Репозиторий Sisyphus
Последнее обновление: 13 октября 2019 | Пакетов: 17515 | Посещений: 15265426
en ru br
Исправления уязвимостей

rdesktop-1.8.4-alt1   сборка Vitaly Lipatov, 2019-10-13

- new version 1.8.4 (with rpmrb script) (ALT bug 36068)
- CVE-2018-8794, CVE-2018-8795, CVE-2018-8797, CVE-2018-20175
- CVE-2018-20176, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793
- CVE-2018-8796, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800
- CVE-2018-20174, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179
- CVE-2018-20180, CVE-2018-20181, CVE-2018-20182

mediawiki-1.33.1-alt1   сборка Vitaly Lipatov, 2019-10-12

- new version 1.33.1 (with rpmrb script)
- CVE-2019-16738

runc-1.0.0-alt10.rc9   сборка Vladimir Didenko, 2019-10-10

- New version
- fixes: CVE-2019-16884

kernel-image-un-def-5.3.5-alt1   сборка Kernel Bot, 2019-10-09

- v5.3.5 (Fixes: CVE-2019-14821)

ceph-14.2.4-alt1   сборка Alexey Shabalin, 2019-10-07

- 14.2.4 (Fixes: CVE-2019-10222)

unbound-1.9.4-alt1   сборка Alexei Takaseev, 2019-10-04

- 1.9.4 (Fixes CVE-2019-16866)

exim-4.92.3-alt1   сборка Gremlin from Kremlin, 2019-09-30

- update to 4.92.3 (fix CVE-2019-16928)

firefox-69.0.1-alt1   сборка Alexey Gladkov, 2019-09-27

- New release (69.0.1).
- Fixed:
+ CVE-2019-11754: Pointer Lock is enabled with no user notification

kubernetes-1.15.3-alt1   сборка Alexey Shabalin, 2019-09-26

- 1.15.3 (Fixes: CVE-2019-9512, CVE-2019-9514)

chromium-77.0.3865.90-alt1   сборка Alexey Gladkov, 2019-09-25

- New version (77.0.3865.90).
- Security fixes:
- CVE-2019-13685: Use-after-free in UI.
- CVE-2019-13686: Use-after-free in offline pages.
- CVE-2019-13687: Use-after-free in media.
- CVE-2019-13688: Use-after-free in media.

chromium-77.0.3865.75-alt1   сборка Alexey Gladkov, 2019-09-23

- New version (77.0.3865.75).
- Security fixes:
- CVE-2019-13659: URL spoof.
- CVE-2019-13660: Full screen notification overlap.
- CVE-2019-13661: Full screen notification spoof.
- CVE-2019-13662: CSP bypass.
- CVE-2019-13663: IDN spoof.
- CVE-2019-13664: CSRF bypass.
- CVE-2019-13665: Multiple file download protection bypass.
- CVE-2019-13666: Side channel using storage size estimate.
- CVE-2019-13667: URI bar spoof when using external app URIs.
- CVE-2019-13668: Global window leak via console.
- CVE-2019-13669: HTTP authentication spoof.
- CVE-2019-13670: V8 memory corruption in regex.
- CVE-2019-13671: Dialog box fails to show origin.
- CVE-2019-13673: Cross-origin information leak using devtools.
- CVE-2019-13674: IDN spoofing.
- CVE-2019-13675: Extensions can be disabled by trailing slash.
- CVE-2019-13676: Google URI shown for certificate warning.
- CVE-2019-13677: Chrome web store origin needs to be isolated.
- CVE-2019-13678: Download dialog spoofing.
- CVE-2019-13679: User gesture needed for printing.
- CVE-2019-13680: IP address spoofing to servers.
- CVE-2019-13681: Bypass on download restrictions.
- CVE-2019-13682: Site isolation bypass.
- CVE-2019-13683: Exceptions leaked by devtools.
- CVE-2019-5870: Use-after-free in media.
- CVE-2019-5871: Heap overflow in Skia.
- CVE-2019-5872: Use-after-free in Mojo.
- CVE-2019-5873: URL bar spoofing on iOS.
- CVE-2019-5874: External URIs may trigger other browsers.
- CVE-2019-5875: URL bar spoof via download redirect.
- CVE-2019-5876: Use-after-free in media.
- CVE-2019-5877: Out-of-bounds access in V8.
- CVE-2019-5878: Use-after-free in V8.
- CVE-2019-5879: Extensions can read some local files.
- CVE-2019-5880: SameSite cookie bypass.
- CVE-2019-5881: Arbitrary read in SwiftShader.

openconnect-8.05-alt1   сборка Alexey Shabalin, 2019-09-23

- 8.05 (Fixes: CVE-2019-16239)

libadplug-2.2.1-alt3   сборка Michael Shigorin, 2019-09-22

- added fedora patches:
+ inline (fixes e2k ftbfs)
+ cve-2018-17825 (fixes: CVE-2018-17825)
+ (signed-char unneeded, worked around in previous build)
- NB: there's 2.3.1 release over at guthub

kernel-image-std-pae-4.19.75-alt1   сборка Kernel Bot, 2019-09-21

- v4.19.75 (Fixes: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821,

cve-manager-0.23.1-alt1   сборка Alexey Appolonov, 2019-09-21

- cve-monitor bugfixes.

kernel-image-std-def-4.19.75-alt1   сборка Kernel Bot, 2019-09-21

- v4.19.75 (Fixes: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821,

openssl1.1-1.1.1d-alt1   сборка Gleb F-Malinovskiy, 2019-09-19

- Updated to 1.1.1d (fixes CVE-2019-1543, CVE-2019-1549, CVE-2019-1563,
CVE-2019-1547, CVE-2019-1552).
- Changed License: tag to SPDX identifier of actual openssl license.

LibreOffice-still-   сборка Andrey Cherepanov, 2019-09-19

- New version (Still).
- Fixed:
+ CVE-2019-9849 Disabled fetching remote bullet graphics in 'stealth mode'
+ CVE-2019-9850 Fixed insufficient URL validation that allowed LibreLogo script execution
+ CVE-2019-9851 Fixed LibreLogo global-event script execution issue
+ CVE-2019-9852 Fixed insufficient URL encoding flaw in allowed script location check
+ CVE-2019-9854 Fixed unsafe URL assembly flaw
+ CVE-2019-9855 Fixed path equivalence handling flaw

cve-manager-0.23.0-alt1   сборка Alexey Appolonov, 2019-09-18

- Patch references can be added to cve-monitor reports for unfixed
- More than a half of DB storage is saved by storring the issues only for the
most generic versions;
- New view on 'fix' conclusions - there is 'unclear' fix status (for
vulnerabilities with no stated vulnerable versions, for example).

poco-1.9.4-alt1   сборка Alexei Takaseev, 2019-09-18

- 1.9.4 (Fixes CVE-2019-15903)

kernel-image-std-pae-4.19.73-alt1   сборка Kernel Bot, 2019-09-16

- v4.19.73 (Fixes: CVE-2019-15030, CVE-2019-15031)

wireshark-3.0.4-alt1   сборка Anton Farygin, 2019-09-16

- 3.0.4
- fixes:
* Gryphon dissector infinite loop. CVE-2019-16319

kernel-image-std-def-4.19.73-alt1   сборка Kernel Bot, 2019-09-16

- v4.19.73 (Fixes: CVE-2019-15030, CVE-2019-15031)

kernel-image-un-def-5.2.15-alt1   сборка Kernel Bot, 2019-09-16

- v5.2.15 (Fixes: CVE-2019-15030, CVE-2019-15031)

libxslt-1.1.33-alt2   сборка Vladimir D. Seleznev, 2019-09-12

- Fixes:
+ CVE-2019-11068 security framework bypass;
+ CVE-2019-13117 uninitialized read of xsl:number token;
+ CVE-2019-13118 uninitialized read with UTF-8 grouping chars.
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin