ALT repositories
Last updated at Fri, 24 Jul 2020 14:09:54 +0000 | SRPMs: 22638
en ru
Security fixes

libtar-1.2.20-alt2.git.6d0ab4c.src.rpm  build 2020-10-29

Group: System/Libraries
Summary: C library for manipulating POSIX tar files
Changes:

- Applied patches from Debian (Fixes: CVE-2013-4420).

antiword-0.37-alt4.src.rpm  build 2020-10-29

Group: Text tools
Summary: Antiword an application to display Microsoft(R) Word files
Changes:

- Applied patches from Debian (Fixes: CVE-2014-8123).

unace-1.2b-alt4.src.rpm  build 2020-10-29

Group: Archiving/Compression
Summary: ACE unarchiver
Changes:

- Applied patches from Debian (Fixes: CVE-2015-2063).
- Updated changelog to conform to vulnerability policy.

fuseiso-20070708-alt3.src.rpm  build 2020-10-29

Group: File tools
Summary: Mount ISO filesystem images as a non-root user
Changes:

- Applied patches from Gentoo (Fixes: CVE-2015-8836, CVE-2015-8837).

nbd-3.20-alt1.src.rpm  build 2020-10-29

Group: Networking/Other
Summary: Network Block Device user space tools
Changes:

- Updated to upstream version 3.20 (Fixes: CVE-2013-6410, CVE-2013-7441, CVE-2015-0847).

bchunk-1.2.2-alt1.src.rpm  build 2020-10-28

Group: Archiving/Cd burning
Summary: A CD image format converter from .bin/.cue to .iso/.cdr/.wav
Changes:

- Updated to upstream version 1.2.2 (Fixes: CVE-2017-15953, CVE-2017-15954, CVE-2017-15955).

gifsicle-1.92-alt1.src.rpm  build 2020-10-28

Group: Graphics
Summary: command-line program for manipulating GIF images
Changes:

- Updated to upstream version 1.92 (Fixes: CVE-2017-1000421).

yodl-1:4.03.00-alt2.src.rpm  build 2020-10-28

Group: Text tools
Summary: Yet oneOther Document Language
Changes:

- Updated to upstream version 4.03.00 (Fixes: CVE-2016-10375).

mpg321-0.3.2-alt2.src.rpm  build 2020-10-27

Group: Sound
Summary: A Free command-line mp3 player, compatible with mpg123
Changes:

- Applied patches from Gentoo (Fixes: CVE-2019-14247).

hiredis-0.14.1-alt1.src.rpm  build 2020-10-27

Group: System/Libraries
Summary: The official C client for Redis
Changes:

- Updated to upstream version 0.14.1 (Fixes: CVE-2020-7105).

libhtp-1:0.5.35-alt1.src.rpm  build 2020-10-27

Group: Security/Networking
Summary: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces
Changes:

- Updated to upstream version 0.5.35 (Fixes: CVE-2019-17420).

atftp-0.7.2-alt1.src.rpm  build 2020-10-27

Group: System/Servers
Summary: Advanced Trivial File Transfer Protocol
Changes:

- Updated to upstream version 0.7.2 (Fixes: CVE-2019-11365, CVE-2019-11366).

snmptt-1.4.2-alt1.src.rpm  build 2020-10-27

Group: System/Servers
Summary: An SNMP trap handler written in Perl
Changes:

- Updated to upstream version 1.4.2 (Fixes: CVE-2020-24361).

atftp-0.7.2-alt2.src.rpm  build 2020-10-27

Group: System/Servers
Summary: Advanced Trivial File Transfer Protocol
Changes:

- Updated to upstream version 0.7.2 (Fixes: CVE-2019-11365, CVE-2019-11366).

gdb-8.3-alt3.src.rpm  build 2020-10-26

Group: Development/Debuggers
Summary: A GNU source-level debugger for C, C++ and other languages
Changes:

- Applied upstream patch (ALT#39135) (fixes CVE-2019-1010180).

inspircd-2.0.29-alt1.src.rpm  build 2020-10-26

Group: Networking/IRC
Summary: InspIRCd is a modular Internet Relay Chat (IRC) server
Changes:

- Updated to upstream version 2.0.29 (Fixes: CVE-2019-20917, CVE-2020-25269).

glpi-9.5.2-alt2.src.rpm  build 2020-10-26

Group: Networking/Other
Summary: IT and asset management software
Changes:

-New version 9.5.2
- Security fixes:
+ CVE-2020-15176 : SQL injection with a query parameter of user form
+ CVE-2020-15175 : Removal of .htaccess file in the files folder via a plugin endpoint
+ CVE-2020-15217 : Leakage issue with knowledge base
+ CVE-2020-15177 : Stored XSS in install script
+ CVE-2020-15226 : Minor SQL Injection in Search API

squid-4.13-alt1.src.rpm  build 2020-10-24

Group: System/Servers
Summary: The Squid proxy caching server
Changes:

- 4.13 (Fixes: CVE-2020-15811, CVE-2020-15810, CVE-2020-24606)

chromium-86.0.4240.111-alt1.src.rpm  build 2020-10-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (86.0.4240.111).
- Enable vulkan support on x86/x86_64 platforms (thx Konstantin A. Lepikhov).
- Security fixes:
- CVE-2020-15999: Heap buffer overflow in Freetype.
- CVE-2020-16000: Inappropriate implementation in Blink.
- CVE-2020-16001: Use after free in media.
- CVE-2020-16002: Use after free in PDFium.
- CVE-2020-16003: Use after free in printing.

squid-4.13-alt1.src.rpm  build 2020-10-24

Group: System/Servers
Summary: The Squid proxy caching server
Changes:

- 4.12 (Fixes: CVE-2020-14059, CVE-2020-14058, CVE-2020-15049)

chromium-gost-86.0.4240.111-alt1.src.rpm  build 2020-10-24

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (86.0.4240.111).
- Enable vulkan support on x86/x86_64 platforms (thx Konstantin A. Lepikhov).
- Security fixes:
- CVE-2020-15999: Heap buffer overflow in Freetype.
- CVE-2020-16000: Inappropriate implementation in Blink.
- CVE-2020-16001: Use after free in media.
- CVE-2020-16002: Use after free in PDFium.
- CVE-2020-16003: Use after free in printing.

openldap-2.4.54-alt1.src.rpm  build 2020-10-23

Group: System/Servers
Summary: LDAP libraries and sample clients
Changes:

- 2.4.54 (Fixes: CVE-2020-12243)

hostapd-2.9-alt2.src.rpm  build 2020-10-23

Group: System/Kernel and hardware
Summary: User space daemon for extended IEEE 802.11 management
Changes:

- AP: Silently ignore management frame from unexpected source address
(Fixes: CVE-2019-16275) (Closes: 39131)

wpa_supplicant-2.9-alt3.src.rpm  build 2020-10-23

Group: Security/Networking
Summary: wpa_supplicant is an implementation of the WPA Supplicant component
Changes:

- AP: Silently ignore management frame from unexpected source address
(Fixes: CVE-2019-16275) (Closes: 39132)

ntfs-3g-2:2017.3.23-alt3.src.rpm  build 2020-10-23

Group: System/Kernel and hardware
Summary: third generation Linux NTFS driver
Changes:

- add upstream fix for CVE-2019-9755

xli-1.17.0-alt9.src.rpm  build 2020-10-22

Group: Graphics
Summary: X11 Image Loading Utility
Changes:

- Applied patches from Debian (Fixes: CVE-2005-3178).

pstotext-1.9-alt3.src.rpm  build 2020-10-22

Group: Text tools
Summary: PostScript to text converter
Changes:

- Applied patches from Debian and Gentoo (Fixes: CVE-2005-2536, CVE-2006-5869).
- Build now respects %optflags.

firefox-82.0-alt1.src.rpm  build 2020-10-22

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (82.0).
- Security fixes:
+ CVE-2020-15969: Use-after-free in usersctp
+ CVE-2020-15254: Undefined behavior in bounded channel of crossbeam rust crate
+ CVE-2020-15680: Presence of external protocol handlers could be determined through image tags
+ CVE-2020-15681: Multiple WASM threads may have overwritten each others' stub table entries
+ CVE-2020-15682: The domain associated with the prompt to open an external protocol could be spoofed to display the incorrect origin
+ CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
+ CVE-2020-15684: Memory safety bugs fixed in Firefox 82

nss-3.58.0-alt1.src.rpm  build 2020-10-22

Group: System/Libraries
Summary: Netscape Network Security Services(NSS)
Changes:

- New version (3.58).
- Security fixes:
+ CVE-2020-25648: Tighten CCS handling for middlebox compatibility mode
- Certificate Authority Changes:
+ Add CN=Trustwave Global Certification Authority
+ Add CN=Trustwave Global ECC P256 Certification Authority
+ Add CN=Trustwave Global ECC P384 Certification Authority
+ Remove CN=EE Certification Centre Root CA
+ Remove O=Government Root Certification Authority; C=TW
+ Modify CN=OISTE WISeKey Global Root GA CA

thunderbird-78.4.0-alt1.src.rpm  build 2020-10-22

Group: Networking/Mail
Summary: Thunderbird is Mozilla's e-mail client
Changes:

- New version (78.4.0).
- Fixes:
+ CVE-2020-15969 Use-after-free in usersctp
+ CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4

firefox-82.0.1-alt1.src.rpm  build 2020-10-22

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New release (82.0).
- Security fixes:
+ CVE-2020-15969: Use-after-free in usersctp
+ CVE-2020-15254: Undefined behavior in bounded channel of crossbeam rust crate
+ CVE-2020-15680: Presence of external protocol handlers could be determined through image tags
+ CVE-2020-15681: Multiple WASM threads may have overwritten each others' stub table entries
+ CVE-2020-15682: The domain associated with the prompt to open an external protocol could be spoofed to display the incorrect origin
+ CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
+ CVE-2020-15684: Memory safety bugs fixed in Firefox 82

nss-3.58.0-alt2.src.rpm  build 2020-10-22

Group: System/Libraries
Summary: Netscape Network Security Services(NSS)
Changes:

- New version (3.58).
- Security fixes:
+ CVE-2020-25648: Tighten CCS handling for middlebox compatibility mode
- Certificate Authority Changes:
+ Add CN=Trustwave Global Certification Authority
+ Add CN=Trustwave Global ECC P256 Certification Authority
+ Add CN=Trustwave Global ECC P384 Certification Authority
+ Remove CN=EE Certification Centre Root CA
+ Remove O=Government Root Certification Authority; C=TW
+ Modify CN=OISTE WISeKey Global Root GA CA

t1lib-5.1.2-alt6.src.rpm  build 2020-10-21

Group: System/Libraries
Summary: Type 1 font rasterizer
Changes:

- Applied security fixes from Gentoo (Fixes: CVE-2010-2642, CVE-2011-0433,
CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554, CVE-2011-5244).

spamassassin-3.4.4-alt2.src.rpm  build 2020-10-21

Group: Networking/Mail
Summary: Spam filter for email written in perl
Changes:

- 3.4.4 (fixes: CVE-2020-1931, CVE-2020-1930)
- applied repocop's patch for specfile-useradd-n

libfreetype-2.10.4-alt1.src.rpm  build 2020-10-20

Group: System/Libraries
Summary: A free and portable font rendering engine
Changes:

- 2.10.4 (fix CVE-2020-15999)

firefox-esr-78.4.0-alt1.src.rpm  build 2020-10-20

Group: Networking/WWW
Summary: The Mozilla Firefox project is a redesign of Mozilla's browser
Changes:

- New version (78.4.0).
- Fixes:
+ CVE-2020-15969 Use-after-free in usersctp
+ CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4

w3m-0.5.3-alt3.git20200502.src.rpm  build 2020-10-20

Group: Networking/WWW
Summary: w3m is a pager with Web browsing capability
Changes:

- Updated to snapshot from upstream (Fixes: CVE-2016-9422, CVE-2016-9423,
CVE-2016-9424, CVE-2016-9425, CVE-2016-9426, CVE-2016-9428, CVE-2016-9429,
CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434,
CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439,
CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622,
CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627,
CVE-2016-9628, CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632,
CVE-2016-9633, CVE-2018-6196, CVE-2018-6197, CVE-2018-6198).

libid3tag-0.15.1b-alt9.src.rpm  build 2020-10-19

Group: Sound
Summary: ID3 Tag manipulation library
Changes:

- Applied patches from Debian and Gentoo (Fixes: CVE-2004-2779).

freecol-0.11.6-alt2.src.rpm  build 2020-10-19

Group: Games/Strategy
Summary: FreeCol is opensource Colonization clone.
Changes:

- Applied security fix from Debian (Fixes: CVE-2018-1000825).
- Updated license tag.

feh-3.5-alt1.src.rpm  build 2020-10-19

Group: Graphics
Summary: Image viewer using Imlib 2
Changes:

- Updated to upstream version 3.5 (Fixes: CVE-2017-7875).

phpipam-1.42.027-alt1.src.rpm  build 2020-10-19

Group: Networking/WWW
Summary: PHP-based virtual machine control tool
Changes:

- snapshot of 1.4 branch 0c66d2335a9dd13006c83ed64ae565a4a3cb7f0c
- Update jQuery to address three CVE Vulnerabilities
- Fixes:
+ CVE-2020-11022
+ CVE-2020-11023
+ CVE-2019-11358

matrix-synapse-1.21.2-alt1.src.rpm  build 2020-10-16

Group: Communications
Summary: Synapse: Matrix reference homeserver
Changes:

- new version 1.21.2 (with rpmrb script)
- CVE-2020-26891 (HTML pages were vulnerable to cross-site scripting (XSS) attacks)

pve-qemu-1:5.1.0-alt2.src.rpm  build 2020-10-10

Group: Emulators
Summary: QEMU CPU Emulator
Changes:

- 5.1.0-3 (fix CVE-2020-14364)

chromium-86.0.4240.75-alt1.src.rpm  build 2020-10-10

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (86.0.4240.75).
- Security fixes:
- CVE-2020-15967: Use after free in payments.
- CVE-2020-15968: Use after free in Blink.
- CVE-2020-15969: Use after free in WebRTC.
- CVE-2020-15970: Use after free in NFC.
- CVE-2020-15971: Use after free in printing.
- CVE-2020-15972: Use after free in audio.
- CVE-2020-15973: Insufficient policy enforcement in extensions.
- CVE-2020-15974: Integer overflow in Blink.
- CVE-2020-15975: Integer overflow in SwiftShader.
- CVE-2020-15976: Use after free in WebXR.
- CVE-2020-15977: Insufficient data validation in dialogs.
- CVE-2020-15978: Insufficient data validation in navigation.
- CVE-2020-15979: Inappropriate implementation in V8.
- CVE-2020-15980: Insufficient policy enforcement in Intents.
- CVE-2020-15981: Out of bounds read in audio.
- CVE-2020-15982: Side-channel information leakage in cache.
- CVE-2020-15983: Insufficient data validation in webUI.
- CVE-2020-15984: Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Inappropriate implementation in Blink.
- CVE-2020-15986: Integer overflow in media.
- CVE-2020-15987: Use after free in WebRTC.
- CVE-2020-15988: Insufficient policy enforcement in downloads.
- CVE-2020-15989: Uninitialized Use in PDFium.
- CVE-2020-15990: Use after free in autofill.
- CVE-2020-15991: Use after free in password manager.
- CVE-2020-15992: Insufficient policy enforcement in networking.
- CVE-2020-6557: Inappropriate implementation in networking.

chromium-86.0.4240.111-alt1.src.rpm  build 2020-10-10

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (86.0.4240.75).
- Security fixes:
- CVE-2020-15967: Use after free in payments.
- CVE-2020-15968: Use after free in Blink.
- CVE-2020-15969: Use after free in WebRTC.
- CVE-2020-15970: Use after free in NFC.
- CVE-2020-15971: Use after free in printing.
- CVE-2020-15972: Use after free in audio.
- CVE-2020-15973: Insufficient policy enforcement in extensions.
- CVE-2020-15974: Integer overflow in Blink.
- CVE-2020-15975: Integer overflow in SwiftShader.
- CVE-2020-15976: Use after free in WebXR.
- CVE-2020-15977: Insufficient data validation in dialogs.
- CVE-2020-15978: Insufficient data validation in navigation.
- CVE-2020-15979: Inappropriate implementation in V8.
- CVE-2020-15980: Insufficient policy enforcement in Intents.
- CVE-2020-15981: Out of bounds read in audio.
- CVE-2020-15982: Side-channel information leakage in cache.
- CVE-2020-15983: Insufficient data validation in webUI.
- CVE-2020-15984: Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Inappropriate implementation in Blink.
- CVE-2020-15986: Integer overflow in media.
- CVE-2020-15987: Use after free in WebRTC.
- CVE-2020-15988: Insufficient policy enforcement in downloads.
- CVE-2020-15989: Uninitialized Use in PDFium.
- CVE-2020-15990: Use after free in autofill.
- CVE-2020-15991: Use after free in password manager.
- CVE-2020-15992: Insufficient policy enforcement in networking.
- CVE-2020-6557: Inappropriate implementation in networking.

chromium-gost-86.0.4240.111-alt1.src.rpm  build 2020-10-10

Group: Networking/WWW
Summary: An open source web browser developed by Google
Changes:

- New version (86.0.4240.75).
- Security fixes:
- CVE-2020-15967: Use after free in payments.
- CVE-2020-15968: Use after free in Blink.
- CVE-2020-15969: Use after free in WebRTC.
- CVE-2020-15970: Use after free in NFC.
- CVE-2020-15971: Use after free in printing.
- CVE-2020-15972: Use after free in audio.
- CVE-2020-15973: Insufficient policy enforcement in extensions.
- CVE-2020-15974: Integer overflow in Blink.
- CVE-2020-15975: Integer overflow in SwiftShader.
- CVE-2020-15976: Use after free in WebXR.
- CVE-2020-15977: Insufficient data validation in dialogs.
- CVE-2020-15978: Insufficient data validation in navigation.
- CVE-2020-15979: Inappropriate implementation in V8.
- CVE-2020-15980: Insufficient policy enforcement in Intents.
- CVE-2020-15981: Out of bounds read in audio.
- CVE-2020-15982: Side-channel information leakage in cache.
- CVE-2020-15983: Insufficient data validation in webUI.
- CVE-2020-15984: Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Inappropriate implementation in Blink.
- CVE-2020-15986: Integer overflow in media.
- CVE-2020-15987: Use after free in WebRTC.
- CVE-2020-15988: Insufficient policy enforcement in downloads.
- CVE-2020-15989: Uninitialized Use in PDFium.
- CVE-2020-15990: Use after free in autofill.
- CVE-2020-15991: Use after free in password manager.
- CVE-2020-15992: Insufficient policy enforcement in networking.
- CVE-2020-6557: Inappropriate implementation in networking.

libvirt-6.8.0-alt1.src.rpm  build 2020-10-09

Group: System/Libraries
Summary: Library providing a simple API virtualization
Changes:

- 6.8.0 (Fixes: CVE-2020-15708, CVE-2020-25637)

mediawiki-1.35.0-alt1.src.rpm  build 2020-10-09

Group: Networking/WWW
Summary: A wiki engine, typical installation (with Apache2 and MySQL support)
Changes:

- new version 1.35.0 LTS (with rpmrb script)
- CVE-2020-25813, CVE-2020-25812, CVE-2020-25815
- CVE-2020-17367, CVE-2020-17368, CVE-2020-25814
- CVE-2020-25828, CVE-2020-25869, CVE-2020-25827

mediawiki-1.35.0-alt2.src.rpm  build 2020-10-09

Group: Networking/WWW
Summary: A wiki engine, typical installation (with Apache2 and MySQL support)
Changes:

- new version 1.35.0 LTS (with rpmrb script)
- CVE-2020-25813, CVE-2020-25812, CVE-2020-25815
- CVE-2020-17367, CVE-2020-17368, CVE-2020-25814
- CVE-2020-25828, CVE-2020-25869, CVE-2020-25827

tpm2-tss-2.4.3-alt1.src.rpm  build 2020-10-08

Group: System/Configuration/Hardware
Summary: TPM2.0 Software Stack
Changes:

- 2.4.3 (fixes: CVE-2020-24455)

  1         3     4     5            Last »  

 
Branches:
hide window
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.