release (fixes CVE-2010-2937).
pidgin-2.7.3-alt1 сборка Alexey Shabalin, 2010-08-11
- 2.7.3
- fixed in 2.7.2:
+ CVE-2010-2528: crash bug that can be triggered by remove users
mozilla-plugin-adobe-flash-10.1.82.76-alt1 сборка Sergey V Turchin, 2010-08-11
- only 32-bit new version
- CVE-2010-0209 CVE-2010-2188 CVE-2010-2213 CVE-2010-2214 CVE-2010-2215
CVE-2010-2216
libfreetype-2.4.1-alt2 сборка Valery Inozemtsev, 2010-08-07
- fixed CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808
socat-1.7.1.3-alt1 сборка Alexander Myltsev, 2010-08-04
- New version: CVE-2010-2799 fixed (closes #23839).
kvirc-4.0.1-alt1.r4696 сборка Andrey Rahmatullin, 2010-07-27
- 4.0.1 r4696
+ CVE-2010-2785: Remote CTCP commands execution via specially-crafted
CTCP parameter
pidgin-mini-2.7.2-alt1 сборка Slava Semushin, 2010-07-24
- Updated to 2.7.2
+ CVE-2010-2528: crash bug that can be triggered by remove users
libwebkit-1.2.3-alt1 сборка Alexey Shabalin, 2010-07-18
- 1.2.3
- disable patch1(webkit-1.1.23-alt-icu4.4.patch); upstream fixed
- fixed the following CVEs (thanks to the Debian security team):
+ CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
+ CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
+ CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
+ CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
+ CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
+ CVE-2010-1772 CVE-2010-1773 CVE-2010-1774
openldap2.4-2.4.23-alt1 сборка Vitaly Kuznetsov, 2010-06-30
- 2.4.23
- security fixes: CVE-2010-0212 and CVE-2010-0211
libpng-1.2.44-alt1 сборка Dmitry V. Levin, 2010-06-29
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).
389-ds-1.2.5-alt2 сборка Vitaly Kuznetsov, 2010-06-17
- CVE-2010-2222
mozilla-plugin-adobe-flash-10.1.53.64-alt1 сборка Sergey V Turchin, 2010-06-14
- only 32-bit new version (ALT#17168)
- only 32-bit fixes CVE-2008-4546 CVE-2009-3793 CVE-2010-1297 CVE-2010-2160
CVE-2010-2161 CVE-2010-2162 CVE-2010-2163 CVE-2010-2164 CVE-2010-2165
CVE-2010-2166 CVE-2010-2167 CVE-2010-2169 CVE-2010-2170 CVE-2010-2171
CVE-2010-2172 CVE-2010-2173 CVE-2010-2174 CVE-2010-2175 CVE-2010-2176
CVE-2010-2177 CVE-2010-2178 CVE-2010-2179 CVE-2010-2180 CVE-2010-2181
CVE-2010-2182 CVE-2010-2183 CVE-2010-2184 CVE-2010-2185 CVE-2010-2186
CVE-2010-2187 CVE-2010-2188 CVE-2010-2189
pidgin-mini-2.7.1-alt1 сборка Slava Semushin, 2010-06-13
- Updated to 2.7.1
+ CVE-2010-0013: MSN local file disclosure vulnerability
+ CVE-2010-0277: remote MSN SLP crash
+ CVE-2010-0420: remote Finch XMPP crash
+ CVE-2010-0423: remote smiley freeze/CPU pegging DoS
+ CVE-2010-1624: MSN emoticon DoS
- Added Conflicts to pidgin-devel and libpurple-devel
(noted by repocop)
sudo-1.6.8p12-alt8 сборка Dmitry V. Levin, 2010-06-01
- Backported upstream fix for CVE-2010-1163 (env_reset, ignore_dot and
secure_path sudoers options all had to be explicitly disabled
to make an attack possible).
- Backported upstream fix for CVE-2010-1646 (env_reset sudoers option
had to be explicitly disabled to make an attack possible).
qt4-4.6.2-alt3 сборка Sergey V Turchin, 2010-05-19
- update kde-qt patches
- add cups fixes
- add fixes for CVE-2010-0047 CVE-2010-0051 CVE-2010-0054 CVE-2010-0648
CVE-2010-0656 CVE-2010-0046 CVE-2010-0049 CVE-2010-0050 CVE-2010-0052
(ALT#23506)
fetchmail-6.3.17-alt1 сборка Andrey Rahmatullin, 2010-05-09
- 6.3.17
+ CVE-2010-1167: DoS in debug mode with multichar locales
irssi-0.8.15-alt1 сборка Vladimir V. Kamarzin, 2010-04-19
- 0.8.15 (Closes: #23317). Security fixes:
+ CVE-2010-1155 (poor verification the hostname of the server when
using SSL connections)
+ CVE-2010-1156 (A NULL-pointer dereference error in
src/core/nicklist.c can be exploited to cause a crash)
zabbix-1.8.2-alt1.svn.11296 сборка Vladimir V. Kamarzin, 2010-04-05
- Update to 11296 svn rev. of 1.8 branch.
- Security fix: CVE-2010-1144 Zabbix PHP Frontend "user" SQL Injection
Vulnerability. See http://secunia.com/advisories/39119/ for datails.
- Enable ipv6 support.
fetchmail-6.3.14-alt1 сборка Andrey Rahmatullin, 2010-03-27
- 6.3.14
+ CVE-2010-0562: heap overrun in verbose SSL cert' info display
- package COPYING
- remove Packager:
- fix buildreqs
- fix configure warnings about GSSAPI headers
- fix using optflags
design & coding: Vladimir Lettiev aka crux © 2004-2005
current maintainer: Andrew Avramenko aka liks © 2007-2008
current maintainer: Andrew Avramenko aka liks © 2007-2008