Репозиторий Sisyphus
Последнее обновление: 20 февраля 2017 | Пакетов: 17831 | Посещений: 8690273
en ru br
Исправления уязвимостей

adobe-flash-player-ppapi-24-alt3   сборка Sergey V Turchin, 2017-02-17


- new version
- security fixes:
CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986,
CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991,
CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995,
CVE-2017-2996

krb5-1.14.4-alt1.S1   сборка Evgeny Sinelnikov, 2017-02-15


- 1.14.4
- fixed CVE-2016-3120

xen-4.8.0-alt5   сборка Dmitriy D. Shadrinov, 2017-02-11


- Fix packaging errors
- Upstream updates:
- qemu-xen: cirrus: fix oob access issue (CVE-2017-2615)
- x86/xstate: Fix array overrun on hardware with LWP
- x86emul: VEX.B is ignored in compatibility mode
- x86emul: LOCK check adjustments
- x86: segment attribute handling adjustments
- x86emul: correct FPU stub asm() constraints
- x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed
- xen: credit2: use the correct scratch cpumask
- xen: credit2: never consider CPUs outside of our cpupool
- xen: credit2: fix shutdown/suspend when playing with cpupools
- x86/emulate: don't assume that addr_size == 32 implies protected mode

libwebkitgtk4-2.14.4-alt1   сборка Yuri N. Sedunov, 2017-02-10


- 2.14.4 (fixed CVE-2017-2365, CVE-2017-2366, CVE-2017-2373, CVE-2017-2363,
CVE-2017-2362, CVE-2017-2350, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2371, CVE-2017-2364, CVE-2017-2369)

gtk-vnc-0.7.0-alt1   сборка Yuri N. Sedunov, 2017-02-09


- 0.7.0 (fixed CVE-2017-5884, CVE-2017-5885)

chromium-56.0.2924.87-alt1   сборка Alexey Gladkov, 2017-02-08


- New version (56.0.2924.87).
- Security fixes:
- CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
- CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
- CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
- CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
- CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
- CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
- CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
- CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
- CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman
- CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
- CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
- CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
- CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to evi1m0#ly.com
- CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC)
- CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
- CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- CVE-2017-5027: Bypass of Content Security Policy in Blink.

bind-9.10.4-alt2   сборка Dmitry V. Levin, 2017-02-08


- 9.10.4-P5 -> 9.10.4-P6 (fixes CVE-2017-3135).

firefox-51.0.1-alt1   сборка Alexey Gladkov, 2017-01-30


- New release (51.0.1).
- Fixed:
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
+ CVE-2017-5376: Use-after-free in XSL
+ CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ CVE-2017-5379: Use-after-free in Web Animations
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
+ CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
+ CVE-2017-5396: Use-after-free with Media Decoder
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
+ CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
+ CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
+ CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

openssl10-1.0.2k-alt1   сборка Gleb F-Malinovskiy, 2017-01-26


- Updated to v1.0.2k (fixes CVE-2016-7055, CVE-2017-3731, CVE-2017-3732).

libytnef-1.9-alt1   сборка Yuri N. Sedunov, 2017-01-24


- 1.9 (fixed CVE-2010-5109)

runc-1.0.0-alt2.gitc91b5be   сборка Vladimir Didenko, 2017-01-23


- New version.
- Fixes CVE-2016-9962.

freeipa-4.3.2-alt6   сборка Mikhail Efremov, 2017-01-23


- client: Require nss-utils (closes: #33031).
- Patches from upstream:
+ Fixed CVE-2016-7030.
+ Fixed CVE-2016-9575.

libwebkitgtk4-2.14.3-alt1   сборка Yuri N. Sedunov, 2017-01-17


- 2.14.3 (fixed CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639,
CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599,
CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586)

adobe-flash-player-ppapi-24-alt2   сборка Sergey V Turchin, 2017-01-11


- new version
- security fixes:
CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,
CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933,
CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937,
CVE-2017-2938

phpipam-1.27.002-alt1   сборка Alexey Shabalin, 2017-01-10


- git snapshot of master branch d55883ff28a3cf347f18e0cc717cf64b7556706a
- update PHPMailer to 5.2.22 (fixed CVE-2017-5223)

firejail-0.9.44.4-alt1   сборка Anton Midyukov, 2017-01-08


- new version 0.9.44.4
- Update for release with security fixes:
- CVE-2017-5207 (-bandwidth root shell found by Martin Carpenter)
- CVE-2017-5206 (disabled --allow-debuggers when running on kernel 4.8)
- CVE-2017-5180 (root exploit found by Sebastian Krahmer)

libwebp-0.5.2-alt1   сборка Yuri N. Sedunov, 2016-12-28


- 0.5.2 (fixed CVE-2016-8888, CVE-2016-9085)

libwebp6-0.5.2-alt1   сборка Yuri N. Sedunov, 2016-12-28


- 0.5.2 (fixed CVE-2016-8888, CVE-2016-9085)

phpipam-1.26.050-alt1   сборка Alexey Shabalin, 2016-12-26


- git snapshot of master branch b99412648829471f3a336036f5cd138b8f131721
- install PHPMailer from upstream (fixed CVE-2015-8476,CVE-2016-10033,CVE-2016-10045)

curl-7.52.1-alt1.S1   сборка Anton Farygin, 2016-12-23


- new version with security fixes:
CVE-2016-9594: uninitialized random

curl-7.52.0-alt1.S1   сборка Anton Farygin, 2016-12-21


- new version with security fixes:
CVE-2016-9586: printf floating point buffer overflow

samba-DC-4.5.3-alt1.S1   сборка Evgeny Sinelnikov, 2016-12-19


- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

samba-4.5.3-alt1.S1   сборка Evgeny Sinelnikov, 2016-12-19


- Update for release with security fixes:
- CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem)
- CVE-2016-2125 (client code always requests a forwardable ticket)
- CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket)

firefox-50.1.0-alt1   сборка Alexey Gladkov, 2016-12-15


- New release (50.1.0).
- Fixed:
+ CVE-2016-9894: Buffer overflow in SkiaGL
+ CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
+ CVE-2016-9895: CSP bypass using marquee tag
+ CVE-2016-9896: Use-after-free with WebVR
+ CVE-2016-9897: Memory corruption in libGLES
+ CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
+ CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
+ CVE-2016-9904: Cross-origin information leak in shared atoms
+ CVE-2016-9901: Data from Pocket server improperly sanitized before execution
+ CVE-2016-9902: Pocket extension does not validate the origin of events
+ CVE-2016-9903: XSS injection vulnerability in add-ons SDK
+ CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
+ CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

adobe-flash-player-ppapi-24-alt1   сборка Sergey V Turchin, 2016-12-15

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin