Sisyphus repository
Last update: 2018-06-25 21:17:37 +0400 | SRPMs: 9785 | Sign in or Sign up
en ru uk br
Security fixes

adobe-flash-player-2:10-alt6  build 2011-05-16

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- new version 10.3.181.14(x86-32)
- only 32-bit security fixes:
CVE-2011-0579, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620,
CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624,
CVE-2011-0625, CVE-2011-0626, CVE-2011-0627

postfix-1:2.5.13-alt0.M50P.1  build 2011-05-16

Group: System/Servers
Summary: Postfix Mail Transport Agent
Changes:

- Backport to p5 (fixes CVE-2011-1720)

exim-4.76-alt0.M50P.1  build 2011-05-16

Group: System/Servers
Summary: Exim Mail Transport Agent
Changes:

- Backport to p5 (fixes CVE-2011-1764)

apr1-1.4.4-alt1  build 2011-05-13

Group: System/Libraries
Summary: Apache Portable Runtime
Changes:

- New version (1.4.4)
- Security fixes (CVE-2011-0419)

postfix-1:2.5.13-alt1  build 2011-05-09

Group: System/Servers
Summary: Postfix Mail Transport Agent
Changes:

- Updated to 2.5.13 (fixes CVE-2011-1720 in SMTP server Cyrus SASL support).

libtiff-3.9.5-alt1  build 2011-04-13

Group: System/Libraries
Summary: A library of functions for manipulating TIFF format image files
Changes:

- Updated to Release-v3-9-5 (fixes CVE-2011-1167).

dhcpcd-1:4.0.15-alt4  build 2011-04-07

Group: System/Servers
Summary: DHCP Client
Changes:

- Escape | and & characters when passing to the shell
(fixes CVE-2011-996, backport from dhcpcd-5).

rsync-3.0.8-alt1  build 2011-04-07

Group: Networking/File transfer
Summary: A program for synchronizing files over a network
Changes:

- Updated to v3.0.8 (fixes CVE-2011-1097).

pidgin-mini-2.7.11-alt0.M50P.1  build 2011-03-31

Group: Networking/Instant messaging
Summary: A GTK+ based multiprotocol instant messaging client
Changes:

- Backport to p5 branch (fixes CVE-2011-1091)

pidgin-mini-2.7.11-alt1  build 2011-03-12

Group: Networking/Instant messaging
Summary: A GTK+ based multiprotocol instant messaging client
Changes:

- Updated to 2.7.11
+ CVE-2011-1091: remote denial of service in Yahoo protocol plugin

libtiff-3.9.4-alt5  build 2011-03-09

Group: System/Libraries
Summary: A library of functions for manipulating TIFF format image files
Changes:

- Updated to Release-v3-9-4-52-ga97ddb9
(fixes CVE-2010-3087 CVE-2010-2595 CVE-2011-0192).

kernel-image-ovz-rhel-2.6.18-alt13.M51.25  build 2011-03-02

Group: System/Kernel and hardware
Summary: Virtuozzo Linux kernel (the core of the Linux operating system)
Changes:

- Fix several CVE:
* CVE-2010-4249: kernel: unix socket local dos
* CVE-2010-4251: kernel: multicast IPv4 traffic on hipersockets device DoS
* CVE-2010-4655: kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl

vsftpd-2.3.4-alt1  build 2011-03-02

Group: System/Servers
Summary: File Transfer Protocol (FTP) server
Changes:

- Updated to 2.3.4 (fixes CVE-2011-0762).

samba-3.0.37-alt4.M50P.1  build 2011-02-28

Group: System/Servers
Summary: Samba SMB/CIFS server
Changes:

- CVE-2011-0719

postgresql9.1-9.0.3-alt1  build 2011-02-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.0.3. Fixes CVE-2010-4015.
- Chroot scripts: exit silently when PG_CHROOT_DIR is not set.
- Initscript: remove LOCKFILE when stopping the service.

postgresql9.3-9.0.3-alt1  build 2011-02-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.0.3. Fixes CVE-2010-4015.
- Chroot scripts: exit silently when PG_CHROOT_DIR is not set.
- Initscript: remove LOCKFILE when stopping the service.

postgresql9.0-9.0.3-alt1  build 2011-02-02

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 9.0.3. Fixes CVE-2010-4015.
- Chroot scripts: exit silently when PG_CHROOT_DIR is not set.
- Initscript: remove LOCKFILE when stopping the service.

libxml2-1:2.7.8-alt3.M50P.1  build 2011-01-20

Group: System/Libraries
Summary: The library for manipulating XML files
Changes:

- backport to p5 branch (fixes CVE-2010-4494)

perl-CGI-3.49-alt2  build 2011-01-19

Group: Development/Perl
Summary: Simple CGI class for Perl
Changes:

- fixes for CVE-2010-4410 and CVE-2010-4411 (v5.12.3-RC2-1-gb7fa2ac)

pidgin-mini-2.7.9-alt1  build 2010-12-28

Group: Networking/Instant messaging
Summary: A GTK+ based multiprotocol instant messaging client
Changes:

- Updated to 2.7.9
+ CVE-2010-4528: crash when receiving short packets related to P2Pv2 messages

libxml2-1:2.7.8-alt3  build 2010-12-27

Group: System/Libraries
Summary: The library for manipulating XML files
Changes:

- Updated to v2.7.8-7-gfec31bc (fixes CVE-2010-4494).

xulrunner-192-1.9.2.14-alt1.20101222  build 2010-12-22

Group: Networking/Other
Summary: XUL Runner
Changes:

- New development snapshot 1.9.2.14pre (20101222).
- Fixed:
+ MFSA 2010-84 XSS hazard in multiple character encodings
+ MFSA 2010-83 Location bar SSL spoofing using network error page
+ MFSA 2010-82 Incomplete fix for CVE-2010-0179
+ MFSA 2010-81 Integer overflow vulnerability in NewIdArray
+ MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
+ MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
+ MFSA 2010-78 Add support for OTS font sanitizer
+ MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
+ MFSA 2010-76 Chrome privilege escalation with window.open and element
+ MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
+ MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

firefox-3.6-3.6.13-alt1.20101222  build 2010-12-22

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (3.6.13).
- Fixed:
+ MFSA 2010-84 XSS hazard in multiple character encodings
+ MFSA 2010-83 Location bar SSL spoofing using network error page
+ MFSA 2010-82 Incomplete fix for CVE-2010-0179
+ MFSA 2010-81 Integer overflow vulnerability in NewIdArray
+ MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
+ MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
+ MFSA 2010-78 Add support for OTS font sanitizer
+ MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
+ MFSA 2010-76 Chrome privilege escalation with window.open and element
+ MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
+ MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

git-1.7.3.4-alt1  build 2010-12-16

Group: Development/Other
Summary: Git core and tools
Changes:

- Updated to maint v1.7.3.4 (fixes an XSS in gitweb, see CVE-2010-3906).

cvs-1.11.23-alt3.M50P.1  build 2010-12-05

Group: Development/Other
Summary: A version control system
Changes:

- backport to p5 branch (fixed CVE-2010-3846)

cvs-1.11.23-alt4  build 2010-12-03

Group: Development/Other
Summary: A version control system
Changes:

- Applied upstream fix to an array index error, leading to a heap-based
buffer overflow, found in the way CVS applied certain delta fragment
changes from input files in the RCS (Revision Control System) file
format. If an attacker in control of a CVS repository stored a
specially-crafted RCS file in that repository, this could result in
arbitrary code execution with the privileges of the CVS server process
on the system hosting the CVS repository when a remote user eventually
checks out a revision of the affected file.
Special thanks to Owl for the description.
(CVE-2010-3846; closes: #24468).

vlc-1.1.4-alt0.M50P.1  build 2010-11-17

Group: Video
Summary: VLC media player
Changes:

- backport to p5 (new version with CVE-2010-2937 fix)
- disable services_discovery/libudev_plugin.so
- disable SDL_image support

openssl098-0.9.8p-alt1  build 2010-11-17

Group: System/Base
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changes:

- Updated to 0.9.8p (fixes CVE-2010-2939 and CVE-2010-3864).

gnome-vfs-1:2.24.4-alt0.M50P.1  build 2010-11-13

Group: System/Libraries
Summary: The GNOME virtual file-system libraries
Changes:

- backport to p5 branch (fixed CVE-2009-2473)

mplayer-1.0-alt35.32603.0.M50P.1  build 2010-11-12

Group: Video
Summary: Media player
Changes:

- backport to p5 branch (fixed CVE-2010-3429)

subversion-1.6.13-alt0.M50P.1  build 2010-11-12

Group: Development/Other
Summary: A version control system
Changes:

- backport to p5 branch (fixed CVE-2010-3315)

pidgin-mini-2.7.4-alt0.M50P.1  build 2010-11-12

Group: Networking/Instant messaging
Summary: A GTK+ based multiprotocol instant messaging client
Changes:

- backport to p5 branch (fixed CVE-2010-3711)

mplayer-1.0-alt35.32566.1  build 2010-10-30

Group: Video
Summary: Media player
Changes:

- new SVN snapshot (revision 32566).
- fix CVE-2010-3429 (closes: #24299).
- features:
+ enable new codecs: libgsm, dca, coreaudio, corevideo, amr, openjpeg;
+ enable ssse3 optimization;
+ enable bluray, cddb, librtmp support;
+ remove devfs support (removed from upstream);
+ remove dvdhead (removed from upstream);
+ remove dpms opt (it was already named as xshape);
+ xanim and real codecsdir (options was removed in upstream).
- patches:
+ update vbe and subreader patches;
+ remove builddoc patch
- fix aalib /dev/vcsa detection (closes: #17636).

pam-1.1.3-alt1  build 2010-10-28

Group: System/Base
Summary: Pluggable Authentication Modules
Changes:

- Updated to Linux-PAM-1_1_3 (fixes CVE-2010-3853).

ghostscript-9.00-alt1  build 2010-10-26

Group: Publishing
Summary: PostScript interpreter and renderer, most printer drivers
Changes:

- 9.00
- CVE-2010-2055

pidgin-mini-2.7.4-alt1  build 2010-10-21

Group: Networking/Instant messaging
Summary: A GTK+ based multiprotocol instant messaging client
Changes:

- Updated to 2.7.4
+ CVE-2010-3711: eight DoS conditions in libpurple

poppler5-0.12.4-alt0.M51.3  build 2010-10-20

Group: Publishing
Summary: PDF rendering library
Changes:

- fix CVE-2010-3703

vips-7.22.4-alt0.M50P.1  build 2010-10-19

Group: Graphics
Summary: Large image processing library
Changes:

- backport to p5 branch (fixed CVE-2010-3364)

subversion-1.6.13-alt1  build 2010-10-19

Group: Development/Other
Summary: A version control system
Changes:

- updated to 1.6.13 (CVE-2010-3315, closes: #24284)

aprutil1-1.3.10-alt1  build 2010-10-16

Group: System/Libraries
Summary: Apache Portable Runtime Utility shared library
Changes:

- New version (1.3.10)
- Security fixes (CVE-2009-3560, CVE-2009-3720, CVE-2010-1623)
(Closes: #24224)

vips-7.22.3-alt1  build 2010-10-16

Group: Graphics
Summary: Large image processing library
Changes:

- 7.22.3 fixes CVE-2010-3364 (insecure library loading);
thanks crux@ for heads-up (closes: #24330)

kdegraphics-3.5.10-alt6  build 2010-10-14

Group: Graphical desktop/KDE
Summary: K Desktop Environment - Graphics
Changes:

- CVE-2010-3702 CVE-2010-3704 (ALT#24295)

poppler5-0.12.4-alt0.M51.2  build 2010-10-14

Group: Publishing
Summary: PDF rendering library
Changes:

- fix CVE-2010-3702, CVE-2010-3704

kernel-image-el-smp-2.6.32-alt10  build 2010-10-12

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- CVE-2010-2962
- build af_packet as module

postgresql8.4-8.4.5-alt1  build 2010-10-07

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 8.4.5 release (fixes CVE-2010-3433).

libesmtp-1.0.4-alt2.1.0.M51.1  build 2010-10-05

Group: System/Libraries
Summary: LibESMTP is a library to manage posting email using SMTP
Changes:

- Fixed CVE-2010-1192, CVE-2010-1194 (certificate validation flaws).
Fix backported from 1.0.6

pam-1.1.2-alt3  build 2010-10-04

Group: System/Base
Summary: Pluggable Authentication Modules
Changes:

- Updated to Linux-PAM-1_1_2-6-g843807a
(fixes CVE-2010-3430 and CVE-2010-3431).

python-module-mako-0.2.5-alt1.M51.1  build 2010-10-02

Group: Development/Python
Summary: template library written in Python
Changes:

- Fixed CVE-2010-2480 - XSS via inadequate escaping (patch from ubuntu)
+ lib/mako/filters.py: use xml.sax.saxutils.escape instead of
cgi.escape so we can escape single quotes.

adobe-flash-player-10.2.161.23-alt1  build 2010-09-30

Group: Networking/WWW
Summary: Adobe Flash Player
Changes:

- CVE-2010-2884

openssl098-0.9.8o-alt1  build 2010-09-29

Group: System/Base
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changes:

- Updated to 0.9.8o (fixes CVE-2010-0742).
- Fixed ssl/dtls1.h ABI breakage introduced in 0.9.8m.
- Fixed 0.9.8m build regression on architectures where %_lib != lib.

  « First             2         4     5     6            Last »  

 
© 2009–2018 Igor Zubkov