Packages from AltLinux

Security

May 16, 2023, 07:47 PM

phpipam

Version: 1.5.2-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.5.2 (Fixes: CVE-2023-0676, CVE-2023-0677, CVE-2023-0678, CVE-2023-1211, CVE-2023-1212).
May 11, 2023, 05:47 AM

postgresql15-1C

Version: 15.3-alt0.p10.1
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- 15.3 (Fixes CVE-2023-2454, CVE-2023-2455)
May 11, 2023, 05:45 AM

postgresql14

Version: 14.8-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.8 (Fixes CVE-2023-2454, CVE-2023-2455)
May 11, 2023, 05:43 AM

postgresql13

Version: 13.11-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.11 (Fixes CVE-2023-2454, CVE-2023-2455)
May 11, 2023, 05:42 AM

postgresql12

Version: 12.15-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.15 (Fixes CVE-2023-2454, CVE-2023-2455)
May 11, 2023, 05:40 AM

postgresql11

Version: 11.20-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.20 (Fixes CVE-2023-2454, CVE-2023-2455)
May 11, 2023, 05:35 AM

postgresql15

Version: 15.3-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.3 (Fixes CVE-2023-2454, CVE-2023-2455)
May 4, 2023, 03:05 PM

wireshark

Version: 4.0.5-alt1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- 4.0.5
- Fixes:
    * CVE-2023-1994 GQUIC dissector crash.
    * CVE-2023-1993 LISP dissector large loop.
    * CVE-2023-1992 RPCoRDMA dissector crash.
    * CVE-2023-1161 ISO 15765 and ISO 10681 dissector crash.
May 3, 2023, 09:20 PM

openvswitch

Version: 2.17.6-alt1
Summary: An open source, production quality, multilayer virtual switch
Changelog:
- 2.17.6 (Fixes: CVE-2021-3905, CVE-2023-1668, CVE-2022-4337, CVE-2022-4338)
Apr 17, 2023, 10:15 PM

git

Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Apr 13, 2023, 02:15 PM

kernel-image-elbrus-def

Version: 5.4.163-alt2.23.9
Summary: The Linux kernel (the core of the Linux operating system)
Changelog:
- disabled CONFIG_USER_NS: CVE-2023-1281, CVE-2023-1829
Mar 30, 2023, 11:41 AM

libsixel

Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3.
- switch to meson.
- Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 09:03 PM

samba

Version: 4.16.10-alt1
Summary: The Samba4 CIFS and AD client and server suite
Changelog:
- Update to security release of Samba 4.16 with update libldb to 2.5.3:
  + ldb wildcard matching makes excessive allocations (Samba#15331).

- Security fixes (Samba#15270, Samba#15315):
  + CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                   remote LDAP server, will by default send new or reset
                   passwords over a signed-only connection.
                   https://www.samba.org/samba/security/CVE-2023-0922.html

  + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                   Confidential attribute disclosure via LDAP filters was
                   insufficient and an attacker may be able to obtain
                   confidential BitLocker recovery keys from a Samba AD DC.
                   Installations with such secrets in their Samba AD should
                   assume they have been obtained and need replacing.
                   https://www.samba.org/samba/security/CVE-2023-0614.html
Mar 29, 2023, 12:03 PM

libmicrohttpd

Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM

libmemcached

Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478)
- Change URL to new upstream project
- Use CMAKE
Mar 28, 2023, 03:21 PM

dnsmasq

Version: 2.89-alt2
Summary: A lightweight caching nameserver
Changelog:
- Added patches from upstream git:
  + Avoid undefined behaviour with the ctype(3) functions
  + Fix --rev-server option
  + Fix possible SEGV when no servers defined
  + Set the default maximum DNS UDP packet size to 1232
    (fixes: CVE-2023-28450)
  + Fix DHCPv6 "use multicast" response which previously failed
Mar 24, 2023, 10:53 PM

python3-module-django

Version: 3.2.18-alt1
Summary: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Changelog:
- New version 3.2.18.
- Fixes for the following security vulnerabilities:
  + CVE-2023-23969 Potential denial-of-service via ``Accept-Language`` headers
  + CVE-2023-24580 Potential denial-of-service vulnerability in file uploads
Mar 21, 2023, 01:12 PM

python3

Version: 3.9.16-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Changelog:
- Updated to upstream version 3.9.16 (Closes: #45598) (Fixes: CVE-2022-37454).
Mar 20, 2023, 06:36 PM

flatpak

Version: 1.14.4-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.4 (fixed CVE-2023-28100, CVE-2023-28101)
Mar 18, 2023, 03:37 PM

glpi

Version: 9.5.12-alt1
Summary: IT and asset management software
Changelog:
- New version 9.5.12
- This release fixes several security issues that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2023-22722 : XSS on browse views
 + CVE-2023-22725 : XSS on external links
 + CVE-2023-23610 : Unauthorized access to data export
 + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute
Mar 9, 2023, 04:28 PM

apache2

Version: 2.4.56-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.56 (Fixes: CVE-2023-25690, CVE-2023-27522)
Mar 9, 2023, 11:59 AM

clamav

Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Feb 17, 2023, 03:59 PM

gnutls30

Version: 3.6.16-alt3
Summary: A TLS protocol implementation
Changelog:
- Patches from gnutls-3.7.9:
   + auth/rsa: side-step potential side-channel (fixes: CVE-2023-0361);
   + rsa: remove dead code.
Feb 15, 2023, 09:05 AM

php8.1

Version: 8.1.16-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.15 -> 8.1.16 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)
Feb 14, 2023, 10:03 PM

php8.0

Version: 8.0.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.27 -> 8.0.28 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)
Feb 14, 2023, 08:38 PM

php8.2

Version: 8.2.3-alt1
Summary: The PHP scripting language
Changelog:
- 8.2.2 -> 8.2.3 (Fixes: CVE-2023-0567, CVE-2023-0568, CVE-2023-0662)
Jan 25, 2023, 08:52 PM

bind

Version: 9.16.37-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.16.36 -> 9.16.37 (fixes: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924).
Jan 24, 2023, 04:58 PM

libxml2

Version: 2.9.12-alt1.p10.1
Summary: The library for manipulating XML files
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2022-23308, CVE-2022-29824,
  CVE-2022-40303, CVE-2022-40304).
Jan 19, 2023, 03:40 PM

poppler115

Version: 21.11.0-alt1.p10.1
Summary: PDF rendering library
Changelog:
- JBIG2Stream: Fix crash on broken file (CVE-2021-30860, CVE-2022-27337, CVE-2022-38784)
Jan 18, 2023, 11:34 AM

libXpm

Version: 3.5.15-alt1
Summary: X Pixmap Library
Changelog:
- 3.5.15 (fixes: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883)
Dec 22, 2022, 10:23 AM

libcairo

Version: 1.16.0-alt2
Summary: Multi-platform 2D graphics library
Changelog:
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
Dec 20, 2022, 07:34 PM

libetpan

Version: 1.9.4-alt3
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Fixed libssl knob.
- Fixed License tag.
- Added Vcs tag.
- Patch from upstream:
  + Fixed crash when st_info_list is NULL (fixes: CVE-2022-4121).
Dec 18, 2022, 03:00 AM

libtiff

Version: 4.4.0-alt2
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058,
  CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598,
  CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and
  CVE-2022-34526) (closes #44499).
Dec 5, 2022, 03:48 PM

libarchive

Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 28, 2022, 10:52 AM

tcpreplay

Version: 4.4.2-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.2 (Fixes: CVE-2022-28487, CVE-2022-27942, CVE-2022-27940, CVE-2022-37047, CVE-2022-37049,
     CVE-2022-27939, CVE-2022-25484, CVE-2022-27941)
Nov 18, 2022, 07:03 AM

freerdp

Version: 2.9.0-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version.
- Fixed multiple client side input validation issues
  (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
  CVE-2022-39320, CVE-2022-41877, CVE-2022-39347).
Nov 16, 2022, 10:12 AM

krb5

Version: 1.19.4-alt1
Summary: The Kerberos network authentication system
Changelog:
- 1.19.4 (Fixes: CVE-2022-42898)
Nov 10, 2022, 05:19 PM

gmp

Version: 6.2.1-alt5
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows"
  (thx Marco Bodrato) (fixes CVE-2021-43618).
Nov 9, 2022, 10:11 PM

xorg-server

Version: 1.20.13-alt4.E2K.1
Summary: Xserver - X Window System display server
Changelog:
- E2K:
  + added mcst patches, mostly as-is except:
    - 0003-Add-copy-optimizations.patch: partially obsolete
    - 0006-Add-bug-workaround.patch: obsolete for arch > e2kv2
    - 0010-Restore-DRI1-support.{add,mod}.patch: need more reverts
    - 0040-Fix-CVE-2018-14665.patch: applied elsewhere upstream
    and specifically, including:
    - 0010-restore-DRI1-support-for-e1c.patch
    - mga2 related patch from mcst#5155
  + warning-related ftbfs workarounds
Nov 8, 2022, 08:01 AM

ntfs-3g

Version: 2021.8.22-alt2
Summary: third generation Linux NTFS driver
Changelog:
- Fixes (CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785,
  CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789,
  CVE-2022-40284)
Nov 5, 2022, 12:13 PM

libpixman

Version: 0.40.0-alt2.1
Summary: Pixel manipulation library
Changelog:
- apply upstream commit a1f88e842e0216a5b4df1ab023caebe33c101395
  to fix CVE-2022-44638
Nov 3, 2022, 04:58 PM

php7

Version: 7.4.33-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.32 -> 7.4.33 (Fixes: CVE-2022-31630, CVE-2022-37454)
Oct 28, 2022, 02:27 PM

openslp

Version: 2.0.0-alt3
Summary: OpenSLP implementation of Service Location Protocol V2
Changelog:
- Applied security fixes (fixes CVE-2021-4217).
Oct 26, 2022, 04:03 PM

libvncserver

Version: 0.9.13-alt3
Summary: An easy API to write one's own VNC server
Changelog:
- security (fixes: CVE-2020-29260)
Oct 25, 2022, 05:31 PM

arj

Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 21, 2022, 03:30 PM

nginx

Version: 1.22.1-alt1
Summary: Fast HTTP server
Changelog:
- 1.22.1 (Fixes: CVE-2022-41741, CVE-2022-41742)
Oct 21, 2022, 03:23 PM

perl-DBI

Version: 1.643-alt2
Summary: Database independent interface for Perl
Changelog:
- fixes CVE-2014-10401
Oct 18, 2022, 12:14 AM

adcli

Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password:
 + fix unable to join to active directory after KB5008380/CVE-2021-42287 with
   option '--ldap-passwd';
 + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27
- Add support fall back to LDAPS if CLDAP ping was not successful
 + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp
   port adcli will try to send the request to the LDAPS port 636/tcp.
- Fix write SID before secret to Samba's db looks like 'net changesecretpw'
- Add passwd-user sub-command for (re)set a user password.
- Add dont-expire-password option for computer.
Oct 15, 2022, 05:41 PM

util-linux

Version: 2.38.1-alt1
Summary: A collection of basic system utilities
Changelog:
- New version (2.38.1) (fixes: CVE-2023-0563).
Oct 14, 2022, 10:25 PM

LibreOffice

Version: 6.3.0.3-alt6.E2K.5.1
Summary: LibreOffice Productivity Suite
Changelog:
- CVE-2022-3140 kludge
Oct 14, 2022, 03:47 PM

aspell

Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM

lrzsz

Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM

unzip

Version: 6.0-alt5
Summary: An utility for unpacking zip archives
Changelog:
- fixes CVE-2021-4217
Oct 11, 2022, 01:38 PM

python3-module-paramiko

Version: 2.11.0-alt1
Summary: SSH2 protocol for python
Changelog:
- 2.8.1 -> 2.11.0 (fixes: CVE-2022-24302).
Oct 7, 2022, 08:03 PM

dhcp

Version: 4.4.3.P1-alt1
Summary: Dynamic Host Configuration Protocol (DHCP) distribution
Changelog:
- Updated to 4.4.3-P1 (fixes: CVE-2022-2928,CVE-2022-2929).
Sep 16, 2022, 11:48 AM

ffmpeg3.3

Version: 3.3.9-alt2.E2K.1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- E2K: apply mcst patches, including CVE-2018-6621 fix
Sep 13, 2022, 04:57 AM

dovecot

Version: 2.3.19.1-alt2
Summary: Dovecot secure IMAP/POP3 server
Changelog:
- Fixes: CVE-2022-30550.
Aug 31, 2022, 02:17 AM

cifs-utils

Version: 6.15-alt1
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changelog:
- Update to stable release 6.15 (Samba#15025, Samba#15026)
- mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239)
- mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Jun 24, 2022, 06:49 PM

mediawiki

Version: 1.37.2-alt1
Summary: A wiki engine, typical installation (with Apache2 and MySQL support)
Changelog:
- new version 1.37.2 (with rpmrb script)
- (T297571, CVE-2022-28201) (T297731, CVE-2022-28203)
- (T297754, CVE-2022-28204) (T297543, CVE-2022-28202)
Jun 20, 2022, 09:51 PM

polkit

Version: 0.115-alt2.2
Summary: PolicyKit Authorization Framework
Changelog:
- NMU (fixes: CVE-2021-4034).
- Applied upstream fix for a trivially exploitable local root vulnerability,
  see https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Jun 17, 2022, 03:42 PM

python

Version: 2.7.18-alt10
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Secutiry update (fixed: CVE-2015-20107).
- Fixed Url field.
Jun 14, 2022, 12:06 PM

libexo

Version: 4.16.4-alt1
Summary: Extension library to Xfce
Changelog:
- Updated to 4.16.4 (fixes: CVE-2022-32278).
May 21, 2022, 07:21 AM

openvpn

Version: 2.5.6-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version (Closes: 42217)
- Security fixes:
  + CVE-2022-0547: possible authentication bypass if multiple
    authentication plugins tries to do deferred authentication
- Fix build with new python3-module-docutils
May 15, 2022, 08:57 PM

xpdf

Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump
- Many bugfixes, including security, including:
  Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM

unrar

Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7
- Fixes: CVE-2022-30333
May 14, 2022, 12:52 AM

libopenjpeg2.0

Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, 
  CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
Mar 22, 2022, 07:40 PM

openssh

Version: 7.9p1-alt4.p10.1
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109).
Feb 3, 2022, 04:52 PM

connman

Version: 1.41-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- new version 1.41 (Fixes: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098)
Jan 18, 2022, 03:17 PM

expat

Version: 2.4.3-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.4.3 (with multiple security fixes).
- Fixes:
  + CVE-2021-45960 issues with left shift by >= 29 places in function storeAtts that
    can lead to realloc misbehavior;
  + CVE-2021-46143 Integer overflow on variable m_groupSize in function doProlog;
  + CVE-2022-22822 Integer overflows near memory allocation in function addBinding;
  + CVE-2022-22823 Integer overflows near memory allocation in function build_model;
  + CVE-2022-22824 Integer overflows near memory allocation in function defineAttribute;
  + CVE-2022-22825 Integer overflows near memory allocation in function lookup;
  + CVE-2022-22826 Integer overflows near memory allocation in function nextScaffoldPart;
  + CVE-2022-22827 Integer overflows near memory allocation in function storeAtts.
Dec 2, 2021, 01:02 AM

lldpd

Version: 1.0.13-alt1
Summary: Link Layer Discovery Protocol Daemon
Changelog:
- new version 1.0.13 (Fixes: CVE-2021-43612)
- migrate /var/run -> /run
Dec 1, 2021, 07:44 PM

mailman

Version: 2.1.38-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.37 -> 2.1.38 (fixes for CVE-2021-44227).
Nov 20, 2021, 03:26 PM

redis

Version: 6.2.6-alt1
Summary: Redis is an advanced key-value store
Changelog:
- New version
- Security fixes:
  + CVE-2021-41099: buffer overflow with non-default configuration
  + CVE-2021-32762: buffer overflow issue in redis-cli and redis-sentinel
  + CVE-2021-32687: buffer overflow with non-default configuration
  + CVE-2021-32675: Denial Of Service when processing RESP request payloads
  + CVE-2021-32672: random heap reading issue with Lua Debugger
  + CVE-2021-32628: buffer overflow with non-default configuration
  + CVE-2021-32627: buffer overflow with non-default configuration
  + CVE-2021-32626: Lua scripts may result with Heap buffer overflow
  + CVE-2021-32761: integer overflow in BITFIELD on 32-bit versions
Nov 11, 2021, 03:28 PM

screen

Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character
  sequence (fixes CVE-2021-26937).
Oct 30, 2021, 09:02 AM

libgfbgraph

Version: 0.2.5-alt1
Summary: A GObject library for Facebook Graph API
Changelog:
- 0.2.5 (fixed CVE-2021-39358)
Sep 20, 2021, 10:54 PM

libytnef

Version: 2.0-alt1
Summary: TNEF Stream Parser Library
Changelog:
- 2.0 (fixed CVE-2021-3403, CVE-2021-3404)
Sep 18, 2021, 02:03 PM

fail2ban

Version: 0.11.2-alt2
Summary: Fail2Ban is an intrusion prevention framework
Changelog:
- fix build, apply patches from upstream
- .service: use /run instead of /var/run
- CVE-2021-32749
Sep 11, 2021, 06:59 PM

ghostscript

Version: 9.54.0-alt3
Summary: PostScript interpreter and renderer, most printer drivers
Changelog:
- (Fixes: CVE-2021-3781)
Sep 4, 2021, 11:19 PM

cyrus-imapd

Version: 3.2.8-alt1
Summary: A high-performance email, contacts and calendar server
Changelog:
- 3.2.8 (fixes: CVE-2021-33582)
Sep 2, 2021, 11:56 AM

libssh

Version: 0.9.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version
- security (fixes: CVE-2021-3634)
Jul 17, 2021, 04:35 PM

cacti

Version: 1.2.18-alt1
Summary: The complete RRDTool-based graphing solution.
Changelog:
- 1.2.18
- Fixes:
  + CVE-2020-35701 SQL Injection was possible due to incorrect validation order
  + CVE-2020-14424 Lack of escaping on file input fields can lead to XSS exposure under midwinter theme
Jul 12, 2021, 10:37 AM

lasso

Version: 2.7.0-alt1
Summary: Liberty Alliance Single Sign On
Changelog:
- New version.
- Upstream:
  + CVE-2021-28091: Fix signature checking on unsigned response with multiple assertions.
  + configure.ac: Disable java bindings.
Jul 5, 2021, 02:34 PM

audiofile

Version: 0.3.6-alt4
Summary: Library to handle various audio file formats
Changelog:
- applied debian patchset (fixed CVE-2018-13440, CVE-2018-17095)
- made flac support optional (enabled by default)
- made %check verbose
- enabled documentation
- fixed License tag
Jun 27, 2021, 10:12 PM

mediawiki-extensions-Widgets

Version: 1.3.0-alt1git
Summary: Widgets extension allows adding widgets to wiki by just creating pages in Widget namespace
Changelog:
- new version (1.3.0) with rpmgs script
- CVE-2020-9382, CVE-2020-35625
Jun 24, 2021, 06:56 PM

squid

Version: 4.15-alt1
Summary: The Squid proxy caching server
Changelog:
- 4.15
- Fixes:
  + CVE-2020-25097 HTTP Request Smuggling.
  + CVE-2021-28651 Denial of Service in URN processing.
  + CVE-2021-28652 Denial of Service issue in Cache Manager.
  + CVE-2021-28662 Denial of Service in HTTP Response Processing.
  + CVE-2021-31806 Improper input validation in HTTP Range header.
  + CVE-2021-31807 Incorrect memory management may lead to DoS.
  + CVE-2021-31808 An integer overflow may lead to a DoS.
  + CVE-2021-33620 Denial of Service in HTTP Response processing.
- update langpack to 20210511
May 17, 2021, 08:27 PM

chess

Version: 6.2.8-alt1
Summary: The GNU chess program
Changelog:
- Updated to 6.2.8.
- Updated book to 1.02.
- Fixed CVE-2021-30184.
- Packed watch and upstream public signing key to sourcerpm.
May 5, 2021, 10:12 PM

exim

Version: 4.94.2-alt1
Summary: Exim MTA
Changelog:
- update to 4.94.2 (fix CVE-2020-28007 ... CVE-2020-28026 and CVE-2021-27216)
Apr 28, 2021, 02:38 PM

avahi

Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
Apr 22, 2021, 05:49 PM

SPICE

Version: 0.15.0-alt1
Summary: Implements the SPICE protocol
Changelog:
- 0.15.0 (Fixes: CVE-2020-14355)
Apr 8, 2021, 06:44 PM

python3-module-Pillow

Version: 8.1.2-alt1
Summary: Python Imaging Library
Changelog:
- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)
Feb 14, 2021, 09:22 PM

subversion

Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version.
- Fixes:
  + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Jan 26, 2021, 12:56 PM

trousers

Version: 0.3.15-alt1
Summary: Implementation of the TCG's Software Stack
Changelog:
- 0.3.15 released
- Corrected mutliple security issues in tcsd
  (Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)
Jan 22, 2021, 10:54 AM

shellinabox

Version: 2.20-alt2
Summary: AJAX based terminal emulator exporting a console to the browser
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-16789).
Jan 22, 2021, 10:20 AM

libevt

Version: 20140411-alt2
Summary: Library and tools to access the Windows Event Log (EVT) format
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-8754).
Jan 21, 2021, 06:16 PM

libmspack

Version: 0.6-alt2
Summary: Compressors and decompressors for Microsoft compression formats
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-18584).
Dec 18, 2020, 03:52 PM

a2ps

Version: 4.14-alt3
Summary: Any to PostScript filter
Changelog:
- Applied security patches from Debian and Gentoo (Fixes: CVE-2014-0466, CVE-2015-8107).
Dec 18, 2020, 10:46 AM

icoutils

Version: 0.32.3-alt1
Summary: Utility for extracting and converting Microsoft icon and cursor files
Changelog:
- Updated to upstream version 0.32.3 (Fixes: CVE-2017-5208,
  CVE-2017-5331, CVE-2017-5332, CVE-2017-5333).
Dec 17, 2020, 04:07 PM

dnstracer

Version: 1.9-alt2
Summary: A tool to trace DNS queries
Changelog:
- Applied security patch from Gentoo (Fixes: CVE-2017-9430).
Dec 17, 2020, 12:24 PM

mgetty

Version: 1.2.1-alt1
Summary: A getty replacement for use with data and fax modems
Changelog:
- Updated to upstream version 1.2.1 (Fixes: CVE-2018-16741, CVE-2018-16742,
  CVE-2018-16743, CVE-2018-16744, CVE-2018-16745, CVE-2019-1010189, CVE-2019-1010190).
Dec 9, 2020, 02:46 PM

3proxy

Version: 0.6.1-alt2
Summary: Proxy server
Changelog:
- Applied security fix from upstream (Fixes: CVE-2019-14495).
Dec 9, 2020, 01:25 PM

mupdf

Version: 1.18.0-alt1
Summary: A lightweight PDF viewer and toolkit
Changelog:
- Updated to upstream version 1.18.0 (Fixes: CVE-2017-5991, CVE-2018-10289,
  CVE-2018-16647, CVE-2018-16648, CVE-2019-14975, CVE-2020-26519).
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v23.05.7
Back to top