Security
Jan 28, 2015, 07:06 PM
glibc
Version: 2.11.2-alt1.M51.2
Summary: The GNU libc libraries
Changelog:
- Backported upstream fix for Sourceware#15014 (CVE-2015-0235).
Apr 30, 2013, 07:04 PM
strongswan
Version: 4.3.7-alt1.M51.1
Summary: StrongSWAN IPSEC implementation
Changelog:
- applied the upstream provided patch to fix CVE-2013-2944 (ECDSA signature vulnerability if openssl backend is loaded)
Apr 11, 2012, 10:28 AM
samba
Version: 3.0.37-alt5.M50P.1
Summary: Samba SMB/CIFS server
Changelog:
- CVE-2012-1182
Sep 29, 2011, 08:17 PM
libtiff
Version: 3.9.5-alt1.M50P.1
Summary: A library of functions for manipulating TIFF format image files
Changelog:
- Backport to p5 branch (CVE-2010-3087 CVE-2010-2595 CVE-2011-0192 CVE-2011-1167) - no libtiffxx subpackage
May 16, 2011, 06:24 PM
exim
Version: 4.76-alt0.M50P.1
Summary: Exim Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1764)
May 16, 2011, 02:44 PM
postfix
Version: 2.5.13-alt0.M50P.1
Summary: Postfix Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1720)
Mar 30, 2011, 09:16 PM
pidgin-mini
Version: 2.7.11-alt0.M50P.1
Summary: A GTK+ based multiprotocol instant messaging client
Changelog:
- Backport to p5 branch (fixes CVE-2011-1091)
Jan 20, 2011, 01:13 PM
libxml2
Version: 2.7.8-alt3.M50P.1
Summary: The library for manipulating XML files
Changelog:
- backport to p5 branch (fixes CVE-2010-4494)
Dec 5, 2010, 01:02 PM
cvs
Version: 1.11.23-alt3.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3846)
Nov 19, 2010, 04:49 PM
vlc
Version: 1.1.4-alt0.M50P.1
Summary: VLC media player
Changelog:
- backport to p5 (new version with CVE-2010-2937 fix) - disable services_discovery/libudev_plugin.so - disable SDL_image support
Nov 13, 2010, 06:39 PM
gnome-vfs
Version: 2.24.4-alt0.M50P.1
Summary: The GNOME virtual file-system libraries
Changelog:
- backport to p5 branch (fixed CVE-2009-2473)
Nov 12, 2010, 08:58 PM
vips
Version: 7.22.4-alt0.M50P.1
Summary: Large image processing library
Changelog:
- backport to p5 branch (fixed CVE-2010-3364)
Nov 12, 2010, 07:40 PM
subversion
Version: 1.6.13-alt0.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3315)
Oct 20, 2010, 02:18 PM
poppler5
Version: 0.12.4-alt0.M51.3
Summary: PDF rendering library
Changelog:
- fix CVE-2010-3703
Oct 12, 2010, 08:06 PM
kernel-image-el-smp
Version: 2.6.32-alt10
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- CVE-2010-2962 - build af_packet as module
Oct 5, 2010, 11:49 PM
libesmtp
Version: 1.0.4-alt2.1.0.M51.1
Summary: LibESMTP is a library to manage posting email using SMTP
Changelog:
- Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws). Fix backported from 1.0.6
Oct 2, 2010, 06:06 PM
python-module-mako
Version: 0.2.5-alt1.M51.1
Summary: template library written in Python
Changelog:
- Fixed CVE-2010-2480 - XSS via inadequate escaping (patch from ubuntu) + lib/mako/filters.py: use xml.sax.saxutils.escape instead of cgi.escape so we can escape single quotes.
Sep 20, 2010, 10:07 PM
bzip2
Version: 1.0.6-alt1
Summary: Extremely powerful file compression utility
Changelog:
- Updated to 1.0.6 (fixes CVE-2010-0405).
Aug 26, 2010, 01:53 PM
libmikmod
Version: 3.1.11-alt0.8
Summary: A portable sound library for Unix
Changelog:
- imported security fixes from openSUSE 3.1.11a-84.5 package:
+ CVE-2007-6720:
denial of service (crash) by loading multiple MOD files
with different numbers of channels
+ CVE-2009-0179:
denial of service (crash) by loading an XM file
+ CVE-2009-3995:
arbitrary code execution via (1) crafted samples
or (2) crafted instrument definitions in an Impulse Tracker file
+ CVE-2009-3996:
arbitrary code execution via an Ultratracker fileAug 4, 2010, 08:40 PM
socat
Version: 1.7.1.3-alt1
Summary: 'socket cat' - multipurpose relay for bidirectional data transfer
Changelog:
- New version: CVE-2010-2799 fixed (closes #23839).
Jul 1, 2010, 03:22 PM
openldap2.4
Version: 2.4.23-alt0.M50P.1
Summary: LDAP libraries and sample clients
Changelog:
- backport to p5 branch (security fixes: CVE-2010-0212 and CVE-2010-0211)
Jun 29, 2010, 07:53 PM
libpng
Version: 1.2.44-alt1
Summary: A library of functions for manipulating PNG image format files
Changelog:
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).
Mar 19, 2010, 04:42 PM
tomcat5
Mar 2, 2010, 07:55 AM
netpbm
Version: 10.35.32-alt1.M51.1
Summary: Tools for manipulating graphics files in netpbm supported formats
Changelog:
- fixed stack-based buffer overflow (CVE-2009-4274) - fixed build + netpbm-10.35-alt-fix-overflow-destination-buffer.patch + netpbm-10.35-fix-gcc43.patch (backported fix)
Mar 1, 2010, 08:30 PM
dnsmasq
Version: 2.46-alt1.1.M51.2
Summary: A lightweight caching nameserver
Changelog:
- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).
Feb 23, 2010, 06:23 PM
sudo
Version: 1.6.8p12-alt7
Summary: Allows command execution as another user
Changelog:
- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands).
Feb 8, 2010, 12:09 PM
chrony
Version: 1.24-alt1
Summary: Chrony clock synchronization program
Changelog:
- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.
Jan 27, 2010, 01:26 PM
fuse
Version: 2.8.2-alt1
Summary: tool for creating virtual filesystems
Changelog:
- 2.8.2 - CVE-2009-3297 (ALT #22834)
Jan 27, 2010, 01:26 AM
MySQL
Version: 5.0.89-alt1
Summary: MySQL: A very fast and reliable SQL database engine
Changelog:
- new version (closes #18943) - fixed CVE-2009-2446 from upstream (closes #20724) - setup utf8 encoding instead of latin1 by default (closes #12390) - include C99 aliasing violation patch from mythtv (closes #22452) - removed username-length patch - wait for mysqld shutdown (closes #22234) - don't run initial setup mysql database if mysql.user table already exists
Jan 20, 2010, 06:01 PM
gzip
Version: 1.3.5-alt6
Summary: The GNU data compression program
Changelog:
- Applied upstream fix for integer underflow bug (CVE-2010-0001).
Dec 29, 2009, 01:29 PM
ruby
Version: 1.9.1-alt1.r26040.1
Summary: Interpreter of object-oriented scripting language Ruby 1.9
Changelog:
- Fix String#ljust, String#rjust and String#center breakage after CVE-2009-4124 fix
Dec 22, 2009, 06:14 PM
netatalk
Version: 2.0.5-alt1
Summary: AppleTalk networking programs
Changelog:
- 2.0.5: + fix CVE-2008-5718 + more bugfixes
Dec 14, 2009, 01:03 PM
kernel-image-std-def
Version: 2.6.30-alt15
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- [SECURITY] Fix CVE-2009-1298 - fixes in Samsung U200 driver. thx to mikhail@linux-rb.ru - Add support Samsung YP-CP3. Thx to vitty@altlinux.org
Nov 15, 2009, 03:48 PM
xpdf
Version: 3.02-alt7
Summary: Portable Document Format (PDF) suite
Changelog:
- Apply xpdf-3.02pl4 security patch to fix: CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609.
Oct 5, 2009, 07:56 PM
ss5
Version: 3.6.4-alt2.rel3.2
Summary: Full featured SOCKS4 and SOCKS5 server
Changelog:
- NMU: security fix for CVE-2009-2368 (array index overflow) (ALT #20701) + thanks crux@ for heads-up
Aug 11, 2009, 01:50 AM
centerim
Version: 4.22.8-alt1
Summary: Console ncurses based IM client. ICQ, Yahoo!, AIM, IRC, MSN, Gadu-Gadu and Jabber protocols are supported. Internal RSS reader is also provided
Changelog:
- 4.22.8 - fix connection to the Yahoo messanger protocol - fix CVE-2008-4776
Jul 29, 2009, 03:01 AM
bind
Version: 9.3.6-alt5
Summary: ISC BIND - DNS server
Changelog:
- Backported upstream fix for a remote DoS bug (CVE-2009-0696).
Jul 19, 2009, 03:24 AM
scponly
Version: 4.8-alt2
Summary: Limited shell for secure file transfers
Changelog:
- fix build with gcc - Add patch to prevent restriction bypass using OpenSSH's scp options -F and -o (CVE-2007-6415)
Jul 16, 2009, 01:21 AM
dhcp
Version: 3.0.7-alt4
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- server/dhcp.c (ack_lease): Imported fix for potential premature server termination (Christoph Biedl; CVE-2009-1892).
Jul 6, 2009, 03:04 AM
dillo
Version: 0.8.6-alt6
Summary: a small GTK+ web browser
Changelog:
- Security fix (CVE-2009-2294) (Closes: 20680)
May 19, 2009, 06:54 PM
ntp
May 18, 2009, 03:44 PM
eggdrop
Version: 1.6.19-alt2
Summary: Eggdrop is an IRC bot, written in C
Changelog:
- Security fix: eggdrop remote crash vulnerability (incomplete patch for CVE-2007-2807) (Closes: #20067)
May 8, 2009, 04:38 AM
cscope
Version: 15.7a-alt1
Summary: Cscope is a text screen based source browsing tool
Changelog:
- [15.7a] (closes: #19952) + CVE-2009-0148
May 4, 2009, 01:29 PM
system-tools-backends
Version: 2.6.1-alt1
Summary: System Tools to manage computer configuration -- scripts
Changelog:
- new release - s-t-b moved to sbindir (Closes: 17516) - security fix: CVE-2008-4311
May 1, 2009, 03:38 PM
libmodplug
Feb 12, 2009, 05:09 PM
audiofile
Version: 0.2.6-alt3
Summary: Library to handle various audio file formats
Changelog:
- Fix CVE-2008-5824.
Jan 27, 2009, 09:23 AM
smarty
Version: 2.6.22-alt1
Summary: Template engine for PHP
Changelog:
- Updated to 2.6.22. Security fixes: + CVE-2008-4810 + CVE-2008-4811
Dec 28, 2008, 11:37 PM
wordnet
Version: 3.0-alt4
Summary: WordNet English lexical reference system
Changelog:
- applied patches against CVE-2008-2149, CVE-2008-3908 (fix bug #15678)
Nov 21, 2008, 05:09 PM
imlib2
Version: 1.4.0-alt3
Summary: Powerful image loading and rendering library
Changelog:
- Fix CVE-2008-5187.
Jun 26, 2008, 10:56 PM
pear-MDB2
Version: 2.5.0b1-alt1
Summary: database abstraction layer
Changelog:
- new version 2.5.0b1 (with rpmrb script) - due CVE-2007-5934 (fix bug #16173)
May 17, 2008, 02:34 AM
libid3tag
Version: 0.15.1b-alt6
Summary: ID3 Tag manipulation library
Changelog:
- Fix CVE-2008-2109.
Apr 16, 2007, 12:14 AM
lha
Version: 1.14i-alt2
Summary: An archiving and compression utility for LHarc format archives
Changelog:
- ac20050924p1: security fixes for CVE-2006-4335, CVE-2006-4337, CVE-2006-4338 (DoS, system access) - removed patch1, patch2, patch4, patch5 (didn't apply)