Security

- Backported upstream fix for Sourceware#15014 (CVE-2015-0235).
- applied the upstream provided patch to fix CVE-2013-2944
  (ECDSA signature vulnerability if openssl backend is loaded)
- CVE-2012-1182
- Backport to p5 branch (CVE-2010-3087 CVE-2010-2595 CVE-2011-0192 CVE-2011-1167)
- no libtiffxx subpackage
- Backport to p5 (fixes CVE-2011-1764)
- Backport to p5 (fixes CVE-2011-1720)
- Backport to p5 branch (fixes CVE-2011-1091)
- backport to p5 branch (fixes CVE-2010-4494)
- backport to p5 branch (fixed CVE-2010-3846)
- backport to p5 (new version with CVE-2010-2937 fix)
- disable services_discovery/libudev_plugin.so
- disable SDL_image support
- backport to p5 branch (fixed CVE-2009-2473)
- backport to p5 branch (fixed CVE-2010-3364)
- backport to p5 branch (fixed CVE-2010-3315)
- fix CVE-2010-3703
- CVE-2010-2962
- build af_packet as module
- Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws).
  Fix backported from 1.0.6
- Fixed CVE-2010-2480 - XSS via inadequate escaping (patch from ubuntu)
  + lib/mako/filters.py: use xml.sax.saxutils.escape instead of
  cgi.escape so we can escape single quotes.
- Updated to 1.0.6 (fixes CVE-2010-0405).
- imported security fixes from openSUSE 3.1.11a-84.5 package:
  + CVE-2007-6720:
    denial of service (crash) by loading multiple MOD files
    with different numbers of channels
  + CVE-2009-0179:
    denial of service (crash) by loading an XM file
  + CVE-2009-3995:
    arbitrary code execution via (1) crafted samples
    or (2) crafted instrument definitions in an Impulse Tracker file
  + CVE-2009-3996:
    arbitrary code execution via an Ultratracker file
- New version: CVE-2010-2799 fixed (closes #23839).
- backport to p5 branch (security fixes: CVE-2010-0212 and CVE-2010-0211)
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).
- updated to fc 7.4
- CVE-2009-0033, CVE-2009-0580 (closes: 20311, 20314)
- su -s /bin/sh -c instead of su - (closes: #23073)
- fixed stack-based buffer overflow (CVE-2009-4274)
- fixed build
  + netpbm-10.35-alt-fix-overflow-destination-buffer.patch
  + netpbm-10.35-fix-gcc43.patch (backported fix)
- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).
- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could
  give a user with permission to run sudoedit the ability to run
  arbitrary commands).
- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.
- 2.8.2
- CVE-2009-3297 (ALT #22834)
- new version (closes #18943)
- fixed CVE-2009-2446 from upstream (closes #20724)
- setup utf8 encoding instead of latin1 by default (closes #12390)
- include C99 aliasing violation patch from mythtv (closes #22452)
- removed username-length patch
- wait for mysqld shutdown (closes #22234)
- don't run initial setup mysql database if mysql.user table already exists
- Applied upstream fix for integer underflow bug (CVE-2010-0001).

Branches
sisyphus
sisyphus_e2k
sisyphus_mipsel
sisyphus_riscv64
p10
p10_e2k
p9
p9_e2k
p9_mipsel
p8
c9f2
c7

glibc Jan 28, 2015, 07:06 PM	Jan 28, 2015, 07:06 PM
Version: 2.11.2-alt1.M51.2
Summary: The GNU libc libraries
Changelog:
- Backported upstream fix for Sourceware#15014 (CVE-2015-0235).

strongswan Apr 30, 2013, 07:04 PM	Apr 30, 2013, 07:04 PM
Version: 4.3.7-alt1.M51.1
Summary: StrongSWAN IPSEC implementation
Changelog:
- applied the upstream provided patch to fix CVE-2013-2944 (ECDSA signature vulnerability if openssl backend is loaded)

samba Apr 11, 2012, 10:28 AM	Apr 11, 2012, 10:28 AM
Version: 3.0.37-alt5.M50P.1
Summary: Samba SMB/CIFS server
Changelog:
- CVE-2012-1182

libtiff Sep 29, 2011, 08:17 PM	Sep 29, 2011, 08:17 PM
Version: 3.9.5-alt1.M50P.1
Summary: A library of functions for manipulating TIFF format image files
Changelog:
- Backport to p5 branch (CVE-2010-3087 CVE-2010-2595 CVE-2011-0192 CVE-2011-1167) - no libtiffxx subpackage

exim May 16, 2011, 06:24 PM	May 16, 2011, 06:24 PM
Version: 4.76-alt0.M50P.1
Summary: Exim Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1764)

postfix May 16, 2011, 02:44 PM	May 16, 2011, 02:44 PM
Version: 2.5.13-alt0.M50P.1
Summary: Postfix Mail Transport Agent
Changelog:
- Backport to p5 (fixes CVE-2011-1720)

pidgin-mini Mar 30, 2011, 09:16 PM	Mar 30, 2011, 09:16 PM
Version: 2.7.11-alt0.M50P.1
Summary: A GTK+ based multiprotocol instant messaging client
Changelog:
- Backport to p5 branch (fixes CVE-2011-1091)

libxml2 Jan 20, 2011, 01:13 PM	Jan 20, 2011, 01:13 PM
Version: 2.7.8-alt3.M50P.1
Summary: The library for manipulating XML files
Changelog:
- backport to p5 branch (fixes CVE-2010-4494)

cvs Dec 5, 2010, 01:02 PM	Dec 5, 2010, 01:02 PM
Version: 1.11.23-alt3.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3846)

vlc Nov 19, 2010, 04:49 PM	Nov 19, 2010, 04:49 PM
Version: 1.1.4-alt0.M50P.1
Summary: VLC media player
Changelog:
- backport to p5 (new version with CVE-2010-2937 fix) - disable services_discovery/libudev_plugin.so - disable SDL_image support

gnome-vfs Nov 13, 2010, 06:39 PM	Nov 13, 2010, 06:39 PM
Version: 2.24.4-alt0.M50P.1
Summary: The GNOME virtual file-system libraries
Changelog:
- backport to p5 branch (fixed CVE-2009-2473)

vips Nov 12, 2010, 08:58 PM	Nov 12, 2010, 08:58 PM
Version: 7.22.4-alt0.M50P.1
Summary: Large image processing library
Changelog:
- backport to p5 branch (fixed CVE-2010-3364)

subversion Nov 12, 2010, 07:40 PM	Nov 12, 2010, 07:40 PM
Version: 1.6.13-alt0.M50P.1
Summary: A version control system
Changelog:
- backport to p5 branch (fixed CVE-2010-3315)

poppler5 Oct 20, 2010, 02:18 PM	Oct 20, 2010, 02:18 PM
Version: 0.12.4-alt0.M51.3
Summary: PDF rendering library
Changelog:
- fix CVE-2010-3703

socat Aug 4, 2010, 08:40 PM	Aug 4, 2010, 08:40 PM
Version: 1.7.1.3-alt1
Summary: 'socket cat' - multipurpose relay for bidirectional data transfer
Changelog:
- New version: CVE-2010-2799 fixed (closes #23839).

kernel-image-el-smp Oct 12, 2010, 08:06 PM	Oct 12, 2010, 08:06 PM
Version: 2.6.32-alt10
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- CVE-2010-2962 - build af_packet as module

libesmtp Oct 5, 2010, 11:49 PM	Oct 5, 2010, 11:49 PM
Version: 1.0.4-alt2.1.0.M51.1
Summary: LibESMTP is a library to manage posting email using SMTP
Changelog:
- Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws). Fix backported from 1.0.6

python-module-mako Oct 2, 2010, 06:06 PM	Oct 2, 2010, 06:06 PM
Version: 0.2.5-alt1.M51.1
Summary: template library written in Python
Changelog:
- Fixed CVE-2010-2480 - XSS via inadequate escaping (patch from ubuntu) + lib/mako/filters.py: use xml.sax.saxutils.escape instead of cgi.escape so we can escape single quotes.

bzip2 Sep 20, 2010, 10:07 PM	Sep 20, 2010, 10:07 PM
Version: 1.0.6-alt1
Summary: Extremely powerful file compression utility
Changelog:
- Updated to 1.0.6 (fixes CVE-2010-0405).

libmikmod Aug 26, 2010, 01:53 PM	Aug 26, 2010, 01:53 PM
Version: 3.1.11-alt0.8
Summary: A portable sound library for Unix
Changelog:
- imported security fixes from openSUSE 3.1.11a-84.5 package: + CVE-2007-6720: denial of service (crash) by loading multiple MOD files with different numbers of channels + CVE-2009-0179: denial of service (crash) by loading an XM file + CVE-2009-3995: arbitrary code execution via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file + CVE-2009-3996: arbitrary code execution via an Ultratracker file

openldap2.4 Jul 1, 2010, 03:22 PM	Jul 1, 2010, 03:22 PM
Version: 2.4.23-alt0.M50P.1
Summary: LDAP libraries and sample clients
Changelog:
- backport to p5 branch (security fixes: CVE-2010-0212 and CVE-2010-0211)

libpng Jun 29, 2010, 07:53 PM	Jun 29, 2010, 07:53 PM
Version: 1.2.44-alt1
Summary: A library of functions for manipulating PNG image format files
Changelog:
- Updated to 1.2.44 (fixes: CVE-2010-1205, CVE-2010-2249).

tomcat5 Mar 19, 2010, 04:42 PM	Mar 19, 2010, 04:42 PM
Version: 5.5.27-alt4_7.4jpp5
Summary: Apache Servlet/JSP Engine, RI for Servlet 2.4/JSP 2.0 API
Changelog:
- updated to fc 7.4 - CVE-2009-0033, CVE-2009-0580 (closes: 20311, 20314) - su -s /bin/sh -c instead of su - (closes: #23073)

netpbm Mar 2, 2010, 07:55 AM	Mar 2, 2010, 07:55 AM
Version: 10.35.32-alt1.M51.1
Summary: Tools for manipulating graphics files in netpbm supported formats
Changelog:
- fixed stack-based buffer overflow (CVE-2009-4274) - fixed build + netpbm-10.35-alt-fix-overflow-destination-buffer.patch + netpbm-10.35-fix-gcc43.patch (backported fix)

dnsmasq Mar 1, 2010, 08:30 PM	Mar 1, 2010, 08:30 PM
Version: 2.46-alt1.1.M51.2
Summary: A lightweight caching nameserver
Changelog:
- fix TFTP server vulnerabilities (CVE-2009-2957, CVE-2009-2958).

Repository: 5.1

Security

sudo Feb 23, 2010, 06:23 PM	Feb 23, 2010, 06:23 PM
Version: 1.6.8p12-alt7
Summary: Allows command execution as another user
Changelog:
- Backported upstream fix for CVE-2010-0426 (a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands).

chrony Feb 8, 2010, 12:09 PM	Feb 8, 2010, 12:09 PM
Version: 1.24-alt1
Summary: Chrony clock synchronization program
Changelog:
- 1.24. Contains security fixes for CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.

fuse Jan 27, 2010, 01:26 PM	Jan 27, 2010, 01:26 PM
Version: 2.8.2-alt1
Summary: tool for creating virtual filesystems
Changelog:
- 2.8.2 - CVE-2009-3297 (ALT #22834)

MySQL Jan 27, 2010, 01:26 AM	Jan 27, 2010, 01:26 AM
Version: 5.0.89-alt1
Summary: MySQL: A very fast and reliable SQL database engine
Changelog:
- new version (closes #18943) - fixed CVE-2009-2446 from upstream (closes #20724) - setup utf8 encoding instead of latin1 by default (closes #12390) - include C99 aliasing violation patch from mythtv (closes #22452) - removed username-length patch - wait for mysqld shutdown (closes #22234) - don't run initial setup mysql database if mysql.user table already exists

gzip Jan 20, 2010, 06:01 PM	Jan 20, 2010, 06:01 PM
Version: 1.3.5-alt6
Summary: The GNU data compression program
Changelog:
- Applied upstream fix for integer underflow bug (CVE-2010-0001).