Security
Apr 22, 2024, 10:15 AM
flatpak
Version: 1.14.6-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.6 (fixed CVE-2024-32462)
Apr 18, 2024, 06:09 PM
freerdp
Version: 2.11.6-alt1
Summary: Remote Desktop Protocol functionality
Changelog:
- New version - Security fixes: + CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment + CVE-2024-32039 Integer overflow & OutOfBound Write in clear_decompress_residual_data + CVE-2024-32040 integer underflow in nsc_rle_decode + CVE-2024-32458 OutOfBound Read in planar_skip_plane_rle + CVE-2024-32459 OutOfBound Read in ncrush_decompress + CVE-2024-32460 OutOfBound Read in interleaved_decompress
Apr 12, 2024, 07:46 PM
php8.2
Version: 8.2.18-alt1
Summary: The PHP scripting language
Changelog:
- 8.2.17 -> 8.2.18 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 12, 2024, 07:36 PM
php8.1
Version: 8.1.28-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.27 -> 8.1.28 (Fixes: CVE-2024-1874, CVE-2024-2756, CVE-2024-3096)
Apr 11, 2024, 12:17 PM
sox
Version: 14.4.2-alt7
Summary: A general purpose sound file conversion tool
Changelog:
- Added patches from debian and fix vulnerabilities (Fixes: CVE-2017-15371, CVE-2019-8355, CVE-2021-33844, CVE-2017-15370, CVE-2019-8356, CVE-2021-3643, CVE-2017-11332, CVE-2019-8357, CVE-2021-40426, CVE-2017-11359, CVE-2023-32627, CVE-2022-31650, CVE-2017-15372, CVE-2017-11358, CVE-2022-31651, CVE-2017-15642, CVE-2019-13590, CVE-2019-8354, CVE-2021-23159): + fixed hcom big endian + fixed resource leak comments + fixed resource leak hcom + added handle vorbis analysis headerout errors + added wavpack check errors + added xa validate channel count
Apr 10, 2024, 03:27 PM
openvswitch
Version: 2.17.9-alt1
Summary: An open source, production quality, multilayer virtual switch
Changelog:
- 2.17.9 (Fixes: CVE-2023-3966, CVE-2023-5366)
Apr 5, 2024, 11:00 AM
libnghttp2
Apr 5, 2024, 10:54 AM
apache2
Version: 2.4.59-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.58 -> 2.4.59 (Fixes: CVE-2023-38709, CVE-2024-24795, CVE-2024-27316)
Mar 29, 2024, 08:24 PM
gnutls30
Version: 3.6.16-alt5
Summary: A TLS protocol implementation
Changelog:
- Fix side-channel in the deterministic ECDSA (fixes: CVE-2024-28834). - tests: Add test for CVE-2024-28835. - rsa-psk: minimize branching after decryption (fixes: CVE-2024-0553). - x509: detect loop in certificate chain (fixes: CVE-2024-0567).
Mar 27, 2024, 12:10 PM
curl
Version: 8.7.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 8.6.0 -> 8.7.1 - Fixes: * CVE-2024-2398: HTTP/2 push headers memory-leak * CVE-2024-2004: Usage of disabled protocol
Mar 27, 2024, 11:45 AM
libfcgi
Feb 26, 2024, 03:17 PM
python3-module-jinja2
Version: 3.0.1-alt1.p10.1
Summary: The new and improved version of a small but fast template engine
Changelog:
- Fixed CVE-2024-22195.
Feb 19, 2024, 08:58 PM
dnsmasq
Version: 2.90-alt1
Summary: A lightweight caching nameserver
Changelog:
- Fixed different signedness comparison on 32bit systems. - Dropped obsoleted patches. - Patches from upstream git: + Add missing CHANGELOG entries for 2.90; + Fix spurious "resource limit exceeded" messages. - Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).
Feb 17, 2024, 08:09 AM
python3
Version: 3.9.18-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Changelog:
- Updated to upstream version 3.9.18 (Closes: #49415). - Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Feb 17, 2024, 08:03 AM
sqlite3
Version: 3.35.5-alt1.p10.1
Summary: An Embeddable SQL Database Engine
Changelog:
- Fixed CVE-2023-7104.
Feb 12, 2024, 08:34 PM
postgresql15-1C
Version: 15.5-alt0.p10.3
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Fixes CVE-2024-0985 - Update 1C patch
Feb 12, 2024, 08:32 PM
postgresql15
Version: 15.6-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.6 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:28 PM
postgresql14
Version: 14.11-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.11 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:26 PM
postgresql13
Version: 13.14-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.14 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:24 PM
postgresql12
Version: 12.18-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.18 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:21 PM
postgresql16
Version: 16.2-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 16.2 (Fixes CVE-2024-0985)
Feb 11, 2024, 04:47 AM
dropbear
Version: 2022.83-alt2
Summary: A smallish SSH server and client
Changelog:
- Backport the fix for the Terrapin attack (fixes CVE-2023-48795). - Undo static linking (ALT#49349).
Feb 10, 2024, 12:17 AM
knot-resolver
Feb 9, 2024, 06:29 PM
lxc
Version: 4.0.12-alt3
Summary: Linux Containers
Changelog:
- Add sysctl config with "fs.inotify.max_user_instances = 1024" (ALT#46072). - Disable build init.lxc.static. - Add subgids and subuids for root. - Backport patches form upstream stable-4.0 branch (Fixes: CVE-2022-47952).
Jan 30, 2024, 08:37 AM
libssh2
Version: 1.11.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fix from upstream (Fixes: CVE-2023-48795).
Jan 18, 2024, 11:08 PM
MySQL
Version: 8.0.36-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- new version + (fixes: CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963) + (fixes: CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967) + (fixes: CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971) + (fixes: CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20975) + (fixes: CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981) + (fixes: CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985) - update mysql-shell 8.0.35 -> 8.0.36
Jan 16, 2024, 03:40 PM
frr
Version: 9.0.2-alt1
Summary: FRRouting Routing daemon
Changelog:
- 9.0.2 (Fixes: CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235)
Jan 16, 2024, 08:00 AM
openssh
Version: 7.9p1-alt4.p10.4
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fix for Terrapin attack (fixes CVE-2023-48795).
Jan 15, 2024, 01:38 PM
krb5
Version: 1.19.4-alt3
Summary: The Kerberos network authentication system
Changelog:
- Backport fixes for bronze bit attack (fixes: CVE-2022-37967).
Jan 12, 2024, 10:52 AM
libssh
Version: 0.10.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version (fixes: CVE-2023-6004 CVE-2023-48795 CVE-2023-6918) (closes: 49050)
Jan 4, 2024, 10:57 AM
itop
Version: 3.1.1.1-alt1
Summary: IT Operations Portal
Changelog:
- New version 3.1.1.1 - Security fixes: + CVE-2023-48710 : Restrict pages/exec.php to PHP files + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations + CVE-2023-47626 : Fix XSS vulnerabilities in authent token + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Dec 25, 2023, 12:08 PM
raptor2
Version: 2.0.16-alt1
Summary: RDF Parser Toolkit for Redland
Changelog:
- new version (fixes: CVE-2017-18926 CVE-2020-25713) (closes: 48916)
Dec 19, 2023, 02:07 AM
gst-plugins-bad1.0
Version: 1.20.6-alt3
Summary: A set of GStreamer plugins that need more quality
Changelog:
- fixed CVE-2023-44446
Dec 12, 2023, 07:19 PM
procps
Version: 3.3.17-alt7.g37f1060.p10.2
Summary: System and process monitoring utilities
Changelog:
- Patch from Fedora: + ps: Fix possible buffer overflow in -C option (fixes: CVE-2023-4016). - Fixed NEWS file. - spec: added a knob to build without systemd (by Alexey Sheplyakov) - Makefile.am: fixed build without systemd (by Alexey Sheplyakov)
Dec 4, 2023, 05:48 PM
nextcloud
Version: 27.1.4-alt1
Summary: Cloud platform
Changelog:
- New version (fixes: CVE-2023-48306, CVE-2023-48305, CVE-2023-48304, CVE-2023-48303, CVE-2023-48302, CVE-2023-48301, CVE-2023-48239, CVE-2023-45148).
Nov 30, 2023, 05:32 PM
xorg-server
Version: 1.20.14-alt9.E2K.1
Summary: Xserver - X Window System display server
Changelog:
- E2K: + added mcst patches, mostly as-is except: - 0003-Add-copy-optimizations.patch: partially obsolete - 0006-Add-bug-workaround.patch: obsolete for arch > e2kv2 - 0010-restore-DRI1-support-for-e1c.patch - 0010-Restore-DRI1-support.{add,mod}.patch: need more reverts - 0040-Fix-CVE-2018-14665.patch: applied elsewhere upstream and specifically, including: - mga2 related patch from mcst#5155 + warning-related ftbfs workarounds + bool-related ftbfs workaround (ilyakurdyukov@)
Nov 29, 2023, 05:48 AM
vim
Version: 9.0.2136-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to v9.0.2136 (fixes CVE-2023-48237, CVE-2023-48236, CVE-2023-48235, CVE-2023-48234, CVE-2023-48233, CVE-2023-48232, CVE-2023-48231).
Nov 27, 2023, 11:11 AM
csync2
Version: 2.0-alt3
Summary: Csync2 is a cluster synchronization tool
Changelog:
- added commits from upstream git (Fixes: CVE-2019-15522, CVE-2019-15523)
Nov 23, 2023, 02:54 PM
rabbitmq-c
Nov 9, 2023, 07:35 AM
postgresql11
Version: 11.22-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.22 (Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870) - Add Conflicts: postgresql16-server-devel
Nov 8, 2023, 06:40 AM
sudo
Version: 1.9.15p1-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).
Nov 7, 2023, 06:32 PM
libetpan
Version: 1.9.4-alt4
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Patches from upstream git: + Fix buffer overwrite for empty string in remove_trailing_eol (upstream issue #408); + Detect extra data after STARTTLS response and exit (upstrem issue #387) (fixes: CVE-2020-15953); + Missing boundary fix (upstream issue #384); + Fix potential null pointer deferenced (upstream issue #363); + Fix potential null pointer deferenced (upstream issue #361); + Fix potential null pointer deference (upstream issue #348).
Nov 7, 2023, 05:12 PM
redis
Version: 6.2.14-alt1
Summary: Redis is an advanced key-value store
Changelog:
- 6.2.14 (Fixes: CVE-2023-45145) - drop PrivateUsers=true for allow run unit in container (ALT#47882)
Oct 19, 2023, 05:11 PM
json-c
Version: 0.17-alt1
Summary: JSON implementation in C
Changelog:
- Updated to 0.17 (Fixes: CVE-2021-32292).
Oct 11, 2023, 04:19 PM
moodle
Version: 4.3.0-alt1
Summary: The world's open source learning platform
Changelog:
- New version. - Use PHP 8.2. - Security fixes: CVE-2023-40316, CVE-2023-40317, CVE-2023-40318, CVE-2023-40319, CVE-2023-40320, CVE-2022-39369, CVE-2023-40322, CVE-2023-40323, CVE-2023-40324, CVE-2023-40325 - Requires exif PHP module. - Set PHP parameter max_input_vars=5000.
Oct 11, 2023, 08:36 AM
libcue2
Version: 2.3.0-alt1
Summary: Cue sheet parser library
Changelog:
- new version 2.3.0 (with rpmrb script) - CVE-2023-43641
Oct 4, 2023, 09:14 AM
libX11
Oct 4, 2023, 08:58 AM
libXpm
Sep 29, 2023, 08:00 AM
openssl1.1
Version: 1.1.1w-alt0.p10.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to v1.1.1w (fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-4807).
Sep 28, 2023, 04:47 AM
netatalk
Version: 3.1.17-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.17 (fixed CVE-2023-42464, CVE-2022-23121, CVE-2022-23123, CVE-2022-43634 and CVE-2022-45188) - Add /etc/netatalk/afppasswd (Closes: #46445) - Add /var/lib/netatalk (Closes: #46441) - Add Requires: cracklib-words (Closes: #46446)
Sep 14, 2023, 08:50 PM
php8.0
Version: 8.0.30-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.29 -> 8.0.30 (Fixes: CVE-2023-3823, CVE-2023-3824) - for sisyphus and p11: added conflicts with the installer-stage3 to avoid using php8.0 in distributios: The first stage of EOL plan
Sep 14, 2023, 10:02 AM
libwebp
Version: 1.3.2-alt1
Summary: Library and tools for the WebP graphics format
Changelog:
- 1.3.2 (fixed CVE-2023-4863)
Sep 6, 2023, 05:02 PM
LibreOffice
Version: 6.3.0.3-alt6.E2K.8
Summary: LibreOffice Productivity Suite
Changelog:
- Apply workaround for mcst#8230 - Disable KF5 (ftbfs on p10_e2k + lcc 1.26) - CVE-2022-3140 kludge (cherry-picked from -alt6.E2K.5.1)
Aug 17, 2023, 10:33 AM
ImageMagick
Version: 6.9.12.93-alt1
Summary: An X application for displaying and manipulating images
Changelog:
- New version 6.9.12.93 (Fixes: CVE-2022-44268)
Aug 8, 2023, 08:16 PM
connman
Version: 1.42-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488)
Jun 20, 2023, 07:31 PM
ffmpeg
Version: 4.4.4-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Jun 20, 2023, 06:10 PM
cups-filters
Version: 1.28.11-alt2
Summary: OpenPrinting CUPS filters and backends
Changelog:
- add upstream commit 93e60d3 (Fixes: CVE-2023-24805)
Jun 19, 2023, 04:15 PM
openldap
Version: 2.4.59-alt1.p10.2
Summary: LDAP libraries and sample clients
Changelog:
- fixes CVE-2022-29155.
Jun 14, 2023, 09:32 AM
yajl
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 16, 2023, 07:47 PM
phpipam
Version: 1.5.2-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.5.2 (Fixes: CVE-2023-0676, CVE-2023-0677, CVE-2023-0678, CVE-2023-1211, CVE-2023-1212).
Apr 17, 2023, 10:15 PM
git
Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 12:03 PM
libmicrohttpd
Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Jan 24, 2023, 04:58 PM
libxml2
Version: 2.9.12-alt1.p10.1
Summary: The library for manipulating XML files
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304).
Dec 22, 2022, 10:23 AM
libcairo
Version: 1.16.0-alt2
Summary: Multi-platform 2D graphics library
Changelog:
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
Dec 18, 2022, 03:00 AM
libtiff
Version: 4.4.0-alt2
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and CVE-2022-34526) (closes #44499).
Dec 9, 2022, 12:49 AM
podofo
Version: 0.9.8-alt1
Summary: PDF manipulation library and tools
Changelog:
- new version 0.9.8 (with rpmrb script) - CVE-2021-30469, CVE-2021-30470, CVE-2021-30471, CVE-2021-30472
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 28, 2022, 10:52 AM
tcpreplay
Version: 4.4.2-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.2 (Fixes: CVE-2022-28487, CVE-2022-27942, CVE-2022-27940, CVE-2022-37047, CVE-2022-37049, CVE-2022-27939, CVE-2022-25484, CVE-2022-27941)
Nov 10, 2022, 05:19 PM
gmp
Version: 6.2.1-alt5
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows" (thx Marco Bodrato) (fixes CVE-2021-43618).
Nov 8, 2022, 08:01 AM
ntfs-3g
Version: 2021.8.22-alt2
Summary: third generation Linux NTFS driver
Changelog:
Nov 5, 2022, 12:13 PM
libpixman
Version: 0.40.0-alt2.1
Summary: Pixel manipulation library
Changelog:
- apply upstream commit a1f88e842e0216a5b4df1ab023caebe33c101395 to fix CVE-2022-44638
Nov 3, 2022, 04:58 PM
php7
Version: 7.4.33-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.32 -> 7.4.33 (Fixes: CVE-2022-31630, CVE-2022-37454)
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 28, 2022, 02:27 PM
openslp
Version: 2.0.0-alt3
Summary: OpenSLP implementation of Service Location Protocol V2
Changelog:
- Applied security fixes (fixes CVE-2021-4217).
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 21, 2022, 03:23 PM
perl-DBI
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
Oct 11, 2022, 01:38 PM
python3-module-paramiko
Version: 2.11.0-alt1
Summary: SSH2 protocol for python
Changelog:
- 2.8.1 -> 2.11.0 (fixes: CVE-2022-24302).
Aug 31, 2022, 02:17 AM
cifs-utils
Version: 6.15-alt1
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changelog:
- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Jun 17, 2022, 03:42 PM
python
Version: 2.7.18-alt10
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Secutiry update (fixed: CVE-2015-20107). - Fixed Url field.
May 21, 2022, 07:21 AM
openvpn
Version: 2.5.6-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version (Closes: 42217) - Security fixes: + CVE-2022-0547: possible authentication bypass if multiple authentication plugins tries to do deferred authentication - Fix build with new python3-module-docutils
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333
May 14, 2022, 12:52 AM
libopenjpeg2.0
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
Dec 1, 2021, 07:44 PM
mailman
Version: 2.1.38-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.37 -> 2.1.38 (fixes for CVE-2021-44227).
Nov 11, 2021, 03:28 PM
screen
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character sequence (fixes CVE-2021-26937).
Oct 30, 2021, 09:02 AM
libgfbgraph
Version: 0.2.5-alt1
Summary: A GObject library for Facebook Graph API
Changelog:
- 0.2.5 (fixed CVE-2021-39358)
Sep 20, 2021, 10:54 PM
libytnef
Version: 2.0-alt1
Summary: TNEF Stream Parser Library
Changelog:
- 2.0 (fixed CVE-2021-3403, CVE-2021-3404)
Sep 18, 2021, 02:03 PM
fail2ban
Version: 0.11.2-alt2
Summary: Fail2Ban is an intrusion prevention framework
Changelog:
- fix build, apply patches from upstream - .service: use /run instead of /var/run - CVE-2021-32749
Aug 8, 2021, 04:07 AM
ffmpeg3.3
Version: 3.3.9-alt2.E2K.1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- E2K: apply mcst patches, including CVE-2018-6621 fix
Jul 12, 2021, 10:37 AM
lasso
Version: 2.7.0-alt1
Summary: Liberty Alliance Single Sign On
Changelog:
- New version. - Upstream: + CVE-2021-28091: Fix signature checking on unsigned response with multiple assertions. + configure.ac: Disable java bindings.
Jul 5, 2021, 02:34 PM
audiofile
Version: 0.3.6-alt4
Summary: Library to handle various audio file formats
Changelog:
- applied debian patchset (fixed CVE-2018-13440, CVE-2018-17095) - made flac support optional (enabled by default) - made %check verbose - enabled documentation - fixed License tag
Jun 27, 2021, 10:12 PM
mediawiki-extensions-Widgets
Version: 1.3.0-alt1git
Summary: Widgets extension allows adding widgets to wiki by just creating pages in Widget namespace
Changelog:
- new version (1.3.0) with rpmgs script - CVE-2020-9382, CVE-2020-35625