Репозиторий Sisyphus
Последнее обновление: 2017-07-28 22:06:10 +0400 | Пакетов: 17958 | Войти или Зарегистрироватся
en ru uk br
Security fixes

libwebkitgtk4-2.16.6-alt1  сборка 2017-07-27

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 2.16.6 (fixed CVE-2017-7039, CVE-2017-7018, CVE-2017-7030,
CVE-2017-7037, CVE-2017-7034, CVE-2017-7055, CVE-2017-7056,
CVE-2017-7064, CVE-2017-7061, CVE-2017-7048, CVE-2017-7046)

autotrace-0.31.1-alt7.S1  сборка 2017-07-25

Группа: Графика
О пакете: Bitmap to vector graphics converter
Изменения:

- fixed CVE-2016-7392

MySQL-5.5.57-alt1  сборка 2017-07-24

Группа: Базы данных
О пакете: A very fast and reliable SQL database engine
Изменения:

- 5.5.57 (Fixes: CVE-2017-3653, CVE-2017-3651, CVE-2017-3652, CVE-2017-3648, CVE-2017-3641, CVE-2017-3636, CVE-2017-3635)
- Fixes various memory and pointer mishandlings.

wireshark-2.2.8-alt1.S1  сборка 2017-07-21

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- new version:
* wnpa-sec-2017-13 WBMXL dissector infinite loop CVE-2017-7702, CVE-2017-11410
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350, CVE-2017-11411
* wnpa-sec-2017-34 AMQP dissector crash CVE-2017-11408
* wnpa-sec-2017-35 MQ dissector crash CVE-2017-11407
* wnpa-sec-2017-36 DOCSIS infinite loop CVE-2017-11406

virtualbox-5.1.24-alt1.S1  сборка 2017-07-20

Группа: Эмуляторы
О пакете: VM VirtualBox OSE - Virtual Machine for x86 hardware
Изменения:

- new version 5.1.24
(Fixes: CVE-2017-10129, CVE-2017-10187, CVE-2017-10204, CVE-2017-10209, CVE-2017-10210, CVE-2017-10233, CVE-2017-10235, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242)

librsvg-1:2.40.18-alt1  сборка 2017-07-20

Группа: Система/Библиотеки
О пакете: SVG rendering library
Изменения:

- 2.40.18 (fixed CVE-2017-11464)

evince-3.24.0-alt2  сборка 2017-07-14

Группа: Офис
О пакете: A document viewer
Изменения:

- updated to 3.24.0-12-g717df38 (fixed BGO ##691448, 779614,
784630 (CVE-2017-1000083))

openvswitch-2.7.1-alt1  сборка 2017-07-13

Группа: Сети/Прочее
О пакете: An open source, production quality, multilayer virtual switch
Изменения:

- 2.7.1 with security fixes:
+ CVE-2017-9214 Buffer overrread in ofputil_pull_queue_get_config_reply10().
+ CVE-2017-9263 remote DoS attack by a malicious switch.
+ CVE-2017-9265 buffer over-read while parsing the group mod OpenFlow message sent from the controller

mpg123-1.25.2-alt1  сборка 2017-07-13

Группа: Звук
О пакете: MPEG audio player
Изменения:

- 1.25.2 (fixed CVE-2017-11126)

samba-4.6.6-alt1.S1  сборка 2017-07-12

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation
(Samba binaries built against MIT Kerberos are not vulnerable.)

samba-DC-4.6.6-alt1.S1  сборка 2017-07-12

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Update to summer security release
- Security fixes:
+ CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation

davfs2-1.5.4-alt1.S1  сборка 2017-07-12

Группа: Сети/Прочее
О пакете: Linux file system driver that allows you to mount a WebDAV server as a local file system.
Изменения:

- new version with security fixes:
+ CVE-2013-4362 Unsecure use of system()

oniguruma-6.4.0-alt1.S1  сборка 2017-07-12

Группа: Система/Библиотеки
О пакете: Regular expressions library
Изменения:

- new version with security fixes (CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

nginx-1.12.1-alt1.S1  сборка 2017-07-11

Группа: Система/Серверы
О пакете: Fast HTTP server
Изменения:

- Updated to 1.12.1 (Fixes CVE-2017-7529).

php5-5.6.31-alt1.S1  сборка 2017-07-07

Группа: Разработка/Прочее
О пакете: The PHP5 scripting language
Изменения:

- new version with security fixes for mbstring (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)

libgcrypt-1.6.6-alt2.S1  сборка 2017-07-06

Группа: Система/Библиотеки
О пакете: The GNU crypto library
Изменения:

- security fixes: CVE-2017-7526

kernel-image-ovz-el-2.6.32-alt154  сборка 2017-07-04

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- Updated to 042stab123.9 (Updated fix for CVE-2017-1000364).

ocaml-4.04.2-alt1.S1  сборка 2017-07-04

Группа: Разработка/ML
О пакете: The Objective Caml compiler and programming environment
Изменения:

- new version with security fixes:
+ CVE-2017-9772 Local privilege escalation issue with ocaml binaries

tor-0.3.0.9-alt1.S1  сборка 2017-06-30

Группа: Система/Серверы
О пакете: Anonymizing overlay network for TCP (The onion router)
Изменения:

- new version (Fixes: CVE-2017-0377)

kernel-image-ovz-el-2.6.32-alt153  сборка 2017-06-27

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- Updated to 042stab123.8 (Fixes: CVE-2017-9077 CVE-2017-9076 CVE-2017-9075
CVE-2017-9074 CVE-2017-8890 CVE-2017-1000364).

firefox-54.0-alt1  сборка 2017-06-25

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (54.0).
- Fixed:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7759: Android intent URLs can cause navigation to local file system
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7762: Addressbar spoofing in Reader mode
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-7770: Addressbar spoofing with JavaScript events and fullscreen mode
+ CVE-2017-5471: Memory safety bugs fixed in Firefox 54
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

thunderbird-52.2.0-alt1  сборка 2017-06-22

Группа: Сети/Почта
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:

- New version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

libwebkitgtk4-2.16.4-alt1  сборка 2017-06-22

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 2.16.4 (fixed CVE-2017-2538)

openvpn-2.4.3-alt1  сборка 2017-06-21

Группа: Система/Серверы
О пакете: a full-featured SSL VPN solution
Изменения:

- New version
- Security fixes:
+ CVE-2017-7522 Post-authentication --x509-track remote DoS
+ CVE-2017-7521 Post-authentication remote-triggerable memory leaks
+ CVE-2017-7521 Potential post-authentication remote code execution
on servers that use the --x509-username-field option
+ CVE-2017-7520 Pre-authentication remote crash / information disclosure
for clients
+ CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- Force to use built-in PIN prompt with PKCS11 regardless
of systemd presence (OpenVPN bug 538)

firefox-esr-52.2.0-alt1  сборка 2017-06-21

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New ESR version (52.2.0)
- Security fixes:
+ CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
+ CVE-2017-7749: Use-after-free during docshell reloading
+ CVE-2017-7750: Use-after-free with track elements
+ CVE-2017-7751: Use-after-free with content viewer listeners
+ CVE-2017-7752: Use-after-free with IME input
+ CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
+ CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files
+ CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
+ CVE-2017-7757: Use-after-free in IndexedDB
+ CVE-2017-7778: Vulnerabilities in the Graphite 2 library
+ CVE-2017-7758: Out-of-bounds read in Opus encoder
+ CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application
+ CVE-2017-7763: Mac fonts render some unicode characters as spaces
+ CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
+ CVE-2017-7765: Mark of the Web bypass when saving executable files
+ CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service
+ CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service
+ CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
+ CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

kernel-image-std-def-1:4.9.33-alt3  сборка 2017-06-19

Группа: Система/Ядро и оборудование
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:

- (Fixes: CVE-2017-1000364)

curl-7.54.1-alt1.S1  сборка 2017-06-14

Группа: Сети/Передача файлов
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:

- new version with security fixes:
CVE-2017-9502: URL file scheme drive letter buffer overflow

adobe-flash-player-ppapi-3:26-alt1.S1  сборка 2017-06-14

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084,
CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079,
CVE-2017-3082

chromium-59.0.3071.86-alt1  сборка 2017-06-09

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (59.0.3071.86).
- Security fixes:
- CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
- CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15

wireshark-2.2.7-alt1.S1  сборка 2017-06-04

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- new version with these security fixes:
* wnpa-sec-2017-22 Bazaar dissector infinite loop CVE-2017-9352
* wnpa-sec-2017-23 DOF dissector read overflow CVE-2017-9348
* wnpa-sec-2017-24 DHCP dissector read overflow CVE-2017-9351
* wnpa-sec-2017-25 SoulSeek dissector infinite loop CVE-2017-9346
* wnpa-sec-2017-26 DNS dissector infinite loop CVE-2017-9345
* wnpa-sec-2017-27 DICOM dissector infinite loop CVE-2017-9349
* wnpa-sec-2017-28 openSAFETY dissector memory exhaustion CVE-2017-9350
* wnpa-sec-2017-29 BT L2CAP dissector divide by zero CVE-2017-9344
* wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
* wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
* wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
* wnpa-sec-2017-30 MSNIP dissector crash CVE-2017-9343
* wnpa-sec-2017-31 ROS dissector crash CVE-2017-9347
* wnpa-sec-2017-32 RGMP dissector crash CVE-2017-9354
* wnpa-sec-2017-33 IPv6 dissector crash CVE-2017-9353

libquicktime111-1.2.4-alt4  сборка 2017-06-03

Группа: Видео
О пакете: A library for manipulating QuickTime files
Изменения:

- rebuilt with ffmpeg-3.3.1
- fixed integer overflow in the quicktime_read_pascal (Fixes: CVE-2016-2399)

sudo-1:1.8.20p1-alt1.S1  сборка 2017-05-31

Группа: Система/Основа
О пакете: Allows command execution as another user
Изменения:

- Update to spring security release ((Fixes: CVE-2017-1000367)

libwebkitgtk4-2.16.3-alt1  сборка 2017-05-27

Группа: Система/Библиотеки
О пакете: Web browser engine
Изменения:

- 2.16.3 (fixed CVE-2017-2496, CVE-2017-2539, CVE-2017-2510)

samba-4.6.4-alt1.S1  сборка 2017-05-24

Группа: Система/Серверы
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:

- Update to second spring security release
- Fix longtime initialization bug in ldb proxy
- Security fixes:
+ CVE-2017-7494 Remote code execution from a writable share

samba-DC-4.6.4-alt1.S1  сборка 2017-05-24

Группа: Система/Серверы
О пакете: Samba Active Directory Domain Controller
Изменения:

- Update to second spring security release
- Fix longtime initialization bug in ldb proxy
- Security fixes:
+ CVE-2017-7494 Remote code execution from a writable share

kde5-smb4k-2.0.1-alt1.S1  сборка 2017-05-19

Группа: Сети/Прочее
О пакете: A KDE SMB/CIFS share browser
Изменения:

- security fixes: CVE-2017-8849

apache2-1:2.4.25-alt1  сборка 2017-05-18

Группа: Система/Серверы
О пакете: The most widely used Web server on the Internet
Изменения:

- updated to 2.4.25 witch security fixes:
+ CVE-2016-8740 mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
+ CVE-2016-5387 core: Mitigate [f]cgi "httpoxy" issues
+ CVE-2016-2161 mod_auth_digest: Prevent segfaults during client entry allocation when the shared memory space is exhausted.
+ CVE-2016-0736 mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack.
- increased service startup time (closes: #33491)
- cleanup spec and patches

openvpn-2.4.2-alt1  сборка 2017-05-14

Группа: Система/Серверы
О пакете: a full-featured SSL VPN solution
Изменения:

- New version
- Security fixes:
+ CVE-2017-7478 Don't assert out on receiving too-large control packets
+ CVE-2017-7479 Drop packets instead of assert out if packet id rolls over

git-2.10.3-alt1  сборка 2017-05-11

Группа: Разработка/Прочее
О пакете: Git core and tools
Изменения:

- 2.10.2 -> 2.10.3 (fixes: CVE-2017-8386).

jq-1.5-alt1.S1  сборка 2017-05-10

Группа: Разработка/Прочее
О пакете: Command-line JSON processor
Изменения:

- new version with security fixes (CVE-2015-8863)

adobe-flash-player-ppapi-3:25-alt3.S1  сборка 2017-05-10

Группа: Сети/WWW
О пакете: Adobe Flash Player
Изменения:

- new version
- security fixes:
CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071,
CVE-2017-3072, CVE-2017-3073, CVE-2017-3074

firefox-esr-52.0-alt1  сборка 2017-05-08

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (52.0) based on legion@ build.
- Built with internal icu.
- Fixed:
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ CVE-2017-5402: Use-after-free working with events in FontFace objects
+ CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
+ CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
+ CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
+ CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
+ CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
+ CVE-2017-5412: Buffer overflow read in SVG filters
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ CVE-2017-5414: File picker can choose incorrect default directory
+ CVE-2017-5415: Addressbar spoofing through blob URL
+ CVE-2017-5416: Null dereference crash in HttpChannel
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
+ CVE-2017-5419: Repeated authentication prompts lead to DOS attack
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar location
+ CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
+ CVE-2017-5421: Print preview spoofing
+ CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

firefox-esr-52.1.1-alt1  сборка 2017-05-08

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New ESR version (52.1.1)
- Set plugin.load_flash_only setting to false to allow use all NPAPI plugins
- Security fixes since 52.0:
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5031: Use after free in ANGLE
+ CVE-2017-5428: integer overflow in createImageBitmap()
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR
+ CVE-2017-5435: Use-after-free during transaction processing in the
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during
+ CVE-2017-5444: Buffer overflow while parsing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ CVE-2017-5455: Sandbox escape through internal feed reader APIs
+ CVE-2017-5456: Sandbox escape allowing local file system access
+ CVE-2017-5464: Memory corruption with accessibility and DOM
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html
+ CVE-2017-5467: Memory corruption when drawing Skia content

firefox-53.0.2-alt1  сборка 2017-05-07

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (53.0.2).
- Fixed:
+ CVE-2017-5031: Use after free in ANGLE

mariadb-10.1.23-alt1.S1  сборка 2017-05-05

Группа: Базы данных
О пакете: A very fast and reliable SQL database engine
Изменения:

- 10.1.23
- add maria-backup package
- Fixes for the following security vulnerabilities:
+ CVE-2017-3302
+ CVE-2017-3313
+ CVE-2017-3308
+ CVE-2017-3309
+ CVE-2017-3453
+ CVE-2017-3456
+ CVE-2017-3464

LibreSSL-2.5.4-alt1  сборка 2017-05-03

Группа: Безопасность/Сети
О пакете: OpenBSD fork of OpenSSL library
Изменения:

- 2.5.4
- Fixes:
+ CVE-2017-8301

thunderbird-52.1.0-alt1  сборка 2017-05-02

Группа: Сети/Почта
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:

- New version (52.0.1)
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5433: Use-after-free in SMIL animation functions
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5435: Use-after-free during transaction processing in the
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5444: Buffer overflow while parsing
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5449: Crash during bidirectional unicode manipulation with
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5454: Sandbox escape allowing file system read access through
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5464: Memory corruption with accessibility and DOM
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html
+ CVE-2017-5467: Memory corruption when drawing Skia content
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2016-10196: Vulnerabilities in Libevent library

firefox-53.0-alt1  сборка 2017-05-01

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (53.0).
- Built with internal hunspell.
- Fixed:
+ CVE-2017-5433: Use-after-free in SMIL animation functions
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2016-10196: Vulnerabilities in Libevent library
+ CVE-2017-5454: Sandbox escape allowing file system read access through file picker
+ CVE-2017-5455: Sandbox escape through internal feed reader APIs
+ CVE-2017-5456: Sandbox escape allowing local file system access
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
+ CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
+ CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
+ CVE-2017-5451: Addressbar spoofing with onblur event
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
+ CVE-2017-5467: Memory corruption when drawing Skia content
+ CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
+ CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
+ CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
+ CVE-2017-5468: Incorrect ownership model for Private Browsing information
+ CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

libplist-2.0.0-alt1  сборка 2017-04-30

Группа: Система/Библиотеки
О пакете: Library for manipulating Apple Binary and XML Property Lists
Изменения:

- 2.0.0 (fixed CVE-2017-6440, CVE-2017-6439, CVE-2017-6438, CVE-2017-6437,
CVE-2017-6436, CVE-2017-6435, CVE-2017-5836, CVE-2017-5835, CVE-2017-5834,
CVE-2017-5545, CVE-2017-5209)

firefox-gost-45.9.0-alt1  сборка 2017-04-20

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser (with GOST support)
Изменения:

- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions

  1         3     4     5            Последняя »  

 
© 2009–2017 Игорь Зубков