Репозиторий Sisyphus
Последнее обновление: 7 декабря 2019 | Пакетов: 17495 | Посещений: 15995429
en ru br
Исправления уязвимостей

mariadb-10.4.9-alt1   сборка Alexey Shabalin, 2019-12-06


- 10.4.9
- Fixes for the following security vulnerabilities:
+ CVE-2019-2974
+ CVE-2019-2938

firefox-71.0-alt1   сборка Alexey Gladkov, 2019-12-05


- New release (71.0).
- Update license tag.
- Security fixes:
+ CVE-2019-11756: Use-after-free of SFTKSession object
+ CVE-2019-17008: Use-after-free in worker destruction
+ CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
+ CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
+ CVE-2019-17014: Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure
+ CVE-2019-17009: Updater temporary files accessible to unprivileged processes
+ CVE-2019-17010: Use-after-free when performing device orientation checks
+ CVE-2019-17005: Buffer overflow in plain text serializer
+ CVE-2019-17011: Use-after-free when retrieving a document in antitracking
+ CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+ CVE-2019-17013: Memory safety bugs fixed in Firefox 71

kernel-image-std-def-4.19.87-alt1   сборка Kernel Bot, 2019-12-05


- v4.19.87 (Fixes: CVE-2019-18660)

firefox-esr-68.3.0-alt1   сборка Andrey Cherepanov, 2019-12-05


- New ESR version (68.3.0).
- Fixed:
+ CVE-2019-17008 Use-after-free in worker destruction
+ CVE-2019-13722 Stack corruption due to incorrect number of arguments in WebRTC code
+ CVE-2019-11745 Out of bounds write in NSS when encrypting with a block cipher
+ CVE-2019-17009 Updater temporary files accessible to unprivileged processes
+ CVE-2019-17010 Use-after-free when performing device orientation checks
+ CVE-2019-17005 Buffer overflow in plain text serializer
+ CVE-2019-17011 Use-after-free when retrieving a document in antitracking
+ CVE-2019-17012 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3

cve-manager-inner-knowledge-2019.12.04-alt1   сборка Alexey Appolonov, 2019-12-04


- New type of inner knowledge - discarded matches (matches that should not
be saved in cve-manager DB).

oniguruma-6.9.4-alt1   сборка Anton Farygin, 2019-12-02


- 6.9.4
- fixes:
* CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range()
* CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len()
* CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()

nss-3.47.1-alt1   сборка Alexey Gladkov, 2019-12-02


- New version (3.47.1).
- Security fixes:
+ CVE-2019-11745: EncryptUpdate should use maxout, not block size.

chromium-78.0.3904.108-alt1   сборка Alexey Gladkov, 2019-12-02


- New version (78.0.3904.108).
- Security fixes:
- CVE-2019-13723: Use-after-free in Bluetooth.
- CVE-2019-13724: Out-of-bounds access in Bluetooth.

kernel-image-un-def-5.3.14-alt1   сборка Kernel Bot, 2019-11-29


- v5.3.14 (Fixes: CVE-2019-18660)

clamav-0.101.5-alt1   сборка Sergey Y. Afonin, 2019-11-26


- 0.101.5 (CVE-2019-15961)
- fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch)
- updated %License to SPDX syntax (needs revision of exceptions)
- removed rpm-build-licenses from BuildRequires

freeipa-4.7.4-alt1   сборка Stanislav Levin, 2019-11-26


- 4.7.3 -> 4.7.4 (fixes: CVE-2019-14867, CVE-2019-10195).

cve-manager-inner-knowledge-2019.11.23-alt2   сборка Alexey Appolonov, 2019-11-25


- cve-manager users are privileged to modify the lists.

cve-manager-0.24.0-alt1   сборка Alexey Appolonov, 2019-11-24


- Downloading and importing NVD vulnerabilities lists in JSON format
with the use of newly created 'libtree';
- Ability to manually exclude some of the issues and make mapping prescriptions
with the use of newly created 'cve-manager-inner-knowledge'.

bind-9.11.13-alt1   сборка Stanislav Levin, 2019-11-21


- 9.11.12 -> 9.11.13 (fixes: CVE-2019-6477).

php7-7.3.11-alt1   сборка Anton Farygin, 2019-11-19


- 7.3.11 (fixes: CVE-2019-11043)

cyrus-imapd-3.0.12-alt1   сборка Sergey Y. Afonin, 2019-11-16


- 3.0.12 (fixes: CVE-2019-18928)
- logging of reached limits (the patch from the
https://github.com/cyrusimap/cyrus-imapd/issues/2913)

libtiff-4.1.0-alt1   сборка Vladimir D. Seleznev, 2019-11-14


- Updated to 4.1.0.
- Dropped tiff-CVE-2018-12900.patch.

389-ds-base-1.4.1.10-alt1   сборка Stanislav Levin, 2019-11-14


- 1.4.1.9 -> 1.4.1.10 (fixes: CVE-2019-14824).

kernel-image-std-def-4.19.84-alt1   сборка Kernel Bot, 2019-11-13


- v4.19.84 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)

chromium-78.0.3904.97-alt1   сборка Alexey Gladkov, 2019-11-09


- New version (78.0.3904.97).
- Security fixes:
- CVE-2019-13720: Use-after-free in audio.
- CVE-2019-13721: Use-after-free in PDFium.

golang-1.13.4-alt1   сборка Alexey Shabalin, 2019-11-06


- 1.13.4 (Fixes: CVE-2019-17596)

kernel-image-std-pae-4.19.82-alt1   сборка Kernel Bot, 2019-11-06


- v4.19.82 (Fixes: CVE-2019-15098)

dbus-1.12.16-alt1   сборка Valery Inozemtsev, 2019-11-06


- 1.12.16 (Fixes: CVE-2019-12749)

squashfs-tools-4.4-alt1   сборка Anton Farygin, 2019-11-05


- 4.4 (fixes: CVE-2015-4645, CVE-2015-4646)

samba-4.10.10-alt1   сборка Evgeny Sinelikov, 2019-10-29


- Update to second security autumn release
- Security fixes:
+ CVE-2019-10218 Client code can return filenames containing path separators
+ CVE-2019-14833 Samba AD DC check password script does not receive the full password
+ CVE-2019-14847 User with "get changes" permission can crash AD DC LDAP server via dirsync
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin