Security
Mar 11, 2024, 09:39 AM
unbound
Version: 1.19.2-alt1
Summary: Validating, recursive, and caching DNS resolver
Changelog:
- 1.19.2 (Fixes CVE-2024-1931)
Feb 19, 2024, 08:58 PM
dnsmasq
Version: 2.90-alt1
Summary: A lightweight caching nameserver
Changelog:
- Fixed different signedness comparison on 32bit systems. - Dropped obsoleted patches. - Patches from upstream git: + Add missing CHANGELOG entries for 2.90; + Fix spurious "resource limit exceeded" messages. - Updated to 2.90 (fixes: CVE-2023-50387,CVE 2023-50868).
Feb 18, 2024, 05:05 PM
glpi
Version: 10.0.12-alt1
Summary: IT and asset management software
Changelog:
- New version 10.0.12 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-23645 : Reflected XSS in reports pages + CVE-2023-51446 : LDAP Injection during authentication ()
Feb 17, 2024, 08:09 AM
python3
Version: 3.9.18-alt1
Summary: Version 3 of the Python programming language aka Python 3000
Changelog:
- Updated to upstream version 3.9.18 (Closes: #49415). - Fixed CVE's (Fixes: CVE-2023-0286, CVE-2022-4303, CVE-2023-40217, CVE-2023-24329).
Feb 17, 2024, 08:03 AM
sqlite3
Version: 3.35.5-alt1.p10.1
Summary: An Embeddable SQL Database Engine
Changelog:
- Fixed CVE-2023-7104.
Feb 12, 2024, 08:34 PM
postgresql15-1C
Version: 15.5-alt0.p10.3
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changelog:
- Fixes CVE-2024-0985 - Update 1C patch
Feb 12, 2024, 08:32 PM
postgresql15
Version: 15.6-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 15.6 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:28 PM
postgresql14
Version: 14.11-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 14.11 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:26 PM
postgresql13
Version: 13.14-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 13.14 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:24 PM
postgresql12
Version: 12.18-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 12.18 (Fixes CVE-2024-0985)
Feb 12, 2024, 08:21 PM
postgresql16
Version: 16.2-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 16.2 (Fixes CVE-2024-0985)
Feb 10, 2024, 12:17 AM
knot-resolver
Jan 31, 2024, 03:18 PM
curl
Version: 8.6.0-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 8.5.0 -> 8.6.0 - Fixes: * CVE-2024-0853 : OCSP verification bypass with TLS session reuse
Jan 30, 2024, 08:37 AM
libssh2
Version: 1.11.0-alt2
Summary: A library implementing the SSH2 protocol
Changelog:
- Applied security fix from upstream (Fixes: CVE-2023-48795).
Jan 24, 2024, 08:03 AM
zabbix
Version: 6.0.25-alt0.p10.3
Summary: A network monitor
Changelog:
- Build for p10 (ALT #49152) - (Fixes: CVE-2023-32726, CVE-2023-32727, CVE-2023-32728)
Jan 18, 2024, 11:08 PM
MySQL
Version: 8.0.36-alt1
Summary: A very fast and reliable SQL database engine
Changelog:
- new version + (fixes: CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963) + (fixes: CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967) + (fixes: CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971) + (fixes: CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20975) + (fixes: CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981) + (fixes: CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985) - update mysql-shell 8.0.35 -> 8.0.36
Jan 16, 2024, 03:40 PM
frr
Version: 9.0.2-alt1
Summary: FRRouting Routing daemon
Changelog:
- 9.0.2 (Fixes: CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235)
Jan 16, 2024, 08:00 AM
openssh
Version: 7.9p1-alt4.p10.4
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fix for Terrapin attack (fixes CVE-2023-48795).
Jan 15, 2024, 01:38 PM
krb5
Version: 1.19.4-alt3
Summary: The Kerberos network authentication system
Changelog:
- Backport fixes for bronze bit attack (fixes: CVE-2022-37967).
Jan 12, 2024, 10:52 AM
libssh
Version: 0.10.6-alt1
Summary: C library to authenticate in a simple manner to one or more SSH servers
Changelog:
- new version (fixes: CVE-2023-6004 CVE-2023-48795 CVE-2023-6918) (closes: 49050)
Dec 25, 2023, 12:08 PM
raptor2
Version: 2.0.16-alt1
Summary: RDF Parser Toolkit for Redland
Changelog:
- new version (fixes: CVE-2017-18926 CVE-2020-25713) (closes: 48916)
Dec 19, 2023, 02:07 AM
gst-plugins-bad1.0
Version: 1.20.6-alt3
Summary: A set of GStreamer plugins that need more quality
Changelog:
- fixed CVE-2023-44446
Dec 12, 2023, 07:19 PM
procps
Version: 3.3.17-alt7.g37f1060.p10.2
Summary: System and process monitoring utilities
Changelog:
- Patch from Fedora: + ps: Fix possible buffer overflow in -C option (fixes: CVE-2023-4016). - Fixed NEWS file. - spec: added a knob to build without systemd (by Alexey Sheplyakov) - Makefile.am: fixed build without systemd (by Alexey Sheplyakov)
Dec 4, 2023, 05:48 PM
nextcloud
Version: 27.1.4-alt1
Summary: Cloud platform
Changelog:
- New version (fixes: CVE-2023-48306, CVE-2023-48305, CVE-2023-48304, CVE-2023-48303, CVE-2023-48302, CVE-2023-48301, CVE-2023-48239, CVE-2023-45148).
Nov 30, 2023, 05:32 PM
xorg-server
Version: 1.20.14-alt9.E2K.1
Summary: Xserver - X Window System display server
Changelog:
- E2K: + added mcst patches, mostly as-is except: - 0003-Add-copy-optimizations.patch: partially obsolete - 0006-Add-bug-workaround.patch: obsolete for arch > e2kv2 - 0010-restore-DRI1-support-for-e1c.patch - 0010-Restore-DRI1-support.{add,mod}.patch: need more reverts - 0040-Fix-CVE-2018-14665.patch: applied elsewhere upstream and specifically, including: - mga2 related patch from mcst#5155 + warning-related ftbfs workarounds + bool-related ftbfs workaround (ilyakurdyukov@)
Nov 29, 2023, 05:48 AM
vim
Version: 9.0.2136-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to v9.0.2136 (fixes CVE-2023-48237, CVE-2023-48236, CVE-2023-48235, CVE-2023-48234, CVE-2023-48233, CVE-2023-48232, CVE-2023-48231).
Nov 27, 2023, 11:11 AM
csync2
Version: 2.0-alt3
Summary: Csync2 is a cluster synchronization tool
Changelog:
- added commits from upstream git (Fixes: CVE-2019-15522, CVE-2019-15523)
Nov 23, 2023, 07:38 PM
gnutls30
Version: 3.6.16-alt4
Summary: A TLS protocol implementation
Changelog:
- auth/rsa_psk: side-step potential side-channel (fixes: CVE-2023-5981).
Nov 23, 2023, 02:54 PM
rabbitmq-c
Nov 9, 2023, 07:35 AM
postgresql11
Version: 11.22-alt0.p10.1
Summary: PostgreSQL client programs and libraries
Changelog:
- 11.22 (Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870) - Add Conflicts: postgresql16-server-devel
Nov 8, 2023, 06:40 AM
sudo
Version: 1.9.15p1-alt1
Summary: Allows command execution as another user
Changelog:
- Update to latest stable bugfix and security release (fixes: CVE-2023-42465): + The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. A similar issue in sudo-rs has been assigned CVE-2023-42456. - Fixes in behavior: + The visudo utility will no longer create an empty file when the specified sudoers file does not exist and the user exits the editor without making any changes (GitHub#294). + Fixed a bug where output could go to the wrong terminal if "use_pty" is enabled (the default) and the standard input, output or error is redirected to a different terminal. Bug #1056. + A path separator ('/') in a user, group or host name is now replaced with an underbar character ('_') when expanding escapes in @include and @includedir directives as well as the "iolog_file" and "iolog_dir" sudoers Default settings. - Fixes in user output: + Running "sudo -ll command" now produces verbose output that includes matching rule as well as the path to the sudoers file the matching rule came from. + Changes to terminal settings are now performed atomically, where possible. If the command is being run in a pseudo-terminal and the user's terminal is already in raw mode, sudo will not change the user's terminal settings. This prevents concurrent sudo processes from restoring the terminal settings to the wrong values (GitHub#312). + Better log message when rejecting a command if the "intercept" option is enabled and the "intercept_allow_setid" option is disabled. Previously, "command not allowed" would be logged and the user had no way of knowing what the actual problem was. - Fixes in logging: + The sudoers source is now logged in the JSON event log. This makes it possible to tell which rule resulted in a match. + Sudo will now log the invoking user's environment as "submitenv" in the JSON logs. The command's environment ("runenv") is no longer logged for commands rejected by the sudoers file or an approval plugin. + The sudo_logsrvd server will now raise its open file descriptor limit to the maximum allowed value when it starts up. Each connection can require up to nine open file descriptors so the default soft limit may be too low. - Fixed regressions: + Fixed the warning message for "sudo -l command" when the command is not permitted. There was a missing space between "list" and the actual command due to changes in sudo 1.9.14. + The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. Sudo 1.9.14 contained an incorrect fix for this. + Reverted a change from sudo 1.9.4 that resulted in PAM session modules being called with the environment of the command to be run instead of the environment of the invoking user (GitHub#318).
Nov 7, 2023, 06:32 PM
libetpan
Version: 1.9.4-alt4
Summary: This mail library provide a portable, efficient middleware for different kinds of mail access
Changelog:
- Patches from upstream git: + Fix buffer overwrite for empty string in remove_trailing_eol (upstream issue #408); + Detect extra data after STARTTLS response and exit (upstrem issue #387) (fixes: CVE-2020-15953); + Missing boundary fix (upstream issue #384); + Fix potential null pointer deferenced (upstream issue #363); + Fix potential null pointer deferenced (upstream issue #361); + Fix potential null pointer deference (upstream issue #348).
Nov 7, 2023, 05:12 PM
redis
Version: 6.2.14-alt1
Summary: Redis is an advanced key-value store
Changelog:
- 6.2.14 (Fixes: CVE-2023-45145) - drop PrivateUsers=true for allow run unit in container (ALT#47882)
Oct 20, 2023, 02:46 PM
apache2-mod_http2
Version: 2.0.25-alt1
Summary: module implementing HTTP/2 for Apache 2
Changelog:
- 2.0.24 -> 2.0.25 (Fixes: CVE-2023-45802)
Oct 19, 2023, 05:11 PM
json-c
Version: 0.17-alt1
Summary: JSON implementation in C
Changelog:
- Updated to 0.17 (Fixes: CVE-2021-32292).
Oct 11, 2023, 04:19 PM
moodle
Version: 4.3.0-alt1
Summary: The world's open source learning platform
Changelog:
- New version. - Use PHP 8.2. - Security fixes: CVE-2023-40316, CVE-2023-40317, CVE-2023-40318, CVE-2023-40319, CVE-2023-40320, CVE-2022-39369, CVE-2023-40322, CVE-2023-40323, CVE-2023-40324, CVE-2023-40325 - Requires exif PHP module. - Set PHP parameter max_input_vars=5000.
Oct 11, 2023, 11:05 AM
libnghttp2
Oct 11, 2023, 08:36 AM
libcue2
Version: 2.3.0-alt1
Summary: Cue sheet parser library
Changelog:
- new version 2.3.0 (with rpmrb script) - CVE-2023-43641
Oct 4, 2023, 09:14 AM
libX11
Oct 4, 2023, 08:58 AM
libXpm
Sep 29, 2023, 08:00 AM
openssl1.1
Version: 1.1.1w-alt0.p10.1
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Changelog:
- Updated to v1.1.1w (fixes CVE-2023-3817, CVE-2023-3446, CVE-2023-4807).
Sep 28, 2023, 04:47 AM
netatalk
Version: 3.1.17-alt1
Summary: Open Source Apple Filing Protocol(AFP) File Server
Changelog:
- 3.1.17 (fixed CVE-2023-42464, CVE-2022-23121, CVE-2022-23123, CVE-2022-43634 and CVE-2022-45188) - Add /etc/netatalk/afppasswd (Closes: #46445) - Add /var/lib/netatalk (Closes: #46441) - Add Requires: cracklib-words (Closes: #46446)
Sep 14, 2023, 08:50 PM
php8.0
Version: 8.0.30-alt1
Summary: The PHP scripting language
Changelog:
- 8.0.29 -> 8.0.30 (Fixes: CVE-2023-3823, CVE-2023-3824) - for sisyphus and p11: added conflicts with the installer-stage3 to avoid using php8.0 in distributios: The first stage of EOL plan
Sep 14, 2023, 10:02 AM
libwebp
Version: 1.3.2-alt1
Summary: Library and tools for the WebP graphics format
Changelog:
- 1.3.2 (fixed CVE-2023-4863)
Sep 6, 2023, 05:02 PM
LibreOffice
Version: 6.3.0.3-alt6.E2K.8
Summary: LibreOffice Productivity Suite
Changelog:
- Apply workaround for mcst#8230 - Disable KF5 (ftbfs on p10_e2k + lcc 1.26) - CVE-2022-3140 kludge (cherry-picked from -alt6.E2K.5.1)
Aug 17, 2023, 10:33 AM
ImageMagick
Version: 6.9.12.93-alt1
Summary: An X application for displaying and manipulating images
Changelog:
- New version 6.9.12.93 (Fixes: CVE-2022-44268)
Aug 8, 2023, 08:16 PM
connman
Version: 1.42-alt1
Summary: ConnMan is a daemon for managing internet connections.
Changelog:
- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488)
Jul 5, 2023, 03:16 PM
dbus
Version: 1.14.8-alt1
Summary: D-BUS is a simple IPC framework based on messages.
Changelog:
- 1.14.8 (Fixes: CVE-2023-34969) (closes: #46767)
Jun 20, 2023, 07:31 PM
ffmpeg
Version: 4.4.4-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.4.3 -> 4.4.4 (Fixes: CVE-2022-3964, CVE-2022-3341, CVE-2022-3109)
Jun 20, 2023, 06:10 PM
cups-filters
Version: 1.28.11-alt2
Summary: OpenPrinting CUPS filters and backends
Changelog:
- add upstream commit 93e60d3 (Fixes: CVE-2023-24805)
Jun 19, 2023, 04:15 PM
openldap
Version: 2.4.59-alt1.p10.2
Summary: LDAP libraries and sample clients
Changelog:
- fixes CVE-2022-29155.
Jun 14, 2023, 09:32 AM
yajl
May 27, 2023, 03:54 AM
libtpms
Version: 0.9.6-alt1
Summary: Library providing Trusted Platform Module (TPM) functionality
Changelog:
- New version 0.9.6 (Fixes: CVE-2023-1017, CVE-2023-1018).
May 16, 2023, 07:47 PM
phpipam
Version: 1.5.2-alt1
Summary: PHP-based virtual machine control tool
Changelog:
- 1.5.2 (Fixes: CVE-2023-0676, CVE-2023-0677, CVE-2023-0678, CVE-2023-1211, CVE-2023-1212).
Apr 17, 2023, 10:15 PM
git
Version: 2.33.8-alt1
Summary: Git core and tools
Changelog:
- 2.33.7 -> 2.33.8 (fixes: CVE-2023-25652, CVE-2023-25815, CVE-2023-29007).
Mar 30, 2023, 11:41 AM
libsixel
Version: 1.10.3-alt1
Summary: A SIXEL encoder/decoder implementation
Changelog:
- 1.10.3. - switch to meson. - Security fixes for CVE-2020-11721, CVE-2020-19668.
Mar 29, 2023, 12:03 PM
libmicrohttpd
Version: 0.9.76-alt1
Summary: Library providing compact API and implementation of an HTTP/1.1 webserver
Changelog:
- 0.9.76 released (fixes: CVE-2023-27371)
Mar 29, 2023, 07:29 AM
libmemcached
Version: 1.1.4-alt1
Summary: Client library to the memcached
Changelog:
- 1.1.4 (Fixes CVE-2023-27478) - Change URL to new upstream project - Use CMAKE
Mar 20, 2023, 06:36 PM
flatpak
Version: 1.14.4-alt1
Summary: Application deployment framework for desktop apps
Changelog:
- 1.14.4 (fixed CVE-2023-28100, CVE-2023-28101)
Mar 9, 2023, 11:59 AM
clamav
Version: 0.103.8-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.8 (CVE-2023-20032, CVE-2023-20052)
Jan 24, 2023, 04:58 PM
libxml2
Version: 2.9.12-alt1.p10.1
Summary: The library for manipulating XML files
Changelog:
- Applied security fixes from upstream (Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304).
Dec 22, 2022, 10:23 AM
libcairo
Version: 1.16.0-alt2
Summary: Multi-platform 2D graphics library
Changelog:
- cherry pick upstream fixes for CVE-2018-19876, CVE-2020-35492
Dec 18, 2022, 03:00 AM
libtiff
Version: 4.4.0-alt2
Summary: Library of functions for manipulating TIFF format image files
Changelog:
- Applied SUSE patches (fixed tiff-CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970 and CVE-2022-34526) (closes #44499).
Dec 9, 2022, 12:49 AM
podofo
Version: 0.9.8-alt1
Summary: PDF manipulation library and tools
Changelog:
- new version 0.9.8 (with rpmrb script) - CVE-2021-30469, CVE-2021-30470, CVE-2021-30471, CVE-2021-30472
Dec 5, 2022, 03:48 PM
libarchive
Version: 3.6.1-alt2
Summary: A library for handling streaming archive formats
Changelog:
- security (fixes: CVE-2022-36227)
Nov 28, 2022, 10:52 AM
tcpreplay
Version: 4.4.2-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.2 (Fixes: CVE-2022-28487, CVE-2022-27942, CVE-2022-27940, CVE-2022-37047, CVE-2022-37049, CVE-2022-27939, CVE-2022-25484, CVE-2022-27941)
Nov 10, 2022, 05:19 PM
gmp
Version: 6.2.1-alt5
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Backported upstream commit "mpz/inp_raw.c: Avoid bit size overflows" (thx Marco Bodrato) (fixes CVE-2021-43618).
Nov 8, 2022, 08:01 AM
ntfs-3g
Version: 2021.8.22-alt2
Summary: third generation Linux NTFS driver
Changelog:
Nov 5, 2022, 12:13 PM
libpixman
Version: 0.40.0-alt2.1
Summary: Pixel manipulation library
Changelog:
- apply upstream commit a1f88e842e0216a5b4df1ab023caebe33c101395 to fix CVE-2022-44638
Nov 3, 2022, 04:58 PM
php7
Version: 7.4.33-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.32 -> 7.4.33 (Fixes: CVE-2022-31630, CVE-2022-37454)
Oct 29, 2022, 11:07 PM
expat
Version: 2.5.0-alt1
Summary: An XML parser written in C
Changelog:
- Updated to 2.5.0 (fixes: CVE-2022-43680 Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations, DoS or potentially ACE).
Oct 28, 2022, 02:27 PM
openslp
Version: 2.0.0-alt3
Summary: OpenSLP implementation of Service Location Protocol V2
Changelog:
- Applied security fixes (fixes CVE-2021-4217).
Oct 25, 2022, 05:31 PM
arj
Version: 3.10.22-alt9
Summary: An compressor and uncompressor for .arj format archive files
Changelog:
- Fixes patch CVE-2015-0557-security-traversal-dir (ALT #44143).
Oct 21, 2022, 03:23 PM
perl-DBI
Oct 18, 2022, 12:14 AM
adcli
Version: 0.9.2-alt1
Summary: Active Directory enrollment
Changelog:
- Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer.
Oct 14, 2022, 03:47 PM
aspell
Version: 0.60.8-alt2
Summary: An Open Source interactive spelling checker program
Changelog:
- fixes CVE-2019-25051
Oct 12, 2022, 02:52 PM
lrzsz
Version: 0.12.20-alt2
Summary: Programs for communicating over Z-, Y- & X-modem protocols.
Changelog:
- fixes CVE-2018-10195.
Oct 12, 2022, 07:45 AM
unzip
Oct 11, 2022, 01:38 PM
python3-module-paramiko
Version: 2.11.0-alt1
Summary: SSH2 protocol for python
Changelog:
- 2.8.1 -> 2.11.0 (fixes: CVE-2022-24302).
Aug 31, 2022, 02:17 AM
cifs-utils
Version: 6.15-alt1
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changelog:
- Update to stable release 6.15 (Samba#15025, Samba#15026) - mount.cifs: fix length check for ip option parsing (fixes: CVE-2022-27239) - mount.cifs: fix verbose messages on option parsing (fixes: CVE-2022-29869)
Jun 17, 2022, 03:42 PM
python
Version: 2.7.18-alt10
Summary: An interpreted, interactive object-oriented programming language
Changelog:
- Secutiry update (fixed: CVE-2015-20107). - Fixed Url field.
May 21, 2022, 07:21 AM
openvpn
Version: 2.5.6-alt1
Summary: a full-featured SSL VPN solution
Changelog:
- New version (Closes: 42217) - Security fixes: + CVE-2022-0547: possible authentication bypass if multiple authentication plugins tries to do deferred authentication - Fix build with new python3-module-docutils
May 15, 2022, 08:57 PM
xpdf
Version: 4.04-alt1
Summary: The PDF viewer and tools
Changelog:
- Version bump - Many bugfixes, including security, including: Fixes: CVE-2022-24106, CVE-2022-27135
May 15, 2022, 08:53 AM
unrar
Version: 6.1.7-alt1
Summary: RAR unarchiver
Changelog:
- Autobuild version bump to 6.1.7 - Fixes: CVE-2022-30333
May 14, 2022, 12:52 AM
libopenjpeg2.0
Version: 2.5.0-alt1
Summary: JPEG 2000 codec library (API version 2.0)
Changelog:
- 2.5.0 (fixed CVE-2013-4289, CVE-2013-4290, CVE-2019-6988, CVE-2018-20846, CVE-2018-16376, CVE-2021-29338)
Dec 1, 2021, 07:44 PM
mailman
Version: 2.1.38-alt1
Summary: Mailing list manager with built in web access
Changelog:
- 2.1.37 -> 2.1.38 (fixes for CVE-2021-44227).
Nov 11, 2021, 03:28 PM
screen
Version: 4.8.0-alt2
Summary: A screen manager that supports multiple sessions on one terminal
Changelog:
- Applied SUSE combchar.diff to prevent DoS via crafted UTF-8 character sequence (fixes CVE-2021-26937).
Oct 30, 2021, 09:02 AM
libgfbgraph
Version: 0.2.5-alt1
Summary: A GObject library for Facebook Graph API
Changelog:
- 0.2.5 (fixed CVE-2021-39358)
Sep 20, 2021, 10:54 PM
libytnef
Version: 2.0-alt1
Summary: TNEF Stream Parser Library
Changelog:
- 2.0 (fixed CVE-2021-3403, CVE-2021-3404)
Sep 18, 2021, 02:03 PM
fail2ban
Version: 0.11.2-alt2
Summary: Fail2Ban is an intrusion prevention framework
Changelog:
- fix build, apply patches from upstream - .service: use /run instead of /var/run - CVE-2021-32749
Aug 8, 2021, 04:07 AM
ffmpeg3.3
Version: 3.3.9-alt2.E2K.1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- E2K: apply mcst patches, including CVE-2018-6621 fix
Jul 12, 2021, 10:37 AM
lasso
Version: 2.7.0-alt1
Summary: Liberty Alliance Single Sign On
Changelog:
- New version. - Upstream: + CVE-2021-28091: Fix signature checking on unsigned response with multiple assertions. + configure.ac: Disable java bindings.
Jul 5, 2021, 02:34 PM
audiofile
Version: 0.3.6-alt4
Summary: Library to handle various audio file formats
Changelog:
- applied debian patchset (fixed CVE-2018-13440, CVE-2018-17095) - made flac support optional (enabled by default) - made %check verbose - enabled documentation - fixed License tag
Jun 27, 2021, 10:12 PM
mediawiki-extensions-Widgets
Version: 1.3.0-alt1git
Summary: Widgets extension allows adding widgets to wiki by just creating pages in Widget namespace
Changelog:
- new version (1.3.0) with rpmgs script - CVE-2020-9382, CVE-2020-35625
May 17, 2021, 08:27 PM
chess
Version: 6.2.8-alt1
Summary: The GNU chess program
Changelog:
- Updated to 6.2.8. - Updated book to 1.02. - Fixed CVE-2021-30184. - Packed watch and upstream public signing key to sourcerpm.
Apr 28, 2021, 02:38 PM
avahi
Version: 0.8-alt2
Summary: Local network service discovery
Changelog:
- avoid infinite-loop in avahi-daemon (closes: #39357) (fixes: CVE-2021-3468)
Apr 22, 2021, 05:49 PM
SPICE
Version: 0.15.0-alt1
Summary: Implements the SPICE protocol
Changelog:
- 0.15.0 (Fixes: CVE-2020-14355)
Feb 14, 2021, 09:22 PM
subversion
Version: 1.14.1-alt1
Summary: A version control system
Changelog:
- New version. - Fixes: + CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
Jan 26, 2021, 12:56 PM
trousers
Version: 0.3.15-alt1
Summary: Implementation of the TCG's Software Stack
Changelog:
- 0.3.15 released - Corrected mutliple security issues in tcsd (Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)
Jan 22, 2021, 10:54 AM
shellinabox
Version: 2.20-alt2
Summary: AJAX based terminal emulator exporting a console to the browser
Changelog:
- Applied security fix from upstream (Fixes CVE-2018-16789).