Security
Jan 26, 2022, 05:55 PM
polkit
Version: 0.116-alt2.M90P.4
Summary: PolicyKit Authorization Framework
Changelog:
- (Fixes: CVE-2021-4034)
Dec 15, 2021, 11:35 PM
log4j
Version: 2.9.1-alt2.c9.1_4jpp8
Summary: Java logging package
Changelog:
- security fix CVE-2021-44228 and CVE-2021-45046
Nov 10, 2021, 01:05 PM
postgresql11
Version: 11.14-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.14 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:52 PM
postgresql10
Version: 10.19-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 10.19 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:41 PM
postgresql9.6
Version: 9.6.24-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 9.6.24 (Fixes CVE-2021-23214, CVE-2021-23222)
Nov 10, 2021, 12:12 PM
postgresql12-1C
Version: 12.7-alt0.M90P.3
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Fixes CVE-2021-23214, CVE-2021-23222
Nov 10, 2021, 11:55 AM
postgresql12
Version: 12.9-alt0.M90P.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.9 (Fixes CVE-2021-23214, CVE-2021-23222)
Oct 23, 2021, 08:43 AM
java-1.8.0-openjdk
Version: 1.8.0.312.b07-alt1_1jpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Security fixes: + CVE-2021-35588 InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 + CVE-2021-35550 Update the default enabled cipher suites preference + CVE-2021-35565 com.sun.net.HttpsServer spins on TLS session close + CVE-2021-35556 Richer Text Editors + CVE-2021-35559 Enhanced style for RTF kit + CVE-2021-35561 Better hashing support + CVE-2021-35564 Improve Keystore integrity + CVE-2021-35567 More Constrained Delegation + CVE-2021-35578 Improve TLS client handshaking + CVE-2021-35586 Better BMP support + CVE-2021-35603 Better session identification
Oct 21, 2021, 04:06 PM
freerdp
Version: 2.4.1-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version. - Security fixes: + CVE-2021-41159 Improper client input validation for gateway connections allows to overwrite memory + CVE-2021-41160 Improper region checks in all clients allow out of bound write to memory
Aug 24, 2021, 05:24 PM
openssl1.1
Version: 1.1.1l-alt1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.1.1l (fixes CVE-2021-3711, CVE-2021-3712).
Aug 12, 2021, 01:39 PM
dovecot
Version: 2.3.16-alt1
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Updated to 2.3.16 (fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157). - Package watch file.
Jul 24, 2021, 03:36 PM
pacemaker
Version: 2.1.0-alt1
Summary: Scalable High-Availability cluster resource manager
Changelog:
- New version. - Security fix CVE-2020-25654 in 2.0.5.
Jul 16, 2021, 02:43 PM
zabbix
Version: 5.0.12-alt0.p9.2
Summary: A network monitor
Changelog:
- Updated the changelog to reflect CVE fix (Fixes: CVE-2013-1364).
Jun 17, 2021, 12:48 PM
nginx
Version: 1.20.1-alt1
Summary: Fast HTTP server
Changelog:
- 1.20.1 (Fixes: CVE-2021-23017) - updated rtmp module to 1.2.2 - updated spnego snapshot to a06f9efc
May 27, 2021, 11:42 AM
curl
Version: 7.77.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.77.0 - Fixes: * CVE-2021-22897 schannel cipher selection surprise * CVE-2021-22898 TELNET stack contents disclosure * CVE-2021-22901 TLS session caching disaster
Apr 29, 2021, 05:55 PM
bind
Version: 9.11.31-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.11.28 -> 9.11.31 (fixes: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216).
Apr 9, 2021, 01:11 PM
dnsmasq
Version: 2.85-alt1
Summary: A lightweight caching nameserver
Changelog:
- Dropped obsoleted patch. - Updated to 2.83 (fixes: CVE-2021-3448).
Mar 24, 2021, 08:34 PM
samba
Version: 4.12.14-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to latest security release of the Samba 4.12 - Security fixes: + CVE-2020-27840: Heap corruption via crafted DN strings + CVE-2021-20277: Out of bounds read in AD DC LDAP server
Mar 18, 2021, 12:29 PM
python-module-yaml
Version: 5.4.1-alt0.c9
Summary: PyYAML, a YAML parser and emitter for Python
Changelog:
- Backport version 5.4.x to c9 branch (fixes CVE-2020-1747).
Mar 1, 2021, 01:53 PM
wpa_supplicant
Version: 2.9-alt4
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changelog:
- P2P: Fix a corner case in peer addition based on PD Request (Fixes: CVE-2021-27803)
Feb 27, 2021, 12:46 PM
ipmitool
Version: 1.8.18-alt4
Summary: ipmitool - Utility for IPMI control
Changelog:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208) see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp - added upstream fix FTBFS with gcc-10
Feb 24, 2021, 03:22 PM
xterm
Version: 366-alt1
Summary: A standard terminal emulator for the X Window System
Changelog:
- Autobuild version bump to 366 - CVE-2021-27135 (Closes: #39725)
Feb 14, 2021, 09:22 PM
subversion
Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version. - Fixes: + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Jan 27, 2021, 09:04 PM
sudo
Version: 1.9.5p2-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615) - Added sudo-python package with Sudo Python Plugin API - Added sudo-logsrvd package with High-performance log server
Jan 27, 2021, 04:30 PM
nagios
Version: 3.0.6-alt15
Summary: Services and network monitoring system
Changelog:
- Fixes: + CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file. - Don't install the PID file.
Jan 22, 2021, 06:18 AM
containerd
Jan 21, 2021, 09:31 AM
x11vnc
Version: 0.9.16-alt2
Summary: VNC server for real X displays
Changelog:
- Applied security fix from upstream (Fixes: CVE-2020-29074).
Jan 20, 2021, 03:59 PM
golang
Version: 1.14.14-alt1
Summary: The Go Programming Language
Changelog:
- New version (1.14.14). - Fixes: + CVE-2021-3114 + CVE-2021-3115
Jan 20, 2021, 02:38 PM
screen
Version: 4.6.2-alt3.p9.1
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Backported upstream commits (fixes CVE-2020-9366).
Dec 24, 2020, 07:48 PM
qemu
Dec 9, 2020, 12:25 AM
openssl10
Version: 1.0.2u-alt1.p9.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to 1.0.2u (fixes CVE-2019-1547, CVE-2019-1551, CVE-2019-1552, CVE-2019-1563) - Backported upstream fix for GENERAL_NAME_cmp (fixes CVE-2020-1971).
Nov 20, 2020, 04:54 AM
python
Version: 2.7.18-alt0.M90P.2
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Fixed CVE-2019-20907 and CVE-2020-26116.
Nov 18, 2020, 05:53 AM
perl
Version: 5.28.3-alt1
Summary: Practical Extraction and Report Language
Changelog:
- p9 build - 5.28.3 - fixes CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
Nov 17, 2020, 10:49 PM
tigervnc
Nov 17, 2020, 09:24 AM
libXtst
Version: 1.2.3-alt1
Summary: The Xtst Library
Changelog:
- 1.2.3 - securuty fixes: CVE-2016-7951, CVE-2016-7952
Nov 17, 2020, 09:15 AM
libXrender
Version: 0.9.10-alt1
Summary: X Render Library
Changelog:
- 0.9.10 - securuty fixes: CVE-2016-7949, CVE-2016-7950
Nov 17, 2020, 03:47 AM
openvpn
Version: 2.4.9-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version - Security fixes: + CVE-2020-11810: race condition allowes one client kills other client session via false client floating (Closes: 39122)
Nov 16, 2020, 03:42 PM
bluez
Version: 5.55-alt1
Summary: Bluetooth utilities
Changelog:
- 5.55; - securuty fixes: + CVE-2020-27153 (closes #39291)
Nov 16, 2020, 11:02 AM
libxslt
Version: 1.1.34-alt1.p9.1
Summary: Library providing XSLT support
Changelog:
- Backported to p9 (fixes CVE-2019-11068, CVE-2019-13117 and CVE-2019-13118).
Nov 16, 2020, 11:00 AM
glibc
Version: 2.27-alt13
Summary: The GNU libc libraries
Changelog:
- Updated to glibc-2.27-155-gdaf88b1dd1 from 2.27 branch (fixes: CVE-2020-1752, CVE-2020-6096).
Nov 13, 2020, 01:07 AM
unzip
Version: 6.0-alt4
Summary: An utility for unpacking zip archives
Changelog:
- Build with bzip2 compression method support - Massive apply security patches from Fedora and openSUSE - Fixes: + CVE-2014-8139 CRC32 verification heap-based buffer overread + CVE-2014-8140 out-of-bounds write issue in test_compr_eb() + CVE-2014-8141 getZip64Data() out-of-bounds read issues + CVE-2014-9913 buffer overflow in zipinfo + CVE-2014-9636 out-of-bounds read or write and crash + CVE-2015-7696 fix for heap overflow + CVE-2015-7697 fix infinite loop when extracting empty bzip2 data + CVE-2016-9844 buffer overflow in zipinfo in similar way like fix for CVE-2014-9913 + CVE-2018-1000035 heap based buffer overflow when opening password protected files + CVE-2018-18384 buffer overflow, when a ZIP archive specially crafted
Nov 12, 2020, 08:55 PM
mariadb
Version: 10.4.17-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- 10.4.17 - backport fix for MDEV-24096, MDEV-24121, MDEV-24134 - Fixes for the following security vulnerabilities: + CVE-2020-14812 + CVE-2020-14765 + CVE-2020-14776 + CVE-2020-14789 + CVE-2020-15180
Nov 10, 2020, 06:40 PM
libass
Version: 0.15.0-alt1
Summary: Portable library for SSA/ASS subtitles rendering
Changelog:
- Updated to upstream version 0.15.0 (Fixes: CVE-2020-26682).
Nov 4, 2020, 05:40 AM
glib-networking
Version: 2.60.3-alt1.p9.1
Summary: Networking support for GIO
Changelog:
- Fixed CVE-2020-13645. - Fixed possible NULL dereference.
Oct 29, 2020, 02:32 PM
libfreetype
Version: 2.10.1-alt1.1.p9.1
Summary: A free and portable font rendering engine
Changelog:
- Fixed CVE-2020-15999.
Oct 24, 2020, 02:49 AM
squid
Version: 4.13-alt1
Summary: The Squid proxy caching server
Changelog:
- 4.13 (Fixes: CVE-2020-15811, CVE-2020-15810, CVE-2020-24606)
Oct 10, 2020, 03:37 PM
pve-qemu
Oct 3, 2020, 02:12 AM
systemd
Version: 243.9-alt1
Summary: System and Session Manager
Changelog:
- 243.9 (Fixes: CVE-2020-13776) - kernelinstalldir path /usr/lib/kernel/install.d -> /lib/kernel/install.d - install kernel-install script to /sbin - move systemd-boot and bootctl utils to systemd-boot-efi package
Oct 2, 2020, 12:41 PM
libssh2
Version: 1.9.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2019-17498).
Oct 1, 2020, 01:00 PM
ghostscript
Version: 9.27-alt1.M90P.1
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2019-10216, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817, CVE-2019-14869).
Sep 17, 2020, 09:18 AM
xorg-server
Version: 1.20.8-alt4
Summary: Xserver - X Window System display server
Changelog:
- fixes: CVE-2020-14346, CVE-2020-14361" data-toggle="tooltip" data-tooltip="" target="_blank">CVE-2020-14361, CVE-2020-1436Sep 17, 2020, 09:15 AMlibX11
Sep 9, 2020, 06:44 PMgnutls30
Version: 3.6.15-alt1Summary: A TLS protocol implementationChangelog:- Updated Url tag. - Updated to 3.6.15 (fixes: CVE-2020-24659).Aug 28, 2020, 03:05 PMchrony
Version: 3.5.1-alt1Summary: Chrony clock synchronization programChangelog:- 3.5.1 (fixes: CVE-2020-14367)Aug 26, 2020, 11:12 AMlibvncserver
Version: 0.9.13-alt1Summary: An easy API to write one's own VNC serverChangelog:- new version - security (fixes: CVE-2018-21247, CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405)Aug 21, 2020, 11:24 AMlibexif
Version: 0.6.22-alt2Summary: libexif is a library for parsing, editing, and saving EXIF dataChangelog:- added upstream commits: + fixed another unsigned integer overflow (fixes CVE-2020-0198) + use correct integer type on PowerPC/RISC-based systemsAug 19, 2020, 11:57 AMfirejail
Version: 0.9.62.4-alt1Summary: Linux namespaces sandbox programChangelog:- Updated to upstream version 0.9.62.4 (Fixes: CVE-2020-17367, CVE-2020-17368).Aug 12, 2020, 04:46 PMkde5-ark
Aug 12, 2020, 07:16 AMpostgresql11-1C
Version: 11.9-alt1Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)Changelog:- 11.9 (Fixes CVE-2020-14349, CVE-2020-14350)Aug 12, 2020, 05:50 AMpostgresql9.5
Version: 9.5.23-alt1Summary: PostgreSQL client programs and librariesChangelog:- 9.5.23 (Fixes CVE-2020-14350)Aug 10, 2020, 10:46 PMroundcube
Version: 1.4.8-alt1Summary: Browser-based multilingual IMAP client with an application-like user interfaceChangelog:- new version 1.4.8 (with rpmrb script) - CVE-2020-16145Aug 7, 2020, 08:06 PMlibslirp
Version: 4.3.1-alt1Summary: A general purpose TCP-IP emulatorChangelog:- new version 4.3.1 (Fixes: CVE-2020-10756)Aug 3, 2020, 11:49 PMdotnet-bootstrap
Version: 3.1.6-alt1Summary: .NET Core SDK binariesChangelog:- new version 3.1.6 (with rpmrb script) (ALT bug 38744) - .NET Core 3.1.6 - July 14, 2020 - CVE-2020-1108: .NET Core Denial of Service Vulnerability - CVE-2020-1147: NET Core Remote Code Execution VulnerabilityJul 28, 2020, 12:26 PMclamav
Version: 0.102.4-alt1Summary: Clam Antivirus scannerChangelog:- 0.102.4 + CVE-2020-3350 + CVE-2020-3327 + CVE-2020-3481Jul 21, 2020, 10:00 AMffmpeg
Version: 4.2.4-alt1Summary: A command line toolbox to manipulate, convert and stream multimedia contentChangelog:- 4.2.4 (Fixes: CVE-2020-13904, CVE-2020-13904)Jul 9, 2020, 09:18 PMtor
Version: 0.4.3.6-alt1Summary: Anonymizing overlay network for TCP (The onion router)Changelog:- new version (fixes CVE-2020-15572)Jul 4, 2020, 06:19 PMjson-c
Version: 0.13.1-alt2Summary: JSON implementation in CChangelog:- Update to json-c-0.13 branch (ee9f67c81a3c2a44557f0cc16dc136c140293252) - Fixes: CVE-2020-12762Jun 26, 2020, 11:13 AMvlc
Version: 3.0.11-alt1Summary: VLC media playerChangelog:- 3.0.11 - fixes: * CVE-2020-13428 - a remote user could create a specifically crafted file that could trigger a buffer overflow in VLC's H26X packetizerJun 25, 2020, 10:04 AMlibjpeg8
Version: 2.0.5-alt1Summary: The MMX/SSE accelerated JPEG compression/decompression libraryChangelog:- New version (2.0.5) with rpmgs script. - Updated license tag. - Fixes: + CVE-2020-13790.Jun 20, 2020, 11:33 AMlibnghttp2
Version: 1.41.0-alt1Summary: HTTP/2.0 C LibraryChangelog:- 1.40.1 (Closes: #38626) - Security fix: CVE-2020-11080Jun 14, 2020, 04:05 PMadns
Version: 1.5.2-alt1Summary: GNU adns, an asynchronous DNS resolverChangelog:- 1.5.2 (Fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109, CVE-2017-9106, CVE-2017-9107, CVE-2017-9108)May 31, 2020, 09:50 AMansible
Version: 2.8.12-alt1Summary: SSH-based configuration management, deployment, and task execution systemChangelog:- 2.8.12 - Fixes: + CVE-2020-1733 + CVE-2020-1735 + CVE-2020-1737 + CVE-2020-1739 + CVE-2020-1740 + CVE-2020-1746May 16, 2020, 07:53 AMedk2-tools
Version: 20200229-alt1Summary: EFI Development Kit II ToolsChangelog:- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)May 16, 2020, 07:50 AMedk2
Version: 20200229-alt1Summary: EFI Development Kit IIChangelog:- edk2-stable202002 (Fixes: CVE-2019-14575, CVE-2019-14559, CVE-2019-14587, CVE-2019-14558, CVE-2019-14586, CVE-2019-14563)May 12, 2020, 12:32 PModdjob
Version: 0.34.6-alt1Summary: A D-Bus service which runs odd jobs on behalf of client applicationsChangelog:- 0.34.4 -> 0.34.6 (fixes: CVE-2020-10737).May 12, 2020, 11:38 AMkde5-kio-extras
Version: 19.12.3-alt2Summary: KDE Workspace 5 additional kio-slavesChangelog:- don't store unasked fish:/ passwords (Fixes: CVE-2020-12755)Apr 29, 2020, 07:11 PMcoturn
Version: 4.5.1.1-alt2Summary: Coturn TURN ServerChangelog:- Applied upstream fixes for CVE-2020-6062/TALOS-2020-0985. - Applied upstream fixes for CVE-2020-6061/TALOS-2020-0984.Apr 27, 2020, 07:07 AMopensc
Version: 0.20.0-alt1Summary: OpenSC library - for accessing SmartCard devices using PC/SC LiteChangelog:- New version. - Fixes: + CVE-2019-6502 (#1586) + CVE-2019-15946 (a3fc769) + CVE-2019-15945 (412a614) + CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7) + CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278) + CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2) - Fix License tag according to SPDX.Apr 20, 2020, 09:39 PMgit
Version: 2.25.4-alt1Summary: Git core and toolsChangelog:- 2.25.3 -> 2.25.4 (fixes: CVE-2020-11008).Apr 17, 2020, 06:50 PMpython-module-psutil
Version: 5.7.0-alt1Summary: A process utilities module for PythonChangelog:- new version 5.7.0 (with rpmrb script) (ALT bug 38347) - CVE-2019-18874Mar 10, 2020, 09:33 PMppp
Feb 5, 2020, 10:42 PMkernel-image-std-debug
Version: 4.19.102-alt1Summary: The Linux kernel (the core of the Linux operating system)Changelog:- v4.19.102 (Fixes: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)Jan 13, 2020, 09:45 PMatril-gtk
Version: 1.22.3-alt2Summary: Document viewerChangelog:- Patch from upstream: tiff: Handle failure from TIFFReadRGBAImageOriented (fixes: CVE-2019-11459). - dvi: Require texlive. - Update Russian translation (thx Olesya Gerasimenko).Jan 3, 2020, 01:02 AMspamassassin
Version: 3.4.3-alt1Summary: Spam filter for email written in perlChangelog:- 3.4.3 (fixes: CVE-2018-11805, CVE-2019-12420) - updated %License to SPDX syntaxDec 11, 2019, 12:21 PMlibssh
Version: 0.9.3-alt1Summary: C library to authenticate in a simple manner to one or more SSH serversChangelog:- new version - security (Fixes: CVE-2019-14889)Dec 2, 2019, 12:28 PMoniguruma
Version: 6.9.4-alt1Summary: Regular expressions libraryChangelog:- 6.9.4 - fixes: * CVE-2019-19012 Integer overflow related to reg->dmax in search_in_range() * CVE-2019-19203 heap-buffer-overflow in gb18030_mbc_enc_len() * CVE-2019-19204 heap-buffer-overflow in fetch_interval_quantifier()Nov 5, 2019, 05:27 PMsquashfs-tools
Sep 23, 2019, 04:56 PMlibadplug
Version: 2.2.1-alt3Summary: AdLib sound player libraryChangelog:- added fedora patches: + inline (fixes e2k ftbfs) + cve-2018-17825 (fixes: CVE-2018-17825) + (signed-char unneeded, worked around in previous build) - NB: there's 2.3.1 release over at guthubSep 20, 2019, 06:44 AMpoco
Version: 1.9.4-alt1Summary: POrtable COmponents C++ LibrariesChangelog:- 1.9.4 (Fixes CVE-2019-15903)Sep 3, 2019, 05:54 PMshadow
Version: 4.5-alt5Summary: Utilities for managing shadow password files and user/group accountsChangelog:- Backported patch from shadow-4.6: + newgidmap: enforce setgroups=deny if self-mapping a group (fixes CVE-2018-7169). - Don't use deprecated PreReq.Aug 8, 2019, 01:41 PMkde4libs
Version: 4.14.38-alt5Summary: K Desktop Environment 4 - LibrariesChangelog:- security fixes: CVE-2019-14744Aug 5, 2019, 07:53 PMpython3-module-django2.2
Version: 2.2.4-alt1Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.Changelog:- 2.2.4 - Fixes for the following security vulnerabilities: + CVE-2019-14232 Adjusted regex to avoid backtracking issues when truncating HTML + CVE-2019-14233 Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities + CVE-2019-14234 Protected JSONField/HStoreField key and index lookups against SQL injection + CVE-2019-14235 Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri()Aug 5, 2019, 07:50 PMpython-module-django
Version: 1.11.23-alt1Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.Changelog:- 1.11.23 - Fixes for the following security vulnerabilities: + CVE-2019-14232 Adjusted regex to avoid backtracking issues when truncating HTML + CVE-2019-14233 Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities + CVE-2019-14234 Protected JSONField/HStoreField key and index lookups against SQL injection + CVE-2019-14235 Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri()Aug 4, 2019, 10:36 PMgvfs
Version: 1.40.2-alt1Summary: The GNOME virtual filesystem librariesChangelog:- updated to 1.40.2-2-g4fd68eb2 (fixed CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12795)Jul 6, 2019, 03:26 PMkernel-image-tegra
Version: 4.9.140-alt2Summary: The Linux kernel (the core of the Linux operating system)Changelog:Jun 4, 2019, 06:07 AMSPICE
Version: 0.14.2-alt1Summary: Implements the SPICE protocolChangelog:- 0.14.2 (fixes: CVE-2019-3813) - build with gstreamer supportApr 10, 2019, 02:02 AMlibtiff
Version: 4.0.10.0.57.f9fc01c3-alt1Summary: Library of functions for manipulating TIFF format image filesChangelog:- Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677). - Applied SUSE patches: + tiff-4.0.3-seek.patch; + tiff-4.0.3-compress-warning.patch; + tiff-CVE-2018-12900.patch. - Built with support of: + libjbig; + libwebp; + libzstd. - Fixes: + CVE-2012-4564 Zero size buffer exploit in ppm2tiff; + CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip(); + CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image(); + CVE-2013-4243 Heap-based buffer overflow in the readgifimage(); + CVE-2013-4244 DoS or possible RCE via crafted GIF image; + CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool; + CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf; + CVE-2014-8130 Divide-by-zero error in _TIFFmalloc(); + CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif; + CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak); + CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().Apr 6, 2019, 03:56 AMnettle
Version: 3.4.1-alt1Summary: A low-level cryptographic libraryChangelog:- Updated to 3.4.1 (fixes: CVE-2018-16869).Apr 3, 2019, 12:26 PMlibopenjpeg2.0
Version: 2.3.1-alt1Summary: JPEG 2000 codec library (API version 2.0)Changelog:- 2.3.1 (fixed CVE-2017-14041, CVE-2018-6616, CVE-2018-5785, CVE-2018-14423)Apr 2, 2019, 07:39 PMcracklib