ALT repositories
Last updated at Fri, 24 Jul 2020 16:39:53 +0000 | SRPMs: 18962
en ru
Security fixes

xterm-366-alt1.src.rpm  build 2021-02-24

Group: Terminals
Summary: A standard terminal emulator for the X Window System
Changes:

- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)

dotnet-bootstrap-5.0-5.0.3-alt1.src.rpm  build 2021-02-17

Group: Development/Other
Summary: .NET Core SDK binaries
Changes:

- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt1.src.rpm  build 2021-02-17

Group: Development/Other
Summary: SDK for the .NET
Changes:

- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt1.src.rpm  build 2021-02-17

Group: Development/Other
Summary: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Changes:

- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt1.src.rpm  build 2021-02-17

Group: Development/Other
Summary: Microsoft .NET Runtime and Microsoft.NETCore.App
Changes:

- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

lldpd-1.0.8-alt2.src.rpm  build 2021-02-16

Group: Networking/Other
Summary: Link Layer Discovery Protocol Daemon
Changes:

- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64

subversion-1.14.1-alt1.src.rpm  build 2021-02-14

Group: Development/Other
Summary: A version control system
Changes:

- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

openldap-2.4.57-alt0.M90P.1.src.rpm  build 2021-02-13

Group: System/Servers
Summary: LDAP libraries and sample clients
Changes:

- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing

postgresql11-11.11-alt1.src.rpm  build 2021-02-11

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 11.11 (Fixes CVE-2021-3393)

postgresql12-12.6-alt0.M90P.1.src.rpm  build 2021-02-11

Group: Databases
Summary: PostgreSQL client programs and libraries
Changes:

- 12.6 (Fixes CVE-2021-3393)

postgresql12-1C-12.5-alt5.src.rpm  build 2021-02-11

Group: Databases
Summary: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Changes:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

php7-7.3.27-alt1.src.rpm  build 2021-02-09

Group: Development/Other
Summary: The PHP7 scripting language
Changes:

- 7.3.27 (Fixes: CVE-2021-21702)

chromium-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-02-06

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

chromium-gost-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-02-06

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

chromium-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-02-03

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.

chromium-gost-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-02-03

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.

xpdf-4.03-alt1.src.rpm  build 2021-01-30

Group: Office
Summary: The PDF viewer and tools
Changes:

- Version bump
- Many bugfixes, including security, including, but not limited to:
Fixes: CVE-2020-25725, CVE-2020-35376

cups-2.3.3-alt1.src.rpm  build 2021-01-28

Group: System/Servers
Summary: Common Unix Printing System - server package
Changes:

- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.

nagios-3.0.6-alt15.src.rpm  build 2021-01-27

Group: Monitoring
Summary: Services and network monitoring system
Changes:

- Fixes:
+ CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file.
- Don't install the PID file.

sudo-1:1.9.5p2-alt1.src.rpm  build 2021-01-27

Group: System/Base
Summary: Allows command execution as another user
Changes:

- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615)
- Added sudo-python package with Sudo Python Plugin API
- Added sudo-logsrvd package with High-performance log server

nagios-3.0.6-alt15.src.rpm  build 2021-01-27

Group: Monitoring
Summary: Services and network monitoring system
Changes:

- Fixes:
+ CVE-2016-8641 Privilege escalation via symbolic links.
+ CVE-2016-9566 Gaining root privileges via a symlink attack on the log file.
+ CVE-2014-1878 Possible segfault in cmd.cgi.

thunderbird-78.7.0-alt0.1.p9.src.rpm  build 2021-01-27

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7

thunderbird-78.7.1-alt0.1.p9.src.rpm  build 2021-01-27

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7

trousers-0.3.15-alt1.src.rpm  build 2021-01-26

Group: System/Base
Summary: Implementation of the TCG's Software Stack
Changes:

- 0.3.15 released
- Corrected mutliple security issues in tcsd
(Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)

firefox-esr-78.7.0-alt0.1.p9.src.rpm  build 2021-01-26

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

firefox-esr-78.7.1-alt0.1.p9.src.rpm  build 2021-01-26

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

chromium-88.0.4324.96-alt0.1.p9.src.rpm  build 2021-01-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

chromium-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-01-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

chromium-gost-88.0.4324.96-alt0.1.p9.src.rpm  build 2021-01-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

chromium-gost-88.0.4324.150-alt0.1.p9.src.rpm  build 2021-01-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

containerd-1.3.9-alt1.src.rpm  build 2021-01-22

Group: Development/Other
Summary: A daemon to control runC
Changes:

- 1.3.9 (Fixes: CVE-2020-15257)

shellinabox-2.20-alt2.src.rpm  build 2021-01-22

Group: Networking/Remote access
Summary: AJAX based terminal emulator exporting a console to the browser
Changes:

- Applied security fix from upstream (Fixes CVE-2018-16789).

dnsmasq-2.83-alt1.src.rpm  build 2021-01-22

Group: System/Servers
Summary: A lightweight caching nameserver
Changes:

- Use useradd -N instead of -n.
- Updated to 2.83 (fixes: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683,
CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687).

imapfilter-2.7.5-alt2.src.rpm  build 2021-01-22

Group: System/Configuration/Networking
Summary: mail filtering utility
Changes:

- 2.7.5 (Fixes CVE-2016-10937).

libmspack-0.6-alt2.src.rpm  build 2021-01-21

Group: Development/C
Summary: Compressors and decompressors for Microsoft compression formats
Changes:

- Applied security fix from upstream (Fixes CVE-2018-18584).

libevt-20140411-alt2.src.rpm  build 2021-01-21

Group: File tools
Summary: Library and tools to access the Windows Event Log (EVT) format
Changes:

- Applied security fix from upstream (Fixes CVE-2018-8754).

rclone-1.53.4-alt1.src.rpm  build 2021-01-21

Group: Networking/File transfer
Summary: rsync for cloud storage
Changes:

- New version 1.53.4 (Fixes: CVE-2020-28924).

spice-vdagent-1:0.21.0-alt1.src.rpm  build 2021-01-21

Group: Networking/Remote access
Summary: Agent for Spice guests
Changes:

- new version 0.21.0 (Fixes CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653).

x11vnc-0.9.16-alt2.src.rpm  build 2021-01-20

Group: Networking/Remote access
Summary: VNC server for real X displays
Changes:

- Applied security fix from upstream (Fixes: CVE-2020-29074).

ffmpeg-2:4.3.1-alt4.src.rpm  build 2021-01-20

Group: Video
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changes:

- Applied security fixes from upstream (Fixes: CVE-2020-35964, CVE-2020-35965).

screen-4.6.2-alt3.p9.1.src.rpm  build 2021-01-20

Group: Terminals
Summary: A screen manager that supports multiple sessions on one terminal
Changes:

- Backported upstream commits (fixes CVE-2020-9366).

golang-1.14.14-alt1.src.rpm  build 2021-01-20

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.14.14).
- Fixes:
+ CVE-2021-3114
+ CVE-2021-3115

golang-1.14.15-alt1.src.rpm  build 2021-01-20

Group: Development/Other
Summary: The Go Programming Language
Changes:

- New version (1.14.14).
- Fixes:
+ CVE-2021-3114
+ CVE-2021-3115

gif2png-3.0.0-alt2.git.a9592ae.src.rpm  build 2021-01-20

Group: Graphics
Summary: A GIF to PNG converter
Changes:

- Updated to latest upstream snapshot (Fixes: CVE-2019-17371).

libexif-0.6.22-alt3.src.rpm  build 2021-01-19

Group: System/Libraries
Summary: libexif is a library for parsing, editing, and saving EXIF data
Changes:

- added upstream commit:
+ fixed a incorrect overflow check that could be optimized away
(fixes CVE-2020-0452)

openvswitch-2.14.1-alt0.p9.src.rpm  build 2021-01-19

Group: Networking/Other
Summary: An open source, production quality, multilayer virtual switch
Changes:

- 2.14.1 (Fixes: CVE-2015-8011, CVE-2020-27827)

kernel-image-un-def-1:5.10.7-alt1.src.rpm  build 2021-01-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.10.7 (Fixes: CVE-2020-28374)

kernel-image-std-debug-2:5.4.89-alt1.src.rpm  build 2021-01-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.89 (Fixes: CVE-2020-28374)

kernel-image-std-debug-2:5.4.91-alt1.src.rpm  build 2021-01-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.4.89 (Fixes: CVE-2020-28374)

kernel-image-un-def-1:5.10.9-alt2.src.rpm  build 2021-01-13

Group: System/Kernel and hardware
Summary: The Linux kernel (the core of the Linux operating system)
Changes:

- v5.10.7 (Fixes: CVE-2020-28374)

  1         3     4     5            Last »  

 
Branches:
hide window
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.