ALT repositories
Last updated at Sat, 06 Jun 2020 00:41:50 +0000 | SRPMs: 16893
en ru
Security fixes

samba-4.9.17-alt1.src.rpm  build 2019-09-20

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to first security autumn release
- Security fixes:
+ CVE-2019-10197 Permissions check deny can allow user to escape from the share

samba-DC-4.9.17-alt1.src.rpm  build 2019-09-20

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to first security autumn release for domain controller release
- Security fixes:
+ CVE-2019-10197 Permissions check deny can allow user to escape from the share

kernel-image-std-4.9-1:4.9.216-alt0.M80C.1.src.rpm  build 2019-09-16

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.193 (Fixes: CVE-2019-15030)

kernel-image-std-4.9-1:4.9.223-alt0.M80C.1.src.rpm  build 2019-09-16

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.193 (Fixes: CVE-2019-15030)

kernel-image-un-def-1:4.19.109-alt0.M80C.1.src.rpm  build 2019-09-16

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.73 (Fixes: CVE-2019-15030, CVE-2019-15031)

kernel-image-un-def-1:4.19.123-alt0.M80C.1.src.rpm  build 2019-09-16

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.73 (Fixes: CVE-2019-15030, CVE-2019-15031)

bird-1.6.7-alt1.src.rpm  build 2019-09-12

Group: Networking/Other
Summary: BIRD Internet Routing Daemon
Changes:

- 1.6.7 (Fixes: CVE-2019-16159)

curl-7.66.0-alt1.src.rpm  build 2019-09-11

Group: Networking/File transfer
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changes:

- 7.66.0
- fixes:
* CVE-2019-5481: FTP-KRB double-free
* CVE-2019-5482: TFTP small blocksize heap buffer overflow

libspice-gtk-0.34-alt0.M80C.1.src.rpm  build 2019-09-04

Group: System/Libraries
Summary: A GTK widget for SPICE clients
Changes:

- Port to c8.1 branch due to upgrade of the server side (SPICE);
- (Fixes: CVE-2016-3066).

firefox-esr-68.7.0-alt0.M80C.1.src.rpm  build 2019-09-04

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- Build in 8 jobs.

firefox-esr-68.8.0-alt0.M80C.1.src.rpm  build 2019-09-04

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- Build in 8 jobs.

firefox-esr-68.9.0-alt0.M80C.1.src.rpm  build 2019-09-04

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.1.0).
- Fixed:
+ CVE-2019-11751 Malicious code execution through command line parameters
+ CVE-2019-11746 Use-after-free while manipulating video
+ CVE-2019-11744 XSS by breaking out of title and textarea elements using innerHTML
+ CVE-2019-11742 Same-origin policy violation with SVG filters and canvas to steal cross-origin images
+ CVE-2019-11736 File manipulation and privilege escalation in Mozilla Maintenance Service
+ CVE-2019-11753 Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
+ CVE-2019-11752 Use-after-free while extracting a key value in IndexedDB
+ CVE-2019-9812 Sandbox escape through Firefox Sync
+ CVE-2019-11743 Cross-origin access to unload event attributes
+ CVE-2019-11748 Persistence of WebRTC permissions in a third party context
+ CVE-2019-11749 Camera information available without prompting using getUserMedia
+ CVE-2019-11750 Type confusion in Spidermonkey
+ CVE-2019-11738 Content security policy bypass through hash-based sources in directives
+ CVE-2019-11747 'Forget about this site' removes sites from pre-loaded HSTS list
+ CVE-2019-11735 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ CVE-2019-11740 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
- Build in 8 jobs.

dovecot-pigeonhole-1:0.4.11-alt1.M80C.1.src.rpm  build 2019-08-30

Group: System/Servers
Summary: Sieve language and the ManageSieve protocol for the Dovecot Secure IMAP Server
Changes:

- Applied upstream security fix (fixes CVE-2019-11500).

thunderbird-68.7.0-alt1.M80C.1.src.rpm  build 2019-08-29

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (68.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
- Enigmail 2.1.2.

thunderbird-68.8.0-alt1.M80C.1.src.rpm  build 2019-08-29

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (68.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
- Enigmail 2.1.2.

kernel-image-std-restricted-1:4.9.190-alt0.M80C.1.src.rpm  build 2019-08-25

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.190 (Fixes: CVE-2019-3900)

kernel-image-std-4.9-1:4.9.216-alt0.M80C.1.src.rpm  build 2019-08-25

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.190 (Fixes: CVE-2019-3900)

kernel-image-std-4.9-1:4.9.223-alt0.M80C.1.src.rpm  build 2019-08-25

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.190 (Fixes: CVE-2019-3900)

bind-9.10.8.P1-alt1.src.rpm  build 2019-08-19

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- 9.10.6 -> 9.10.8-P1
(fixes: CVE-2017-3145, CVE-2018-5738, CVE-2018-5740, CVE-2018-5745,
CVE-2018-5744, CVE-2019-6465, CVE-2018-5743).

bind-9.10.8.P1-alt2.src.rpm  build 2019-08-19

Group: System/Servers
Summary: ISC BIND - DNS server
Changes:

- 9.10.6 -> 9.10.8-P1
(fixes: CVE-2017-3145, CVE-2018-5738, CVE-2018-5740, CVE-2018-5745,
CVE-2018-5744, CVE-2019-6465, CVE-2018-5743).

firefox-esr-68.7.0-alt0.M80C.1.src.rpm  build 2019-08-15

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.2).
- Fixed:
+ CVE-2019-11733 Stored passwords in 'Saved Logins' can be copied without master password entry

firefox-esr-68.8.0-alt0.M80C.1.src.rpm  build 2019-08-15

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.2).
- Fixed:
+ CVE-2019-11733 Stored passwords in 'Saved Logins' can be copied without master password entry

firefox-esr-68.9.0-alt0.M80C.1.src.rpm  build 2019-08-15

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.2).
- Fixed:
+ CVE-2019-11733 Stored passwords in 'Saved Logins' can be copied without master password entry

kernel-image-std-restricted-1:4.9.190-alt0.M80C.1.src.rpm  build 2019-08-11

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.189 (Fixes: CVE-2019-11478)

kernel-image-std-4.9-1:4.9.216-alt0.M80C.1.src.rpm  build 2019-08-11

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.189 (Fixes: CVE-2019-11478)

kernel-image-std-4.9-1:4.9.223-alt0.M80C.1.src.rpm  build 2019-08-11

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.189 (Fixes: CVE-2019-11478)

kf5-kconfig-5.31.0-alt2.src.rpm  build 2019-08-07

Group: System/Libraries
Summary: KDE Frameworks 5 advanced configuration system
Changes:

- security (Fixes: CVE-2019-14744)

kernel-image-std-restricted-1:4.9.190-alt0.M80C.1.src.rpm  build 2019-08-05

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.187 (Fixes: CVE-2019-10207, CVE-2019-13648)

nagios-nrpe-3.2.1-alt5.src.rpm  build 2019-08-05

Group: Monitoring
Summary: NRPE -- Nagios(R) Remote Plug-ins Execution daemon.
Changes:

- do not allow arguments (to harden more against CVE-2014-2913, BDU:2019-01845):
+ set dont_blame_nrpe=0
+ --disable-command-args
- package check_timed_logs.pl

kernel-image-std-4.9-1:4.9.216-alt0.M80C.1.src.rpm  build 2019-08-05

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.187 (Fixes: CVE-2019-10207, CVE-2019-13648)

kernel-image-std-4.9-1:4.9.223-alt0.M80C.1.src.rpm  build 2019-08-05

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.187 (Fixes: CVE-2019-10207, CVE-2019-13648)

kernel-image-un-def-1:4.19.109-alt0.M80C.1.src.rpm  build 2019-08-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.64 (Fixes: CVE-2019-10207, CVE-2019-11478, CVE-2019-13648, CVE-2019-3900)

kernel-image-un-def-1:4.19.123-alt0.M80C.1.src.rpm  build 2019-08-05

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.64 (Fixes: CVE-2019-10207, CVE-2019-11478, CVE-2019-13648, CVE-2019-3900)

php7-7.2.29-alt1.src.rpm  build 2019-08-03

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.2.21 (Fixes: CVE-2019-11042, CVE-2019-11041)

kernel-image-srv-restricted-1:4.9.190-alt0.M80C.1.src.rpm  build 2019-07-21

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.186 (Fixes: CVE-2019-3846)

kernel-image-std-4.9-1:4.9.216-alt0.M80C.1.src.rpm  build 2019-07-21

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.186 (Fixes: CVE-2019-3846)

kernel-image-std-4.9-1:4.9.223-alt0.M80C.1.src.rpm  build 2019-07-21

Group: System/Kernel and hardware
Summary: Restricted version of the Linux kernel
Changes:

- v4.9.186 (Fixes: CVE-2019-3846)

firefox-esr-68.7.0-alt0.M80C.1.src.rpm  build 2019-07-19

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.1).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

firefox-esr-68.8.0-alt0.M80C.1.src.rpm  build 2019-07-19

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.1).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

firefox-esr-68.9.0-alt0.M80C.1.src.rpm  build 2019-07-19

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (68.0.1).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

samba-DC-4.9.17-alt1.src.rpm  build 2019-07-16

Group: System/Servers
Summary: Samba Active Directory Domain Controller
Changes:

- Update to latest summer release of samba-4.9 backported to p8
- Security fixes:
+ CVE-2019-12435 Samba AD DC Denial of Service in DNS management server (dnsserver)
+ CVE-2018-16860 Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
+ CVE-2018-16852 NULL pointer de-reference in Samba AD DC DNS servers
+ CVE-2018-16857 Bad password count in AD DC not always effective

kernel-image-un-def-1:4.19.109-alt0.M80C.1.src.rpm  build 2019-07-16

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.59 (Fixes: CVE-2019-3846)

kernel-image-un-def-1:4.19.123-alt0.M80C.1.src.rpm  build 2019-07-16

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v4.19.59 (Fixes: CVE-2019-3846)

squid-3.5.28-alt1.src.rpm  build 2019-07-15

Group: System/Servers
Summary: The Squid proxy caching server
Changes:

- Updated to 3.5.28.
- Fixes:
+ CVE-2018-1000024 Crash processing SSL-Bumped traffic containing ESI
+ CVE-2018-1000027 Crash handling responses to internally generated requests
+ CVE-2018-1172 Crash in ESI Response processing
+ CVE-2018-19132 Fix memory leak when parsing SNMP packet
+ CVE-2019-12525 Fix Digest auth parameter parsing
+ CVE-2019-12529 Replace uudecode with libnettle base64 decoder
+ CVE-2019-13345 Multiple XSS issues in cachemgr.cgi

thunderbird-68.7.0-alt1.M80C.1.src.rpm  build 2019-07-10

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
- Enigmail 2.0.12.

thunderbird-68.8.0-alt1.M80C.1.src.rpm  build 2019-07-10

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8
- Enigmail 2.0.12.

firefox-esr-68.7.0-alt0.M80C.1.src.rpm  build 2019-07-09

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

firefox-esr-68.8.0-alt0.M80C.1.src.rpm  build 2019-07-09

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

firefox-esr-68.9.0-alt0.M80C.1.src.rpm  build 2019-07-09

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New ESR version (60.8.0).
- Fixed:
+ CVE-2019-9811 Sandbox escape via installation of malicious language pack
+ CVE-2019-11711 Script injection within domain through inner window reuse
+ CVE-2019-11712 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
+ CVE-2019-11713 Use-after-free with HTTP/2 cached stream
+ CVE-2019-11729 Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ CVE-2019-11715 HTML parsing error can contribute to content XSS
+ CVE-2019-11717 Caret character improperly escaped in origins
+ CVE-2019-11719 Out-of-bounds read when importing curve25519 private key
+ CVE-2019-11730 Same-origin policy treats all files in a directory as having the same-origin
+ CVE-2019-11709 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

samba-4.9.17-alt1.src.rpm  build 2019-06-26

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to summer security release of samba-4.9 backported to p8
- Security fixes:
+ CVE-2019-12435 Samba AD DC Denial of Service in DNS management server (dnsserver)
+ CVE-2018-16860 Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
+ CVE-2018-16852 NULL pointer de-reference in Samba AD DC DNS servers
+ CVE-2018-16857 Bad password count in AD DC not always effective

  « First         1         3         5     6     7            Last »  

 
Branches:
hide window
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.