| thunderbird May 24, 2022, 05:27 PM | May 24, 2022, 05:27 PM |
Version: 91.9.1-alt1
|
Summary: Thunderbird is Mozilla's e-mail client
|
| Changelog: |
- New version.
- Security fixes:
+ CVE-2022-1802 Prototype pollution in Top-Level Await implementation
+ CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution |
| openvpn May 21, 2022, 07:21 AM | May 21, 2022, 07:21 AM |
Version: 2.5.6-alt1
|
Summary: a full-featured SSL VPN solution
|
| Changelog: |
- New version (Closes: 42217)
- Security fixes:
+ CVE-2022-0547: possible authentication bypass if multiple
authentication plugins tries to do deferred authentication
- Fix build with new python3-module-docutils |
| clamav May 20, 2022, 01:30 PM | May 20, 2022, 01:30 PM |
Version: 0.103.6-alt1
|
Summary: Clam Antivirus scanner
|
| Changelog: |
- 0.103.6
+ CVE-2022-20770
+ CVE-2022-20796
+ CVE-2022-20771
+ CVE-2022-20785
+ CVE-2022-20792 |
| libopenjpeg2.0 May 14, 2022, 12:52 AM | May 14, 2022, 12:52 AM |
Version: 2.5.0-alt1
|
Summary: JPEG 2000 codec library (API version 2.0)
|
| Changelog: |
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988,
CVE-2018-20846, CVE-2018-16376, CVE-2021-29338) |
| curl May 11, 2022, 11:29 AM | May 11, 2022, 11:29 AM |
Version: 7.83.1-alt1
|
Summary: Gets a file from a FTP, GOPHER or HTTP server
|
| Changelog: |
- 7.83.1
- Fixes:
* CVE-2022-30115: HSTS bypass via trailing dot
* CVE-2022-27782: TLS and SSH connection too eager reuse
* CVE-2022-27781: CERTINFO never-ending busy-loop
* CVE-2022-27780: percent-encoded path separator in URL host
* CVE-2022-27779: cookie for trailing dot TLD
* CVE-2022-27778: curl removes wrong file on error |
| postgresql14-1C May 11, 2022, 10:39 AM | May 11, 2022, 10:39 AM |
Version: 14.3-alt1
|
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
|
| Changelog: |
- 14.3 (Fixes CVE-2022-1552) |
| postgresql13 May 11, 2022, 10:01 AM | May 11, 2022, 10:01 AM |
Version: 13.7-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 13.7 (Fixes CVE-2022-1552) |
| postgresql12 May 11, 2022, 09:37 AM | May 11, 2022, 09:37 AM |
Version: 12.11-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 12.11 (Fixes CVE-2022-1552) |
| postgresql11 May 11, 2022, 09:14 AM | May 11, 2022, 09:14 AM |
Version: 11.16-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 11.16 (Fixes CVE-2022-1552) |
| postgresql10 May 11, 2022, 08:20 AM | May 11, 2022, 08:20 AM |
Version: 10.21-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 10.21 (Fixes CVE-2022-1552) |
| postgresql14 May 11, 2022, 07:35 AM | May 11, 2022, 07:35 AM |
Version: 14.3-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 14.3 (Fixes CVE-2022-1552) |
| grafana Apr 27, 2022, 06:06 PM | Apr 27, 2022, 06:06 PM |
Version: 8.5.0-alt1
|
Summary: Metrics dashboard and graph editor
|
| Changelog: |
- 8.5.0
- Use pre-builded frontend
- Fixes:
+ CVE-2022-24812
+ CVE-2022-21702
+ CVE-2022-21703
+ CVE-2022-21713
+ CVE-2021-43813
+ CVE-2021-43815
+ CVE-2021-41244
+ CVE-2021-41174 |
| java-1.8.0-openjdk Apr 25, 2022, 07:12 AM | Apr 25, 2022, 07:12 AM |
Version: 1.8.0.332.b09-alt0_0.1.eajpp8
|
Summary: OpenJDK Runtime Environment 8
|
| Changelog: |
- New version.
- Seciruty fixes:
+ JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ JDK-8275151, CVE-2022-21443: Improved Object Identification
+ JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ JDK-8278008, CVE-2022-21476: Improve Santuario processing
+ JDK-8278972, CVE-2022-21496: Improve URL supports |
| node Apr 23, 2022, 05:07 PM | Apr 23, 2022, 05:07 PM |
Version: 14.19.1-alt1
|
Summary: Evented I/O for V8 Javascript
|
| Changelog: |
- new version 14.19.1 (with rpmrb script)
- set openssl >= 1.1.1n
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High) |
| libinput Apr 20, 2022, 10:27 AM | Apr 20, 2022, 10:27 AM |
Version: 1.19.4-alt1
|
Summary: Input devices library
|
| Changelog: |
- 1.19.4 (fixed CVE-2022-1215) |
| golang Apr 15, 2022, 05:35 PM | Apr 15, 2022, 05:35 PM |
Version: 1.17.9-alt1.p10
|
Summary: The Go Programming Language
|
| Changelog: |
- New version (1.17.9) (Fixes: CVE-2022-24675, CVE-2022-28327, CVE-2022-27536). |
| python3-module-django Apr 12, 2022, 08:26 AM | Apr 12, 2022, 08:26 AM |
Version: 3.2.13-alt1
|
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
|
| Changelog: |
- 3.2.12 -> 3.2.13
- Fixes:
* CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
* CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL |
| gzip Apr 8, 2022, 04:54 AM | Apr 8, 2022, 04:54 AM |
Version: 1.12-alt1
|
Summary: The GNU data compression program
|
| Changelog: |
- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271). |
| docker-engine Mar 28, 2022, 06:21 PM | Mar 28, 2022, 06:21 PM |
Version: 20.10.14-alt1
|
Summary: The open-source application container engine
|
| Changelog: |
- 20.10.14 (Fixes: CVE-2022-24769) |
| git Mar 24, 2022, 02:31 AM | Mar 24, 2022, 02:31 AM |
Version: 2.33.2-alt1
|
Summary: Git core and tools
|
| Changelog: |
- 2.33.1 -> 2.33.2 (fixes: CVE-2022-24765). |
| openssh Mar 22, 2022, 07:40 PM | Mar 22, 2022, 07:40 PM |
Version: 7.9p1-alt4.p10.1
|
Summary: OpenSSH free Secure Shell (SSH) implementation
|
| Changelog: |
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109). |
| cri-o Mar 21, 2022, 06:15 PM | Mar 21, 2022, 06:15 PM |
Version: 1.22.3-alt2
|
Summary: Kubernetes Container Runtime Interface for OCI-based containers
|
| Changelog: |
- Add cve fix to changelog
- Fixes: CVE-2022-0811 |
| apache2 Mar 20, 2022, 02:55 PM | Mar 20, 2022, 02:55 PM |
Version: 2.4.53-alt1
|
Summary: The most widely used Web server on the Internet
|
| Changelog: |
- 2.4.53 (Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719) |
| bind Mar 17, 2022, 04:28 PM | Mar 17, 2022, 04:28 PM |
Version: 9.11.37-alt1
|
Summary: ISC BIND - DNS server
|
| Changelog: |
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220). |
| krb5 Mar 15, 2022, 01:17 PM | Mar 15, 2022, 01:17 PM |
Version: 1.19.3-alt1
|
Summary: The Kerberos network authentication system
|
| Changelog: |
- 1.19.2 (Fixes: CVE-2021-37750) |
| glpi Mar 11, 2022, 09:50 AM | Mar 11, 2022, 09:50 AM |
Version: 9.5.7-alt1
|
Summary: IT and asset management software
|
| Changelog: |
- New version 9.5.7
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2022-21720 : SQL injection using custom CSS administration form
+ CVE-2022-21719 : Reflected XSS using reload button |
| polkit Feb 28, 2022, 04:00 PM | Feb 28, 2022, 04:00 PM |
Version: 0.120-alt1.qa2
|
Summary: PolicyKit Authorization Framework
|
| Changelog: |
- upplied upstream fix for CVE-2021-4115 (GHSL-2021-077) |
| qemu Feb 24, 2022, 04:04 PM | Feb 24, 2022, 04:04 PM |
Version: 6.1.1-alt1
|
Summary: QEMU CPU Emulator
|
| Changelog: |
- 6.1.1
- Fixes for the following security vulnerabilities:
+ CVE-2021-3713 uas: add stream number sanity checks
+ CVE-2021-3947 hw/nvme: fix buffer overrun in nvme_changed_nslist
+ CVE-2021-20196 hw/block/fdc: Kludge missing floppy drive
+ CVE-2021-20203 net: vmxnet3: validate configuration values during activate
+ CVE-2021-4158 acpi: validate hotplug selector on access
+ CVE-2022-0358 virtiofsd: Drop membership of all supplementary groups
+ CVE-2021-3929 hw/nvme: fix
- 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread |
| tcpreplay Feb 23, 2022, 09:56 AM | Feb 23, 2022, 09:56 AM |
Version: 4.4.1-alt1
|
Summary: A tool to replay captured network traffic
|
| Changelog: |
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386) |
| snapd Feb 20, 2022, 02:59 PM | Feb 20, 2022, 02:59 PM |
Version: 2.54.3-alt1
|
Summary: A transactional software package manager
|
| Changelog: |
- 2.54.3 (Fixes: CVE-2021-44730, CVE-2021-44731, CVE-2021-4120) |