| libopenjpeg2.0 May 14, 2022, 12:52 AM | May 14, 2022, 12:52 AM |
Version: 2.5.0-alt1
|
Summary: JPEG 2000 codec library (API version 2.0)
|
| Changelog: |
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988,
CVE-2018-20846, CVE-2018-16376, CVE-2021-29338) |
| curl May 11, 2022, 11:29 AM | May 11, 2022, 11:29 AM |
Version: 7.83.1-alt1
|
Summary: Gets a file from a FTP, GOPHER or HTTP server
|
| Changelog: |
- 7.83.1
- Fixes:
* CVE-2022-30115: HSTS bypass via trailing dot
* CVE-2022-27782: TLS and SSH connection too eager reuse
* CVE-2022-27781: CERTINFO never-ending busy-loop
* CVE-2022-27780: percent-encoded path separator in URL host
* CVE-2022-27779: cookie for trailing dot TLD
* CVE-2022-27778: curl removes wrong file on error |
| postgresql14-1C May 11, 2022, 10:39 AM | May 11, 2022, 10:39 AM |
Version: 14.3-alt1
|
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
|
| Changelog: |
- 14.3 (Fixes CVE-2022-1552) |
| postgresql13 May 11, 2022, 10:01 AM | May 11, 2022, 10:01 AM |
Version: 13.7-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 13.7 (Fixes CVE-2022-1552) |
| postgresql12 May 11, 2022, 09:37 AM | May 11, 2022, 09:37 AM |
Version: 12.11-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 12.11 (Fixes CVE-2022-1552) |
| postgresql11 May 11, 2022, 09:14 AM | May 11, 2022, 09:14 AM |
Version: 11.16-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 11.16 (Fixes CVE-2022-1552) |
| postgresql10 May 11, 2022, 08:20 AM | May 11, 2022, 08:20 AM |
Version: 10.21-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 10.21 (Fixes CVE-2022-1552) |
| postgresql14 May 11, 2022, 07:35 AM | May 11, 2022, 07:35 AM |
Version: 14.3-alt1
|
Summary: PostgreSQL client programs and libraries
|
| Changelog: |
- 14.3 (Fixes CVE-2022-1552) |
| grafana Apr 27, 2022, 06:06 PM | Apr 27, 2022, 06:06 PM |
Version: 8.5.0-alt1
|
Summary: Metrics dashboard and graph editor
|
| Changelog: |
- 8.5.0
- Use pre-builded frontend
- Fixes:
+ CVE-2022-24812
+ CVE-2022-21702
+ CVE-2022-21703
+ CVE-2022-21713
+ CVE-2021-43813
+ CVE-2021-43815
+ CVE-2021-41244
+ CVE-2021-41174 |
| java-1.8.0-openjdk Apr 25, 2022, 07:12 AM | Apr 25, 2022, 07:12 AM |
Version: 1.8.0.332.b09-alt0_0.1.eajpp8
|
Summary: OpenJDK Runtime Environment 8
|
| Changelog: |
- New version.
- Seciruty fixes:
+ JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ JDK-8275151, CVE-2022-21443: Improved Object Identification
+ JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ JDK-8278008, CVE-2022-21476: Improve Santuario processing
+ JDK-8278972, CVE-2022-21496: Improve URL supports |
| node Apr 23, 2022, 05:07 PM | Apr 23, 2022, 05:07 PM |
Version: 14.19.1-alt1
|
Summary: Evented I/O for V8 Javascript
|
| Changelog: |
- new version 14.19.1 (with rpmrb script)
- set openssl >= 1.1.1n
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High) |
| libinput Apr 20, 2022, 10:27 AM | Apr 20, 2022, 10:27 AM |
Version: 1.19.4-alt1
|
Summary: Input devices library
|
| Changelog: |
- 1.19.4 (fixed CVE-2022-1215) |
| golang Apr 15, 2022, 05:35 PM | Apr 15, 2022, 05:35 PM |
Version: 1.17.9-alt1.p10
|
Summary: The Go Programming Language
|
| Changelog: |
- New version (1.17.9) (Fixes: CVE-2022-24675, CVE-2022-28327, CVE-2022-27536). |
| python3-module-django Apr 12, 2022, 08:26 AM | Apr 12, 2022, 08:26 AM |
Version: 3.2.13-alt1
|
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
|
| Changelog: |
- 3.2.12 -> 3.2.13
- Fixes:
* CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
* CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL |
| gzip Apr 8, 2022, 04:54 AM | Apr 8, 2022, 04:54 AM |
Version: 1.12-alt1
|
Summary: The GNU data compression program
|
| Changelog: |
- gzip: v1.10-31-g34db0a2 -> v1.12-3-g83c65d1 (fixes: CVE-2022-1271). |
| docker-engine Mar 28, 2022, 06:21 PM | Mar 28, 2022, 06:21 PM |
Version: 20.10.14-alt1
|
Summary: The open-source application container engine
|
| Changelog: |
- 20.10.14 (Fixes: CVE-2022-24769) |
| git Mar 24, 2022, 02:31 AM | Mar 24, 2022, 02:31 AM |
Version: 2.33.2-alt1
|
Summary: Git core and tools
|
| Changelog: |
- 2.33.1 -> 2.33.2 (fixes: CVE-2022-24765). |
| openssh Mar 22, 2022, 07:40 PM | Mar 22, 2022, 07:40 PM |
Version: 7.9p1-alt4.p10.1
|
Summary: OpenSSH free Secure Shell (SSH) implementation
|
| Changelog: |
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109). |
| cri-o Mar 21, 2022, 06:15 PM | Mar 21, 2022, 06:15 PM |
Version: 1.22.3-alt2
|
Summary: Kubernetes Container Runtime Interface for OCI-based containers
|
| Changelog: |
- Add cve fix to changelog
- Fixes: CVE-2022-0811 |
| apache2 Mar 20, 2022, 02:55 PM | Mar 20, 2022, 02:55 PM |
Version: 2.4.53-alt1
|
Summary: The most widely used Web server on the Internet
|
| Changelog: |
- 2.4.53 (Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719) |
| bind Mar 17, 2022, 04:28 PM | Mar 17, 2022, 04:28 PM |
Version: 9.11.37-alt1
|
Summary: ISC BIND - DNS server
|
| Changelog: |
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220). |
| krb5 Mar 15, 2022, 01:17 PM | Mar 15, 2022, 01:17 PM |
Version: 1.19.3-alt1
|
Summary: The Kerberos network authentication system
|
| Changelog: |
- 1.19.2 (Fixes: CVE-2021-37750) |
| thunderbird Mar 14, 2022, 12:16 AM | Mar 14, 2022, 12:16 AM |
Version: 91.7.0-alt1
|
Summary: Thunderbird is Mozilla's e-mail client
|
| Changelog: |
- New version.
- Security fixes:
+ CVE-2022-26383 Browser window spoof using fullscreen mode
+ CVE-2022-26384 iframe allow-scripts sandbox bypass
+ CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
+ CVE-2022-26381 Use-after-free in text reflows
+ CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users |
| glpi Mar 11, 2022, 09:50 AM | Mar 11, 2022, 09:50 AM |
Version: 9.5.7-alt1
|
Summary: IT and asset management software
|
| Changelog: |
- New version 9.5.7
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2022-21720 : SQL injection using custom CSS administration form
+ CVE-2022-21719 : Reflected XSS using reload button |
| polkit Feb 28, 2022, 04:00 PM | Feb 28, 2022, 04:00 PM |
Version: 0.120-alt1.qa2
|
Summary: PolicyKit Authorization Framework
|
| Changelog: |
- upplied upstream fix for CVE-2021-4115 (GHSL-2021-077) |
| qemu Feb 24, 2022, 04:04 PM | Feb 24, 2022, 04:04 PM |
Version: 6.1.1-alt1
|
Summary: QEMU CPU Emulator
|
| Changelog: |
- 6.1.1
- Fixes for the following security vulnerabilities:
+ CVE-2021-3713 uas: add stream number sanity checks
+ CVE-2021-3947 hw/nvme: fix buffer overrun in nvme_changed_nslist
+ CVE-2021-20196 hw/block/fdc: Kludge missing floppy drive
+ CVE-2021-20203 net: vmxnet3: validate configuration values during activate
+ CVE-2021-4158 acpi: validate hotplug selector on access
+ CVE-2022-0358 virtiofsd: Drop membership of all supplementary groups
+ CVE-2021-3929 hw/nvme: fix
- 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread |
| tcpreplay Feb 23, 2022, 09:56 AM | Feb 23, 2022, 09:56 AM |
Version: 4.4.1-alt1
|
Summary: A tool to replay captured network traffic
|
| Changelog: |
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386) |
| snapd Feb 20, 2022, 02:59 PM | Feb 20, 2022, 02:59 PM |
Version: 2.54.3-alt1
|
Summary: A transactional software package manager
|
| Changelog: |
- 2.54.3 (Fixes: CVE-2021-44730, CVE-2021-44731, CVE-2021-4120) |
| php7 Feb 19, 2022, 11:19 AM | Feb 19, 2022, 11:19 AM |
Version: 7.4.28-alt1
|
Summary: The PHP7 scripting language
|
| Changelog: |
- 7.4.28 (Fixes: CVE-2021-21708) |
| java-11-openjdk Feb 18, 2022, 05:21 PM | Feb 18, 2022, 05:21 PM |
Version: 11.0.14.1.1-alt1_1jpp11
|
Summary: OpenJDK Runtime Environment 11
|
| Changelog: |
- New version.
- Security fixes
+ JDK-8217375: jarsigner breaks old signature with long lines in manifest
+ JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
+ JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ JDK-8268488: More valuable DerValues
+ JDK-8268494: Better inlining of inlined interfaces
+ JDK-8268512: More content for ContentInfo
+ JDK-8268795: Enhance digests of Jar files
+ JDK-8268801: Improve PKCS attribute handling
+ JDK-8268813, CVE-2022-21283: Better String matching
+ JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ JDK-8269944: Better HTTP transport redux
+ JDK-8270386, CVE-2022-21291: Better verification of scan methods
+ JDK-8270392, CVE-2022-21293: Improve String constructions
+ JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ JDK-8270952, CVE-2022-21277: Improve TIFF file handling
+ JDK-8271962: Better TrueType font loading
+ JDK-8271968: Better canonical naming
+ JDK-8271987: Manifest improved manifest entries
+ JDK-8272014, CVE-2022-21305: Better array indexing
+ JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ JDK-8272272: Enhance jcmd communication
+ JDK-8272462: Enhance image handling
+ JDK-8273290: Enhance sound handling
+ JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ JDK-8273838, CVE-2022-21365: Enhanced BMP processing
+ JDK-8274096, CVE-2022-21366: Improve decoding of image files
+ JDK-8279541: Improve HarfBuzz
- Fixed linking libraries.
- Removed duplicated files with legal information from packages. |