Репозиторий Sisyphus
Последнее обновление: 27 ноября 2021 | Пакетов: 17423 | Посещений: 22402160
en ru br
Исправления уязвимостей

freeswitch-1.10.7-alt1   сборка Anton Farygin, 2021-11-26


- 1.10.6 -> 1.10.7 (Fixes: CVE-2021-41158, CVE-2021-41145, CVE-2021-41157,
CVE-2021-41105, CVE-2021-37624, CVE-2021-36513)

kernel-image-std-debug-5.10.82-alt1   сборка Kernel Bot, 2021-11-26


- v5.10.82 (Fixes: CVE-2020-27820, CVE-2021-43267)

kernel-image-std-def-5.10.82-alt1   сборка Kernel Bot, 2021-11-26


- v5.10.82 (Fixes: CVE-2020-27820, CVE-2021-43267)

kernel-image-std-pae-5.10.82-alt1   сборка Kernel Bot, 2021-11-26


- v5.10.82 (Fixes: CVE-2020-27820, CVE-2021-43267)

wireshark-3.4.10-alt1   сборка Anton Farygin, 2021-11-24


- 3.4.10 (Fixes: CVE-2021-39929, CVE-2021-39926, CVE-2021-39925,
CVE-2021-39924, CVE-2021-39922, CVE-2021-39928,
CVE-2021-39921, CVE-2021-39920)

redis-6.2.6-alt1   сборка Nikolay A. Fetisov, 2021-11-20


- New version
- Security fixes:
+ CVE-2021-41099: buffer overflow with non-default configuration
+ CVE-2021-32762: buffer overflow issue in redis-cli and redis-sentinel
+ CVE-2021-32687: buffer overflow with non-default configuration
+ CVE-2021-32675: Denial Of Service when processing RESP request payloads
+ CVE-2021-32672: random heap reading issue with Lua Debugger
+ CVE-2021-32628: buffer overflow with non-default configuration
+ CVE-2021-32627: buffer overflow with non-default configuration
+ CVE-2021-32626: Lua scripts may result with Heap buffer overflow
+ CVE-2021-32761: integer overflow in BITFIELD on 32-bit versions

php8.0-8.0.13-alt1   сборка Anton Farygin, 2021-11-20


- 8.0.13 (Fixes: CVE-2021-21707)

kernel-image-std-debug-5.10.80-alt1   сборка Kernel Bot, 2021-11-19


- v5.10.80 (Fixes: CVE-2021-3640)

kernel-image-std-def-5.10.80-alt1   сборка Kernel Bot, 2021-11-19


- v5.10.80 (Fixes: CVE-2021-3640)

kernel-image-std-pae-5.10.80-alt1   сборка Kernel Bot, 2021-11-19


- v5.10.80 (Fixes: CVE-2021-3640)

php7-7.4.26-alt1   сборка Anton Farygin, 2021-11-18


- 7.4.26 (Fixes: CVE-2021-21707)

chromium-96.0.4664.45-alt1   сборка Alexey Gladkov, 2021-11-16


- New version (96.0.4664.45).
- Security fixes:
- CVE-2021-38005: Use after free in loader.
- CVE-2021-38006: Use after free in storage foundation.
- CVE-2021-38007: Type Confusion in V8.
- CVE-2021-38008: Use after free in media.
- CVE-2021-38009: Inappropriate implementation in cache.
- CVE-2021-38010: Inappropriate implementation in service workers.
- CVE-2021-38011: Use after free in storage foundation.
- CVE-2021-38012: Type Confusion in V8.
- CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
- CVE-2021-38014: Out of bounds write in Swiftshader.
- CVE-2021-38015: Inappropriate implementation in input.
- CVE-2021-38016: Insufficient policy enforcement in background fetch.
- CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
- CVE-2021-38018: Inappropriate implementation in navigation.
- CVE-2021-38019: Insufficient policy enforcement in CORS.
- CVE-2021-38020: Insufficient policy enforcement in contacts picker.
- CVE-2021-38021: Inappropriate implementation in referrer.
- CVE-2021-38022: Inappropriate implementation in WebAuthentication.

chromium-gost-96.0.4664.45-alt1   сборка Alexey Gladkov, 2021-11-16


- New version (96.0.4664.45).
- Security fixes:
- CVE-2021-38005: Use after free in loader.
- CVE-2021-38006: Use after free in storage foundation.
- CVE-2021-38007: Type Confusion in V8.
- CVE-2021-38008: Use after free in media.
- CVE-2021-38009: Inappropriate implementation in cache.
- CVE-2021-38010: Inappropriate implementation in service workers.
- CVE-2021-38011: Use after free in storage foundation.
- CVE-2021-38012: Type Confusion in V8.
- CVE-2021-38013: Heap buffer overflow in fingerprint recognition.
- CVE-2021-38014: Out of bounds write in Swiftshader.
- CVE-2021-38015: Inappropriate implementation in input.
- CVE-2021-38016: Insufficient policy enforcement in background fetch.
- CVE-2021-38017: Insufficient policy enforcement in iframe sandbox.
- CVE-2021-38018: Inappropriate implementation in navigation.
- CVE-2021-38019: Insufficient policy enforcement in CORS.
- CVE-2021-38020: Insufficient policy enforcement in contacts picker.
- CVE-2021-38021: Inappropriate implementation in referrer.
- CVE-2021-38022: Inappropriate implementation in WebAuthentication.

qemu-6.1.0-alt2   сборка Alexey Shabalin, 2021-11-15


- Backport patches from upstream:
+ qemu-sockets: fix unix socket path copy (again)
+ tests: tcg: Fix PVH test with binutils 2.36+
+ qxl: fix pre-save logic
+ ebpf: only include in system emulators
+ virtio-net: fix use after unmap/free for sg (Fixes: CVE-2021-3748)
+ e1000: fix tx re-entrancy problem (CVE-2021-20257)
+ Fix virtio-net-pci* "vectors" compat
+ hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
(Fixes: CVE-2021-3930)

mailman-2.1.36-alt1   сборка L.A. Kostis, 2021-11-13


- Updated to 2.1.36.
- Security fixes:
+ CVE-2021-43331: A potential XSS attack via the user options.
+ CVE-2021-43332: A potential for for a list moderator to carry out an
off-line brute force attack to obtain the list
admin password.

mailman-2.1.37-alt1   сборка Dmitry V. Levin, 2021-11-13


- 2.1.36 -> 2.1.37 (fixes bug in the fix for CVE-2021-43332).

screen-4.8.0-alt2   сборка Vladimir D. Seleznev, 2021-11-11


- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character
sequence (fixes CVE-2021-26937).

postgresql12-12.9-alt1   сборка Alexei Takaseev, 2021-11-10


- 12.8 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql13-13.5-alt1   сборка Alexei Takaseev, 2021-11-10


- 13.5 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql10-10.19-alt1   сборка Alexei Takaseev, 2021-11-10


- 10.19 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql11-11.14-alt1   сборка Alexei Takaseev, 2021-11-10


- 11.14 (Fixes CVE-2021-23214, CVE-2021-23222)

postgresql13-1C-13.3-alt5   сборка Alexei Takaseev, 2021-11-10


- Fixes CVE-2021-23214, CVE-2021-23222

postgresql14-14.1-alt1   сборка Alexei Takaseev, 2021-11-10


- 14.1 (Fixes CVE-2021-23214, CVE-2021-23222)

cve-manager-inner-knowledge-2021.11.10-alt1   сборка Alexey Appolonov, 2021-11-10


- A new list that contain special prefixes used in package names (these prefixes
are used to improve the mapping results and were previously hard-coded into
cve-manager).

cve-manager-0.57.0-alt1   сборка Alexey Appolonov, 2021-11-09


- Maintenance of the list of special package name prefixes is delegated to
the "cve-manager-inner-knowledge" package;
- Added several more pairs of related package name prefixes (used to identify
related packages).
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin