ALT repositories
Last updated at Fri, 24 Jul 2020 16:39:53 +0000 | SRPMs: 18788
en ru
Security fixes

xorg-server-2:1.20.8-alt5.src.rpm  build 2020-12-01

Group: System/X11
Summary: Xserver - X Window System display server
Changes:

- fixes: CVE-2020-25712, CVE-2020-14360

helm-3.4.1-alt1.src.rpm  build 2020-11-23

Group: Development/Tools
Summary: The Kubernetes Package Manager
Changes:

- Updated to upstream version 3.4.1 (Fixes: CVE-2020-4053, CVE-2020-11013,
CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187).

cacti-1.2.15-alt3.src.rpm  build 2020-11-23

Group: Monitoring
Summary: The complete RRDTool-based graphing solution.
Changes:

- Updated to upstream version 1.2.15 (Fixes: CVE-2020-13230, CVE-2020-13231).

kernel-image-std-debug-2:5.4.80-alt1.src.rpm  build 2020-11-22

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.79 (Fixes: CVE-2020-4788)

jbig2dec-0.19-alt1.src.rpm  build 2020-11-20

Group: Graphics
Summary: A decoder implementation of the JBIG2 image compression format
Changes:

- Updated to upstream version 0.19 (Fixes: CVE-2016-9601, CVE-2020-12268).

consul-1.8.6-alt1.src.rpm  build 2020-11-20

Group: Other
Summary: Consul is a tool for service discovery and configuration
Changes:

- Updated to upstream version 1.8.6 (Fixes: CVE-2019-9764, CVE-2019-12291,
CVE-2020-7219, CVE-2020-7955, CVE-2020-12797, CVE-2020-13170, CVE-2020-13250).

krb5-1.17.2-alt1.src.rpm  build 2020-11-19

Group: System/Libraries
Summary: The Kerberos network authentication system
Changes:

- 1.17.2 (Fixes: CVE-2020-28196)

ceph-14.2.14-alt1.src.rpm  build 2020-11-19

Group: System/Base
Summary: User space components of the Ceph file system
Changes:

- 14.2.14
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks

cifs-utils-6.11-alt1.src.rpm  build 2020-11-19

Group: System/Kernel and hardware
Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem
Changes:

- Updated to upstream version 6.11 (Fixes: CVE-2020-14342).

ceph-14.2.15-alt1.src.rpm  build 2020-11-19

Group: System/Base
Summary: User space components of the Ceph file system
Changes:

- 14.2.14
- Fixes for the following security vulnerabilities:
+ CVE-2020-25660 Fix a regression in Messenger V2 replay attacks

thunderbird-78.5.0-alt0.1.p9.src.rpm  build 2020-11-19

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Thunderbird 78.5
- Fix guess timezone for calendar (ALT #38081).

perl-1:5.28.3-alt1.src.rpm  build 2020-11-18

Group: Development/Perl
Summary: Practical Extraction and Report Language
Changes:

- p9 build
- 5.28.3
- fixes CVE-2020-10543,CVE-2020-10878,CVE-2020-12723

libXrender-0.9.10-alt1.src.rpm  build 2020-11-17

Group: System/Libraries
Summary: X Render Library
Changes:

- 0.9.10
- securuty fixes: CVE-2016-7949, CVE-2016-7950

libXtst-1.2.3-alt1.src.rpm  build 2020-11-17

Group: System/Libraries
Summary: The Xtst Library
Changes:

- 1.2.3
- securuty fixes: CVE-2016-7951, CVE-2016-7952

qemu-4.2.1-alt2.src.rpm  build 2020-11-17

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- Fixes: CVE-2020-15863, CVE-2020-24352, CVE-2020-14364

c-ares-1.16.1-alt2.src.rpm  build 2020-11-17

Group: System/Libraries
Summary: A library that performs asynchronous DNS operations
Changes:

- added 0d252eb commit from upstream to resolve security issue (fixes: CVE-2020-8277)

bluez-5.55-alt1.src.rpm  build 2020-11-16

Group: Networking/Other
Summary: Bluetooth utilities
Changes:

- 5.55;
- securuty fixes:
+ CVE-2020-27153 (closes #39291)

libxslt-1.1.34-alt1.p9.1.src.rpm  build 2020-11-16

Group: System/Libraries
Summary: Library providing XSLT support
Changes:

- Backported to p9 (fixes CVE-2019-11068, CVE-2019-13117 and CVE-2019-13118).

openvpn-2.4.9-alt1.src.rpm  build 2020-11-16

Group: System/Servers
Summary: a full-featured SSL VPN solution
Changes:

- New version
- Security fixes:
+ CVE-2020-11810: race condition allowes one client kills other
client session via false client floating (Closes: 39122)

glibc-6:2.27-alt13.src.rpm  build 2020-11-16

Group: System/Base
Summary: The GNU libc libraries
Changes:

- Updated to glibc-2.27-155-gdaf88b1dd1 from 2.27 branch
(fixes: CVE-2020-1752, CVE-2020-6096).

ruby-2.5.9-alt1.src.rpm  build 2020-11-16

Group: Development/Ruby
Summary: An Interpreted Object-Oriented Scripting Language
Changes:

- ^ 2.5.5 -> 2.5.9
- Fixes:
+ CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
(closes #39292)
+ CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
+ CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
File.fnmatch?
+ CVE-2019-16201: Regular Expression Denial of Service vulnerability of
WEBrick's Digest access authentication

node-14.15.1-alt1.src.rpm  build 2020-11-16

Group: Development/Tools
Summary: Evented I/O for V8 Javascript
Changes:

- new version 14.15.1 (with rpmrb script)
- set c-ares >= 1.16.1-alt2
- CVE-2020-8277: Denial of Service through DNS request (High)

firefox-esr-78.5.0-alt0.1.p9.src.rpm  build 2020-11-16

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.5.0).
- Fixes:
+ CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
+ CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
+ CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
+ CVE-2020-26956 XSS through paste (manual and clipboard API)
+ CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
+ CVE-2020-26959 Use-after-free in WebRequestService
+ CVE-2020-26960 Potential use-after-free in uses of nsTArray
+ CVE-2020-15999 Heap buffer overflow in freetype
+ CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
+ CVE-2020-26965 Software keyboards may have remembered typed passwords
+ CVE-2020-26966 Single-word search queries were also broadcast to local network
+ CVE-2020-26968 Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

golang-1.14.12-alt1.src.rpm  build 2020-11-14

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.14.12).
- Fixes:
+ CVE-2020-28362
+ CVE-2020-28366
+ CVE-2020-28367

unzip-6.0-alt4.src.rpm  build 2020-11-13

Group: Archiving/Compression
Summary: An utility for unpacking zip archives
Changes:

- Build with bzip2 compression method support
- Massive apply security patches from Fedora and openSUSE
- Fixes:
+ CVE-2014-8139 CRC32 verification heap-based buffer overread
+ CVE-2014-8140 out-of-bounds write issue in test_compr_eb()
+ CVE-2014-8141 getZip64Data() out-of-bounds read issues
+ CVE-2014-9913 buffer overflow in zipinfo
+ CVE-2014-9636 out-of-bounds read or write and crash
+ CVE-2015-7696 fix for heap overflow
+ CVE-2015-7697 fix infinite loop when extracting empty bzip2 data
+ CVE-2016-9844 buffer overflow in zipinfo in similar way like fix for CVE-2014-9913
+ CVE-2018-1000035 heap based buffer overflow when opening password protected files
+ CVE-2018-18384 buffer overflow, when a ZIP archive specially crafted

mariadb-10.4.17-alt1.src.rpm  build 2020-11-12

Group: Databases
Summary: A very fast and reliable SQL database engine
Changes:

- 10.4.17
- backport fix for MDEV-24096, MDEV-24121, MDEV-24134
- Fixes for the following security vulnerabilities:
+ CVE-2020-14812
+ CVE-2020-14765
+ CVE-2020-14776
+ CVE-2020-14789
+ CVE-2020-15180

libproxy-0.4.15-alt5.src.rpm  build 2020-11-11

Group: System/Libraries
Summary: A library handling all the details of proxy configuration
Changes:

- Applied security fixes from upstream (Fixes: CVE-2020-25219, CVE-2020-26154)

thunderbird-78.4.3-alt0.1.p9.src.rpm  build 2020-11-11

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.4.2).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for

thunderbird-78.5.0-alt0.1.p9.src.rpm  build 2020-11-11

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.4.2).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for

libass-0.15.0-alt1.src.rpm  build 2020-11-10

Group: System/Libraries
Summary: Portable library for SSA/ASS subtitles rendering
Changes:

- Updated to upstream version 0.15.0 (Fixes: CVE-2020-26682).

firefox-esr-78.4.1-alt0.1.p9.src.rpm  build 2020-11-10

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.4.1).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for

firefox-esr-78.5.0-alt0.1.p9.src.rpm  build 2020-11-10

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.4.1).
- Fixes:
+ CVE-2020-26950 Write side effects in MCallGetProperty opcode not accounted for

libxml2-1:2.9.10-alt4.src.rpm  build 2020-11-06

Group: System/Libraries
Summary: The library for manipulating XML files
Changes:

- Applied security fixes from upstream (Fixes: CVE-2019-20388, CVE-2020-7595,
CVE-2020-24977).

puppetserver-6.13.0-alt2.src.rpm  build 2020-11-06

Group: Other
Summary: Server automation framework and application
Changes:

- Updated to upstream version 6.13.0 (Fixes: CVE-2020-7943).

kernel-image-std-debug-2:5.4.76-alt1.src.rpm  build 2020-11-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.75 (Fixes: CVE-2020-25656)

kernel-image-std-debug-2:5.4.78-alt1.src.rpm  build 2020-11-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.75 (Fixes: CVE-2020-25656)

kernel-image-std-debug-2:5.4.80-alt1.src.rpm  build 2020-11-06

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.75 (Fixes: CVE-2020-25656)

aview-1.3.0-alt3.rc1.src.rpm  build 2020-11-05

Group: Graphics
Summary: High quality ascii-art image (pnm) browser and animation (fli/flc) player
Changes:

- Switched to CVE-2008-4935 fix from Debian.
- Added -Werror=implicit-function-declaration compiler flag.

sddm-0.18.1-alt10.src.rpm  build 2020-11-05

Group: Graphical desktop/KDE
Summary: Lightweight QML-based display manager
Changes:

- fix X not having access control on startup (fixes: CVE-2020-28049)
- add fix against graphical glitches on nvidia after VT switching

sddm-0.18.1-alt11.src.rpm  build 2020-11-05

Group: Graphical desktop/KDE
Summary: Lightweight QML-based display manager
Changes:

- fix X not having access control on startup (fixes: CVE-2020-28049)
- add fix against graphical glitches on nvidia after VT switching

wireshark-3.2.8-alt1.src.rpm  build 2020-11-03

Group: Monitoring
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changes:

- 3.2.8
- fixes:
* CVE-2020-28030 the GQUIC dissector could crash.
* CVE-2020-26575 the Facebook Zero Protocol (aka FBZERO) dissector
could enter an infinite loop.

libsdp-1.1.108-alt1.0.17.ga6958ef.src.rpm  build 2020-11-03

Group: System/Libraries
Summary: LD_PRELOAD-able library for using SDP
Changes:

- Updated to upstream version 1.1.108-0.17.ga6958ef (Fixes: CVE-2010-4173).

mimetex-1.76-alt1.src.rpm  build 2020-11-03

Group: Networking/Other
Summary: Mimetex ets you easily embed LaTeX math in your html pages
Changes:

- Updated to version 1.76 from Debian (Fixes: CVE-2009-1382, CVE-2009-2459).

unace-1.2b-alt5.src.rpm  build 2020-11-02

Group: Archiving/Compression
Summary: ACE unarchiver
Changes:

- Cleaned up sources by importing sources from Debian.
- Forced using system build flags.
- Updated fix for CVE-2015-2063.

libtar-1.2.20-alt2.git.6d0ab4c.src.rpm  build 2020-10-29

Group: System/Libraries
Summary: C library for manipulating POSIX tar files
Changes:

- Applied patches from Debian (Fixes: CVE-2013-4420).

antiword-0.37-alt4.src.rpm  build 2020-10-29

Group: Text tools
Summary: Antiword an application to display Microsoft(R) Word files
Changes:

- Applied patches from Debian (Fixes: CVE-2014-8123).

fuseiso-20070708-alt3.src.rpm  build 2020-10-29

Group: File tools
Summary: Mount ISO filesystem images as a non-root user
Changes:

- Applied patches from Gentoo (Fixes: CVE-2015-8836, CVE-2015-8837).

libfreetype-2.10.1-alt1.1.p9.1.src.rpm  build 2020-10-29

Group: System/Libraries
Summary: A free and portable font rendering engine
Changes:

- Fixed CVE-2020-15999.

samba-4.11.15-alt1.src.rpm  build 2020-10-29

Group: System/Servers
Summary: The Samba4 CIFS and AD client and server suite
Changes:

- Update to latest stable security release of the Samba 4.11
- Security fixes:
+ CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
+ CVE-2020-14323: Unprivileged user can crash winbind
+ CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records

nbd-3.20-alt1.src.rpm  build 2020-10-29

Group: Networking/Other
Summary: Network Block Device user space tools
Changes:

- Updated to upstream version 3.20 (Fixes: CVE-2013-6410, CVE-2013-7441, CVE-2015-0847).

  1         3     4     5            Last »  

 
Branches:
hide window
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.