Security
Jan 26, 2022, 05:55 PM
polkit
Version: 0.116-alt2.M90P.4
Summary: PolicyKit Authorization Framework
Changelog:
- (Fixes: CVE-2021-4034)
Dec 15, 2021, 11:35 PM
log4j
Version: 2.9.1-alt2.c9.1_4jpp8
Summary: Java logging package
Changelog:
- security fix CVE-2021-44228 and CVE-2021-45046
Nov 10, 2021, 01:05 PM
postgresql11
Version: 11.14-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.14 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:52 PM
postgresql10
Version: 10.19-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 10.19 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:41 PM
postgresql9.6
Version: 9.6.24-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.6.24 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:12 PM
postgresql12-1C
Version: 12.7-alt0.M90P.3
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Fixes CVE-2021-23214, CVE-2021-23222
Nov 10, 2021, 11:55 AM
postgresql12
Version: 12.9-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.9 (Fixes CVE-2021-23214, CVE-2021-23222)
Oct 23, 2021, 08:43 AM
java-1.8.0-openjdk
Version: 1.8.0.312.b07-alt1_1jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Security fixes: + CVE-2021-35588 InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 + CVE-2021-35550 Update the default enabled cipher suites preference + CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close + CVE-2021-35556 Richer Text Editors + CVE-2021-35559 Enhanced style for RTF kit + CVE-2021-35561 Better hashing support + CVE-2021-35564 Improve Keystore integrity + CVE-2021-35567 More Constrained Delegation + CVE-2021-35578 Improve TLS client handshaking + CVE-2021-35586 Better BMP support + CVE-2021-35603 Better session identification
Oct 21, 2021, 04:06 PM
freerdp
Version: 2.4.1-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version. - Security fixes: + CVE-2021-41159 Improper client input validation for gateway connections allows to overwrite memory + CVE-2021-41160 Improper region checks in all clients allow out of bound write to memory
Aug 24, 2021, 05:24 PM
openssl1.1
Version: 1.1.1l-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1l (fixes CVE-2021-3711, CVE-2021-3712).
Aug 12, 2021, 01:39 PM
dovecot
Version: 2.3.16-alt1
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Updated to 2.3.16 (fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157). - Package watch file.
Jul 24, 2021, 03:36 PM
pacemaker
Version: 2.1.0-alt1
Summary: Scalable High-Availability cluster resource manager
Changelog:
- New version. - Security fix CVE-2020-25654 in 2.0.5.
Jul 16, 2021, 02:43 PM
zabbix
Version: 5.0.12-alt0.p9.2
Summary: A network monitor
Changelog:
- Updated the changelog to reflect CVE fix (Fixes: CVE-2013-1364).
Jun 17, 2021, 12:48 PM
nginx
Version: 1.20.1-alt1
Summary: Fast HTTP server
Changelog:
- 1.20.1 (Fixes: CVE-2021-23017) - updated rtmp module to 1.2.2 - updated spnego snapshot to a06f9efc
May 27, 2021, 11:42 AM
curl
Version: 7.77.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.77.0 - Fixes: * CVE-2021-22897 schannel cipher selection surprise * CVE-2021-22898 TELNET stack contents disclosure * CVE-2021-22901 TLS session caching disaster
Apr 29, 2021, 05:55 PM
bind
Version: 9.11.31-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.11.28 -> 9.11.31 (fixes: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216).
Apr 9, 2021, 01:11 PM
dnsmasq
Version: 2.85-alt1
Summary: A lightweight caching nameserver
Changelog:
- Dropped obsoleted patch. - Updated to 2.83 (fixes: CVE-2021-3448).
Mar 24, 2021, 08:34 PM
samba
Version: 4.12.14-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to latest security release of the Samba 4.12 - Security fixes: + CVE-2020-27840: Heap corruption via crafted DN strings + CVE-2021-20277: Out of bounds read in AD DC LDAP server
Mar 18, 2021, 12:29 PM
python-module-yaml
Version: 5.4.1-alt0.c9
Summary: PyYAML, a YAML parser and emitter for Python
Changelog:
- Backport version 5.4.x to c9 branch (fixes CVE-2020-1747).
Mar 1, 2021, 01:53 PM
wpa_supplicant
Version: 2.9-alt4
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changelog:
- P2P: Fix a corner case in peer addition based on PD Request (Fixes: CVE-2021-27803)
Feb 27, 2021, 12:46 PM
ipmitool
Version: 1.8.18-alt4
Summary: ipmitool - Utility for IPMI control
Changelog:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208) see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp - added upstream fix FTBFS with gcc-10
Feb 24, 2021, 03:22 PM
xterm
Version: 366-alt1
Summary: A standard terminal emulator for the X Window System
Changelog:
- Autobuild version bump to 366 - CVE-2021-27135 (Closes: #39725)
Feb 14, 2021, 09:22 PM
subversion
Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version. - Fixes: + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Jan 27, 2021, 09:04 PM
sudo
Version: 1.9.5p2-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615) - Added sudo-python package with Sudo Python Plugin API - Added sudo-logsrvd package with High-performance log server
Jan 27, 2021, 04:30 PM
nagios
Version: 3.0.6-alt15
Summary: Services and network monitoring system
Changelog:
- Fixes: + CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file. - Don't install the PID file.
Jan 22, 2021, 06:18 AM
containerd
Jan 21, 2021, 09:31 AM
x11vnc
Version: 0.9.16-alt2
Summary: VNC server for real X displays
Changelog:
- Applied security fix from upstream (Fixes: CVE-2020-29074).
Jan 20, 2021, 03:59 PM
golang
Version: 1.14.14-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.14.14). - Fixes: + CVE-2021-3114 + CVE-2021-3115
Jan 20, 2021, 02:38 PM
screen
Version: 4.6.2-alt3.p9.1
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Backported upstream commits (fixes CVE-2020-9366).
Dec 24, 2020, 07:48 PM
qemu
Dec 9, 2020, 12:25 AM
openssl10
Version: 1.0.2u-alt1.p9.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.0.2u (fixes CVE-2019-1547, CVE-2019-1551, CVE-2019-1552, CVE-2019-1563) - Backported upstream fix for GENERAL_NAME_cmp (fixes CVE-2020-1971).
Nov 20, 2020, 04:54 AM
python
Version: 2.7.18-alt0.M90P.2
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Fixed CVE-2019-20907 and CVE-2020-26116.
Nov 18, 2020, 05:53 AM
perl
Version: 5.28.3-alt1
Summary: Practical Extraction and Report Language
Changelog:
- p9 build - 5.28.3 - fixes CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
Nov 17, 2020, 10:49 PM
tigervnc
Nov 17, 2020, 09:24 AM
libXtst
Version: 1.2.3-alt1
Summary: The Xtst Library
Changelog:
- 1.2.3 - securuty fixes: CVE-2016-7951, CVE-2016-7952
Nov 17, 2020, 09:15 AM
libXrender
Version: 0.9.10-alt1
Summary: X Render Library
Changelog:
- 0.9.10 - securuty fixes: CVE-2016-7949, CVE-2016-7950
Nov 17, 2020, 03:47 AM
openvpn
Version: 2.4.9-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version - Security fixes: + CVE-2020-11810: race condition allowes one client kills other client session via false client floating (Closes: 39122)
Nov 16, 2020, 03:42 PM
bluez
Version: 5.55-alt1
Summary: Bluetooth utilities
Changelog:
- 5.55; - securuty fixes: + CVE-2020-27153 (closes #39291)
Nov 16, 2020, 11:02 AM
libxslt
Version: 1.1.34-alt1.p9.1
Summary: Library providing XSLT support
Changelog:
- Backported to p9 (fixes CVE-2019-11068, CVE-2019-13117 and CVE-2019-13118).
Nov 16, 2020, 11:00 AM
glibc
Version: 2.27-alt13
Summary: The GNU libc libraries
Changelog:
- Updated to glibc-2.27-155-gdaf88b1dd1 from 2.27 branch (fixes: CVE-2020-1752, CVE-2020-6096).
Nov 13, 2020, 01:07 AM
unzip
Version: 6.0-alt4
Summary: An utility for unpacking zip archives
Changelog:
- Build with bzip2 compression method support - Massive apply security patches from Fedora and openSUSE - Fixes: + CVE-2014-8139 CRC32 verification heap-based buffer overread + CVE-2014-8140 out-of-bounds write issue in test_compr_eb() + CVE-2014-8141 getZip64Data() out-of-bounds read issues + CVE-2014-9913 buffer overflow in zipinfo + CVE-2014-9636 out-of-bounds read or write and crash + CVE-2015-7696 fix for heap overflow + CVE-2015-7697 fix infinite loop when extracting empty bzip2 data + CVE-2016-9844 buffer overflow in zipinfo in similar way like fix for CVE-2014-9913 + CVE-2018-1000035 heap based buffer overflow when opening password protected files + CVE-2018-18384 buffer overflow, when a ZIP archive specially crafted
Nov 12, 2020, 08:55 PM
mariadb
Version: 10.4.17-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- 10.4.17 - backport fix for MDEV-24096, MDEV-24121, MDEV-24134 - Fixes for the following security vulnerabilities: + CVE-2020-14812 + CVE-2020-14765 + CVE-2020-14776 + CVE-2020-14789 + CVE-2020-15180
Nov 10, 2020, 06:40 PM
libass
Version: 0.15.0-alt1
Summary: Portable library for SSA/ASS subtitles rendering
Changelog:
- Updated to upstream version 0.15.0 (Fixes: CVE-2020-26682).
Nov 4, 2020, 05:40 AM
glib-networking
Version: 2.60.3-alt1.p9.1
Summary: Networking support for GIO
Changelog:
- Fixed CVE-2020-13645. - Fixed possible NULL dereference.
Oct 29, 2020, 02:32 PM
libfreetype
Version: 2.10.1-alt1.1.p9.1
Summary: A free and portable font rendering engine
Changelog:
- Fixed CVE-2020-15999.
Oct 24, 2020, 02:49 AM
squid
Version: 4.13-alt1
Summary: The Squid proxy caching server
Changelog:
- 4.13 (Fixes: CVE-2020-15811, CVE-2020-15810, CVE-2020-24606)
Oct 10, 2020, 03:37 PM
pve-qemu
Oct 3, 2020, 02:12 AM
systemd
Version: 243.9-alt1
Summary: System and Session Manager
Changelog:
- 243.9 (Fixes: CVE-2020-13776) - kernelinstalldir path /usr/lib/kernel/install.d -> /lib/kernel/install.d - install kernel-install script to /sbin - move systemd-boot and bootctl utils to systemd-boot-efi package
Oct 2, 2020, 12:41 PM
libssh2
Version: 1.9.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2019-17498).
Oct 1, 2020, 01:00 PM
ghostscript
Version: 9.27-alt1.M90P.1
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817, CVE-2019-14869).
Sep 17, 2020, 09:18 AM
xorg-server
Version: 1.20.8-alt4
Summary: Xserver - X Window System display server
Changelog:
- fixes: CVE-2020-14346, CVE-2020-14361, CVE-2020-1436
Sep 17, 2020, 09:15 AM
libX11
Sep 9, 2020, 06:44 PM
gnutls30
Version: 3.6.15-alt1
Summary: A TLS protocol implementation
Changelog:
- Updated Url tag. - Updated to 3.6.15 (fixes: CVE-2020-24659).
Aug 28, 2020, 03:05 PM
chrony
Version: 3.5.1-alt1
Summary: Chrony clock synchronization program
Changelog:
- 3.5.1 (fixes: CVE-2020-14367)
Aug 26, 2020, 11:12 AM
libvncserver
Version: 0.9.13-alt1
Summary: An easy API to write one's own VNC server
Changelog:
- new version - security (fixes: CVE-2018-21247, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405)
Aug 21, 2020, 11:24 AM
libexif
Version: 0.6.22-alt2
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changelog:
- added upstream commits: + fixed another unsigned integer overflow (fixes CVE-2020-0198) + use correct integer type on PowerPC/RISC-based systems
Aug 19, 2020, 11:57 AM
firejail
Version: 0.9.62.4-alt1
Summary: Linux namespaces sandbox program
Changelog:
- Updated to upstream version 0.9.62.4 (Fixes: CVE-2020-17367, CVE-2020-17368).
Aug 12, 2020, 04:46 PM
kde5-ark
Aug 12, 2020, 07:16 AM
postgresql11-1C
Version: 11.9-alt1
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- 11.9 (Fixes CVE-2020-14349, CVE-2020-14350)
Aug 12, 2020, 05:50 AM
postgresql9.5
Version: 9.5.23-alt1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.5.23 (Fixes CVE-2020-14350)
Aug 10, 2020, 10:46 PM
roundcube
Version: 1.4.8-alt1
Summary: Browser-based multilingual IMAP client with an application-like user interface
Changelog:
- new version 1.4.8 (with rpmrb script) - CVE-2020-16145
Aug 7, 2020, 08:06 PM
libslirp
Version: 4.3.1-alt1
Summary: A general purpose TCP-IP emulator
Changelog:
- new version 4.3.1 (Fixes: CVE-2020-10756)
Aug 3, 2020, 11:49 PM
dotnet-bootstrap
Version: 3.1.6-alt1
Summary: .NET Core SDK binaries
Changelog:
- new version 3.1.6 (with rpmrb script) (ALT bug 38744) - .NET Core 3.1.6 - July 14, 2020 - CVE-2020-1108: .NET Core Denial of Service Vulnerability - CVE-2020-1147: NET Core Remote Code Execution Vulnerability
Jul 28, 2020, 12:26 PM
clamav
Version: 0.102.4-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.102.4 + CVE-2020-3350 + CVE-2020-3327 + CVE-2020-3481
Jul 21, 2020, 10:00 AM
ffmpeg
Version: 4.2.4-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.2.4 (Fixes: CVE-2020-13904, CVE-2020-13904)
Jul 9, 2020, 09:18 PM
tor
Version: 0.4.3.6-alt1
Summary: Anonymizing overlay network for TCP (The onion router)
Changelog:
- new version (fixes CVE-2020-15572)
Jul 4, 2020, 06:19 PM
json-c
Version: 0.13.1-alt2
Summary: JSON implementation in C
Changelog:
- Update to json-c-0.13 branch (ee9f67c81a3c2a44557f0cc16dc136c140293252) - Fixes: CVE-2020-12762
Jun 26, 2020, 11:13 AM
vlc
Version: 3.0.11-alt1
Summary: VLC media player
Changelog:
- 3.0.11 - fixes: * CVE-2020-13428 - a remote user could create a specifically crafted file that could trigger a buffer overflow in VLC's H26X packetizer
Jun 25, 2020, 10:04 AM
libjpeg8
Version: 2.0.5-alt1
Summary: The MMX/SSE accelerated JPEG compression/decompression library
Changelog:
- New version (2.0.5) with rpmgs script. - Updated license tag. - Fixes: + CVE-2020-13790.
Jun 20, 2020, 11:33 AM
libnghttp2
Version: 1.41.0-alt1
Summary: HTTP/2.0 C Library
Changelog:
- 1.40.1 (Closes: #38626) - Security fix: CVE-2020-11080
Jun 14, 2020, 04:05 PM
adns
Version: 1.5.2-alt1
Summary: GNU adns, an asynchronous DNS resolver
Changelog:
- 1.5.2 (Fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109, CVE-2017-9106, CVE-2017-9107, CVE-2017-9108)
May 31, 2020, 09:50 AM
ansible
Version: 2.8.12-alt1
Summary: SSH-based configuration management, deployment, and task execution system
Changelog:
- 2.8.12 - Fixes: + CVE-2020-1733 + CVE-2020-1735 + CVE-2020-1737 + CVE-2020-1739 + CVE-2020-1740 + CVE-2020-1746
May 16, 2020, 07:53 AM
edk2-tools
Version: 20200229-alt1
Summary: EFI Development Kit II Tools
Changelog:
- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)
May 16, 2020, 07:50 AM
edk2
Version: 20200229-alt1
Summary: EFI Development Kit II
Changelog:
- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)
May 12, 2020, 12:32 PM
oddjob
Version: 0.34.6-alt1
Summary: A D-Bus service which runs odd jobs on behalf of client applications
Changelog:
- 0.34.4 -> 0.34.6 (fixes: CVE-2020-10737).
May 12, 2020, 11:38 AM
kde5-kio-extras
Version: 19.12.3-alt2
Summary: KDE Workspace 5 additional kio-slaves
Changelog:
- don't store unasked fish:/ passwords (Fixes: CVE-2020-12755)
Apr 29, 2020, 07:11 PM
coturn
Version: 4.5.1.1-alt2
Summary: Coturn TURN Server
Changelog:
- Applied upstream fixes for CVE-2020-6062/TALOS-2020-0985. - Applied upstream fixes for CVE-2020-6061/TALOS-2020-0984.
Apr 27, 2020, 07:07 AM
opensc
Version: 0.20.0-alt1
Summary: OpenSC library - for accessing SmartCard devices using PC/SC Lite
Changelog:
- New version. - Fixes: + CVE-2019-6502 (#1586) + CVE-2019-15946 (a3fc769) + CVE-2019-15945 (412a614) + CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7) + CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278) + CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2) - Fix License tag according to SPDX.
Apr 20, 2020, 09:39 PM
git
Version: 2.25.4-alt1
Summary: Git core and tools
Changelog:
- 2.25.3 -> 2.25.4 (fixes: CVE-2020-11008).
Apr 17, 2020, 06:50 PM
python-module-psutil
Version: 5.7.0-alt1
Summary: A process utilities module for Python
Changelog:
- new version 5.7.0 (with rpmrb script) (ALT bug 38347) - CVE-2019-18874
Mar 10, 2020, 09:33 PM
ppp
Feb 5, 2020, 10:42 PM
kernel-image-std-debug
Version: 4.19.102-alt1
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- v4.19.102 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
Jan 13, 2020, 09:45 PM
atril-gtk
Version: 1.22.3-alt2
Summary: Document viewer
Changelog:
- Patch from upstream: tiff: Handle failure from TIFFReadRGBAImageOriented (fixes: CVE-2019-11459). - dvi: Require texlive. - Update Russian translation (thx Olesya Gerasimenko).
Jan 3, 2020, 01:02 AM
spamassassin
Version: 3.4.3-alt1
Summary: Spam filter for email written in perl
Changelog:
- 3.4.3 (fixes: CVE-2018-11805, CVE-2019-12420) - updated %License to SPDX syntax
Dec 11, 2019, 12:21 PM
libssh
Version: 0.9.3-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version - security (Fixes: CVE-2019-14889)
Dec 2, 2019, 12:28 PM
oniguruma
Version: 6.9.4-alt1
Summary: Regular expressions library
Changelog:
- 6.9.4 - fixes: * CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range() * CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len() * CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()
Nov 5, 2019, 05:27 PM
squashfs-tools
Sep 23, 2019, 04:56 PM
libadplug
Version: 2.2.1-alt3
Summary: AdLib sound player library
Changelog:
- added fedora patches: + inline (fixes e2k ftbfs) + cve-2018-17825 (fixes: CVE-2018-17825) + (signed-char unneeded, worked around in previous build) - NB: there's 2.3.1 release over at guthub
Sep 20, 2019, 06:44 AM
poco
Version: 1.9.4-alt1
Summary: POrtable COmponents C++ Libraries
Changelog:
- 1.9.4 (Fixes CVE-2019-15903)
Sep 3, 2019, 05:54 PM
shadow
Version: 4.5-alt5
Summary: Utilities for managing shadow password files and user/group accounts
Changelog:
- Backported patch from shadow-4.6: + newgidmap: enforce setgroups=deny if self-mapping a group (fixes CVE-2018-7169). - Don't use deprecated PreReq.
Aug 8, 2019, 01:41 PM
kde4libs
Version: 4.14.38-alt5
Summary: K Desktop Environment 4 - Libraries
Changelog:
- security fixes: CVE-2019-14744
Aug 5, 2019, 07:53 PM
python3-module-django2.2
Version: 2.2.4-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- 2.2.4 - Fixes for the following security vulnerabilities: + CVE-2019-14232 Adjusted regex to avoid backtracking issues when truncating HTML + CVE-2019-14233 Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities + CVE-2019-14234 Protected JSONField/HStoreField key and index lookups against SQL injection + CVE-2019-14235 Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri()
Aug 5, 2019, 07:50 PM
python-module-django
Version: 1.11.23-alt1
Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- 1.11.23 - Fixes for the following security vulnerabilities: + CVE-2019-14232 Adjusted regex to avoid backtracking issues when truncating HTML + CVE-2019-14233 Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities + CVE-2019-14234 Protected JSONField/HStoreField key and index lookups against SQL injection + CVE-2019-14235 Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri()
Aug 4, 2019, 10:36 PM
gvfs
Version: 1.40.2-alt1
Summary: The GNOME virtual filesystem libraries
Changelog:
- updated to 1.40.2-2-g4fd68eb2 (fixed CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12795)
Jul 6, 2019, 03:26 PM
kernel-image-tegra
Version: 4.9.140-alt2
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
Jun 4, 2019, 06:07 AM
SPICE
Version: 0.14.2-alt1
Summary: Implements the SPICE protocol
Changelog:
- 0.14.2 (fixes: CVE-2019-3813) - build with gstreamer support
Apr 10, 2019, 02:02 AM
libtiff
Version: 4.0.10.0.57.f9fc01c3-alt1
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677). - Applied SUSE patches: + tiff-4.0.3-seek.patch; + tiff-4.0.3-compress-warning.patch; + tiff-CVE-2018-12900.patch. - Built with support of: + libjbig; + libwebp; + libzstd. - Fixes: + CVE-2012-4564 Zero size buffer exploit in ppm2tiff; + CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip(); + CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image(); + CVE-2013-4243 Heap-based buffer overflow in the readgifimage(); + CVE-2013-4244 DoS or possible RCE via crafted GIF image; + CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool; + CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf; + CVE-2014-8130 Divide-by-zero error in _TIFFmalloc(); + CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif; + CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak); + CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().
Apr 6, 2019, 03:56 AM
nettle
Version: 3.4.1-alt1
Summary: A low-level cryptographic library
Changelog:
- Updated to 3.4.1 (fixes: CVE-2018-16869).
Apr 3, 2019, 12:26 PM
libopenjpeg2.0
Version: 2.3.1-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.3.1 (fixed CVE-2017-14041, CVE-2018-6616, CVE-2018-5785, CVE-2018-14423)
Apr 2, 2019, 07:39 PM