Security
Jan 27, 2009, 09:23 AM
smarty
Version: 2.6.22-alt1
Summary: Template engine for PHP
Changelog:
- Updated to 2.6.22. Security fixes: + CVE-2008-4810 + CVE-2008-4811
Oct 27, 2012, 09:44 PM
libexif
Version: 0.6.21-alt1
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changelog:
- 0.6.21 - fixed CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845
Dec 26, 2013, 08:07 PM
libjpeg-turbo
Version: 1.3.1-alt0.1
Summary: A SIMD-accelerated library for manipulating JPEG image format files
Changelog:
- Updated to 1.3.1 r1092 (fixes CVE-2013-6629, CVE-2013-6630).
May 13, 2014, 02:21 AM
kernel-src-kvm
Version: 3.10.21-alt8
Summary: KVM modules sources for Linux kernel
Changelog:
- updates from linux-3.10.40: + KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)
Jul 15, 2014, 05:35 PM
liblzo2
Version: 2.08-alt1
Summary: Data compression library with very fast (de)compression
Changelog:
- Updated to 2.08 (fixes CVE-2014-4607). - Cleaned up specfile.
Sep 11, 2014, 12:25 AM
libmodplug
Version: 0.8.8.5-alt1
Summary: Modplug mod music file format library
Changelog:
- 0.8.8.5 + CVE-2013-4233, CVE-2013-4234 fixes
Sep 13, 2014, 02:29 PM
lua5
Version: 5.1.5-alt1
Summary: Embeddable programming language
Changelog:
- Patch for CVE-2014-5461 applied - 5.1.4 -> 5.1.5 - lua-5.1.4 patches reverted - applied official pathes #1/#2 from lua.org/bugs.html
Jan 27, 2015, 03:50 AM
pxz
Version: 4.999.9beta-alt3
Summary: Parallel LZMA compressor using liblzma
Changelog:
- CVE-2015-1200 fix (patch from debian bug #775306)
Sep 1, 2015, 12:09 PM
libvdpau
Version: 1.1.1-alt1
Summary: VDPAU library
Changelog:
- new version - security fixes: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200
Sep 15, 2015, 08:56 PM
libunwind
Version: 1.1-alt2
Summary: An unwinding library
Changelog:
- Fixed CVE-2015-3239. - Added aarch64 architecture support.
Nov 25, 2015, 12:53 PM
libssh2
Dec 4, 2015, 06:18 PM
xfsprogs
Version: 3.1.11-alt1
Summary: Utilities for managing the XFS filesystem
Changelog:
- 3.1.11 + reset to pristine source, effectively reverting all patches - applied patch series extracted from opensuse 13.1 updates' 3.1.11-2.3.1 package to fix CVE-2012-2150
Dec 16, 2015, 11:58 AM
grub2
Version: 2.00-alt21
Summary: GRand Unified Bootloader
Changelog:
- CVE-2015-8370: those who have set up GRUB passwords MUST upgrade or find their use of this "protection" inefficient: CVE-2015-8370-Grub2-authentication-bypass.html" target="_blank">http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html (closes: #31631) - added fedora patch to piggyback --unrestricted through CLASS thus changing the default for password-protected menuentry items to request password only when an attempt to change boot parameters is made (but to let the system boot by default); see also http://altlinux.org/grub#password - added upstream texinfo patch to fix FTBFS - explicit BR: texinfoJan 5, 2016, 02:39 PMkeepassx
Version: 0.4.4-alt1Summary: KeePassX Password Safe - light-weight cross-platform password managerChangelog:- New version: security fixes - Fix CVE-2015-8378: Canceling XML export operation creates export as ".xml"Feb 21, 2016, 01:45 AMipsec-tools
Version: 0.8.2-alt1Summary: IPsec-Tools package use the IPsec functionality in the linux-2.5+ kernels.Changelog:- 0.8.2 - fixed CVE-2015-4047Apr 10, 2016, 02:31 PMlibwebkitgtk2
Version: 2.4.11-alt1Summary: Web browser engineChangelog:- 2.4.11 (CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083)May 9, 2016, 08:54 PMsquid
Version: 3.5.19-alt1Summary: The Squid proxy caching serverChangelog:- Updated to 3.5.19 (inludes fixes for CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556).Jun 5, 2016, 02:34 PMImageMagick
Version: 6.9.4.7-alt1Summary: An X application for displaying and manipulating imagesChangelog:- new version with fixes for CVE-2016-5118 (closes: #32174)Jun 10, 2016, 02:14 PMwget
Version: 1.18-alt1Summary: An utility for retrieving files using the HTTP, HTTPS or FTP protocolsChangelog:- 1.18 (fixes CVE-2016-4971: untrusted filenames when following HTTP to FTP redirects)Jul 1, 2016, 01:40 PMrssh
Version: 2.3.4-alt2Summary: Restricted shell for scp or sftpChangelog:- really update sources to 2.3.4 fixes (CVE-2012-3478 and CVE-2012-2252) - add patch for rsync3 compatJul 9, 2016, 01:30 PMiperf3
Version: 3.1.3-alt1Summary: A TCP, UDP, and SCTP network bandwidth measurement toolChangelog:- New version (CVE-2016-4303)Sep 10, 2016, 12:25 AMlibgtk+2
Version: 2.24.31-alt1Summary: The GIMP ToolKit (GTK+), a library for creating GUIsChangelog:- 2.24.31 (CVE-2013-7447)Sep 25, 2016, 12:35 PMruby-httpclient
Version: 2.8.2.4-alt1Summary: HTTP accessing library for RubyChangelog:- Update to latest release + Security CVE-2014-3566 critical to rhc: https://blog.openshift.com/poodle-ssl-vulnerability/Feb 17, 2017, 12:37 PMadobe-flash-player-ppapi
Version: 24-alt3Summary: Adobe Flash PlayerChangelog:- new version - security fixes: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996Jun 4, 2017, 09:47 PMwireshark
Version: 2.2.7-alt1.M80C.1Summary: The BugTraq Award Winning Network Traffic AnalyzerChangelog:- new version with these security fixes: * wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352 * wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348 * wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351 * wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346 * wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345 * wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349 * wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350 * wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343 * wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347 * wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354 * wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353Sep 19, 2017, 04:53 PMpidgin
Version: 2.12.0-alt0.M80C.1Summary: A GTK+ based multiprotocol instant messaging clientChangelog:- backport to c8 (Fixes: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323)Sep 20, 2017, 02:24 PMpostgresql9.6
Version: 9.6.5-alt0.M80C.1Summary: PostgreSQL client programs and librariesChangelog:- backport to c8 (Fixes: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548, CVE-2017-7548, CVE-2017-7547, CVE-2017-7546, CVE-2017-7484, CVE-2017-7484, CVE-2017-7485, CVE-2017-7486, CVE-2017-7484, CVE-2017-7486, CVE-2017-7485, CVE-2017-7484)Sep 21, 2017, 03:02 PMpostgresql9.5
Version: 9.5.9-alt0.M80C.1Summary: PostgreSQL client programs and librariesChangelog:- port to c8 (Fixes: CVE-2017-7547, CVE-2017-7546, CVE-2017-7547, CVE-2017-7548, CVE-2017-7548, CVE-2017-7547, CVE-2017-7546, CVE-2017-7484, CVE-2017-7484, CVE-2017-7485, CVE-2017-7486, CVE-2017-7484, CVE-2017-7486, CVE-2017-7485, CVE-2017-7484)Sep 25, 2017, 05:25 PMc-ares
Version: 1.13.0-alt0.M80C.1Summary: A library that performs asynchronous DNS operationsChangelog:- backport to c8 (Fixes: CVE-2016-5180, CVE-2017-1000381)Sep 25, 2017, 05:33 PMdhcp
Version: 4.3.6-alt0.M80C.1Summary: Dynamic Host Configuration Protocol (DHCP) distributionChangelog:- backport to c8 (Fixes: CVE-2015-8605, CVE-2016-2774)Sep 25, 2017, 11:55 PMexpat
Version: 2.2.4-alt0.M80C.1Summary: An XML parser written in CChangelog:- backport to c8 (Fixes: CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2015-2716, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063, CVE-2017-11742, CVE-2017-9233)Sep 27, 2017, 11:21 AMlibarchive
Version: 3.3.1-alt0.M80C.1Summary: A library for handling streaming archive formatsChangelog:- backport to c8 (Fixes: CVE-2016-8687, CVE-2016-8688, CVE-2016-8689)Sep 27, 2017, 12:06 PMlibcroco
Version: 0.6.11-alt2.M80C.1Summary: A CSS2 parsing libraryChangelog:- Fixes: + CVE-2017-7960 denial of service in cr_input_new_from_uri function in cr-input.cSep 27, 2017, 01:07 PMlibimobiledevice
Version: 1.2.0-alt2.M80C.1Summary: Library for connecting to Apple iPhone and iPod touchChangelog:- Fixes: + CVE-2016-5104 The socket_create function in common/socket.c in libimobiledevice allows remote attackers to bypass intended access restrictionsSep 27, 2017, 03:34 PMlxc
Version: 2.0.6-alt0.M80C.1Summary: lxc : Linux ContainerChangelog:- backport to c8 (Fixes: CVE-2016-8649)Sep 27, 2017, 06:12 PMlibtirpc
Version: 1.0.2-alt0.M80C.1Summary: transport-independent RPC libraryChangelog:- backport to c8 (Fixed: CVE-2017-8779)Sep 27, 2017, 11:20 PMchrony
Version: 3.1-alt0.M80C.1Summary: Chrony clock synchronization programChangelog:- backport to c8 (Fixes: CVE-2016-1567)Sep 28, 2017, 02:54 PMzlib
Version: 1.2.8-alt1.M80C.1Summary: The zlib compression and decompression libraryChangelog:- backport to c8 (Fixes: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)Sep 28, 2017, 03:10 PMlibpng
Version: 1.5.28-alt0.M80C.1Summary: A library of functions for manipulating PNG image format filesChangelog:- Updated to 1.5.28 (Fixes: CVE-2016-10087)Sep 28, 2017, 05:01 PMopenvswitch
Version: 2.7.2-alt0.M80C.1Summary: An open source, production quality, multilayer virtual switchChangelog:- backport to c8 (Fixes: CVE-2016-2074)Sep 28, 2017, 10:04 PMnagios
Version: 3.0.6-alt4.M80C.1Summary: Services and network monitoring systemChangelog:- Backport to C8 (Fixes: CVE-2009-2288, CVE-2011-1523, CVE-2012-6096, CVE-2013-2214, CVE-2013-7108, CVE-2013-7205)Oct 16, 2017, 05:29 PMwpa_supplicant
Version: 2.6-alt1.M80C.1Summary: wpa_supplicant is an implementation of the WPA Supplicant componentChangelog:- backport to c8 - multiple vulnerabilities (so-called KRACK attack) (Fixes: + CVE-2017-13077 + CVE-2017-13078 + CVE-2017-13079 + CVE-2017-13080 + CVE-2017-13081 + CVE-2017-13082 + CVE-2017-13086 + CVE-2017-13087 + CVE-2017-13088)Oct 17, 2017, 03:17 PMxorg-server
Version: 1.18.4-alt2.M80C.2Summary: Xserver - X Window System display serverChangelog:- (Fixes: CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12183).Oct 20, 2017, 11:18 AMapache2
Version: 2.4.28-alt1.N.M80C.1Summary: The most widely used Web server on the InternetChangelog:- new version 2.4.28 - disabled NameVirtualHost directive in ports_all.conf (closes: #32269) - increased timeout for restarting httpd on SysVinit sytems (closes: #31062) - increased LOOPSSTART and TimeoutStartSec (closes: #33978) - fixes: * CVE-2017-9798 Corrupted or freed memory accessOct 23, 2017, 09:53 PMglibc
Version: 2.23-alt3.M80C.3Summary: The GNU libc librariesChangelog:- Backported upstream secutiry patches (fixes CVE-2017-15670 CVE-2017-15804).Dec 7, 2017, 06:17 PMopenssl10
Version: 1.0.2n-alt0.M80C.1Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and toolsChangelog:- Backported to c8 branch (fixes CVE-2017-3737, CVE-2017-3738).Feb 19, 2018, 08:38 PMkernel-image-srv-restricted
Version: 4.4.116-alt0.M80C.1Summary: Restricted version of the Linux kernelChangelog:- v4.4.116 (Fixes: CVE-2017-8824)Feb 19, 2018, 09:22 PMkernel-image-std-restricted
Version: 4.4.116-alt0.M80C.1Summary: Restricted version of the Linux kernelChangelog:- v4.4.116 (Fixes: CVE-2017-8824)Mar 31, 2018, 09:35 AMcurl
Version: 7.59.0-alt1.N.M80C.1Summary: Gets a file from a FTP, GOPHER or HTTP serverChangelog:- new version - fixes: * CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write * CVE-2018-1000121 LDAP NULL pointer dereference * CVE-2018-1000122 RTSP RTP buffer over-readMay 18, 2018, 02:47 PMruby
Version: 2.4.4-alt0.M80C.1Summary: An Interpreted Object-Oriented Scripting LanguageChangelog:- New version. - Fixes: + CVE-2017-17742: HTTP response splitting in WEBrick + CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir + CVE-2018-8777: DoS by large request in WEBrick + CVE-2018-8778: Buffer under-read in String#unpack + CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket + CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in DirAug 24, 2018, 06:51 PMopenssh
Version: 7.2p2-alt2.M80C.3Summary: OpenSSH free Secure Shell (SSH) implementationChangelog:- Correction for fix for CVE-2018-15473Sep 13, 2018, 08:20 PMmariadb
Version: 10.1.35-alt0.N.M80C.1Summary: A very fast and reliable SQL database engineChangelog:- 10.1.35 - Fixes for the following security vulnerabilities: + CVE-2018-3064 + CVE-2018-3063 + CVE-2018-3058 + CVE-2018-3066 - change mode of plugin dir in chroot (ALT #33259)Oct 25, 2018, 02:55 PMlibssh
Version: 0.7.6-alt2Summary: C library to authenticate in a simple manner to one or more SSH serversChangelog:- fix changelog - security fixes: CVE-2018-10933Nov 9, 2018, 06:29 PMNetworkManager
Version: 1.4.7-alt1.git3712c5180676Summary: Install NetworkManager daemon and pluginsChangelog:- Upstream git snapshot (nm-1-4 branch) (fixes: CVE-2018-15688).Jan 10, 2019, 05:13 PMsystemd
Version: 233-alt0.M80C.3Summary: System and Session ManagerChangelog:- journald: set a limit on the number of fields once more. - Backported patches from upstream (fixes: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866).Jan 11, 2019, 02:32 PMnettle
Version: 3.4.1-alt1Summary: A low-level cryptographic libraryChangelog:- Updated to 3.4.1 (fixes: CVE-2018-16869).Apr 23, 2019, 07:24 AMSPICE
Version: 0.14.1-alt1Summary: Implements the SPICE protocolChangelog:- 0.14.1 (Fixes: CVE-2018-10873)May 14, 2019, 08:09 PMdhcpcd
Version: 6.11.7-alt1Summary: DHCP ClientChangelog:- Fix crash on lease renewals (closes: #36730). - Updated to 6.11.7 (fixes: CVE-2019-11766).May 21, 2019, 12:09 PMlibxmlsec1
Version: 1.2.26-alt1.M80C.1Summary: Library providing support for "XML Signature" and "XML Encryption" standardsChangelog:- for c8, soap reenabled (Fixes: CVE-2017-1000061)Aug 5, 2019, 08:22 PMsamba
Version: 4.6.16-alt1.M80C.1Summary: The Samba4 CIFS and AD client and server suiteChangelog:- Update to latest samba-4.6 security release - Security fixes: + CVE-2018-10858 Insufficient input validation on client directory listing in libsmbclient + CVE-2018-10919 Confidential attribute disclosure from the AD LDAP serverAug 5, 2019, 08:56 PMsamba-DC
Version: 4.6.16-alt1.M80C.1Summary: Samba Active Directory Domain ControllerChangelog:- Update to latest samba-4.6 security release - Security fixes: + CVE-2018-10858 Insufficient input validation on client directory listing in libsmbclient + CVE-2018-10919 Confidential attribute disclosure from the AD LDAP serverAug 6, 2019, 02:26 PMfirmware-intel-ucode
Version: 9-alt1.20190514Summary: Microcode definitions for Intel processorsChangelog:- Sync with Debian 3.20190514.1: + New upstream microcode datafile 20190514 + SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 + Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280Aug 30, 2019, 01:35 PMdovecot
Version: 2.2.21-alt1.M80C.1Summary: Dovecot secure IMAP/POP3 serverChangelog:- Applied upstream security fix (fixes CVE-2019-11500).Aug 30, 2019, 01:37 PMdovecot-pigeonhole
Version: 0.4.11-alt1.M80C.1Summary: Sieve language and the ManageSieve protocol for the Dovecot Secure IMAP ServerChangelog:- Applied upstream security fix (fixes CVE-2019-11500).Sep 25, 2019, 05:16 PMlibspice-gtk
Version: 0.34-alt0.M80C.1Summary: A GTK widget for SPICE clientsChangelog:- Port to c8.1 branch due to upgrade of the server side (SPICE); - (Fixes: CVE-2016-3066).Oct 7, 2019, 03:31 PMlibXfont2
Version: 2.0.3-alt1Summary: X.Org libXfont runtime libraryChangelog:- fixes: + CVE-2017-16611 Open files with O_NOFOLLOWOct 31, 2019, 05:11 AMsudo
Version: 1.8.28-alt1Summary: Allows command execution as another userChangelog:- Update to autumn security release (closes: 37334) - Code execution with euid==0 in rare box configurations (fixes: CVE-2019-14287) - Fix post script for sudowheel control in case of upgrade in not default stateDec 6, 2019, 01:53 PMoniguruma
Version: 6.9.4-alt1Summary: Regular expressions libraryChangelog:- 6.9.4 - fixes: * CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range() * CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len() * CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()