О пакете: Shared library for the Qt4 GUI toolkit
Изменения:
- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: wpa_supplicant is an implementation of the WPA Supplicant component
Изменения:
- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)
О пакете: ipmitool - Utility for IPMI control
Изменения:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8
О пакете: A SIMD-accelerated library for manipulating JPEG image format files
Изменения:
- 2.0.6 released (fixes: CVE-2020-13790)
О пакете: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Изменения:
- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
О пакете: A standard terminal emulator for the X Window System
Изменения:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
О пакете: Evented I/O for V8 Javascript
Изменения:
- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect
О пакете: ISC BIND - DNS server
Изменения:
- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).
О пакете: .NET Core SDK binaries
Изменения:
- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET Core 3.1
Изменения:
- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET
Изменения:
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core SDK binaries
Изменения:
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core SDK binaries
Изменения:
- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET Core 3.1
Изменения:
- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET
Изменения:
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Link Layer Discovery Protocol Daemon
Изменения:
- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
О пакете: Link Layer Discovery Protocol Daemon
Изменения:
- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
О пакете: A version control system
Изменения:
- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
О пакете: LDAP libraries and sample clients
Изменения:
- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing
О пакете: Automatic archives creating and extracting library
Изменения:
- 0.3.0 (fixed CVE-2020-36241)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 11.11 (Fixes CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 12.6 (Fixes CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 13.2 (Fixes CVE-2021-20229, CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
О пакете: The PHP7 scripting language
Изменения:
- 7.4.15 (Fixes: CVE-2021-21702)
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
О пакете: Evented I/O for V8 Javascript
Изменения:
- new version 14.15.4 (with rpmrb script)
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
- CVE-2020-8265: use-after-free in TLSWrap (High)
- CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
О пакете: Evented I/O for V8 Javascript
Изменения:
- new version 14.15.4 (with rpmrb script)
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
- CVE-2020-8265: use-after-free in TLSWrap (High)
- CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
О пакете: OpenJDK Runtime Environment 8
Изменения:
- New version (ALT #39635)
- Require ca-trust-java instead of ca-trust (ALT #35690)
- Package nss.cfg
- Security fixes since 1.8.0.212.b04-alt2_0jpp8:
+ JDK-8247619 Improve Direct Buffering of Characters
+ CVE-2020-14779 Enhance support of Proxy class.
+ CVE-2020-14781 Enhanced LDAP contexts.
+ CVE-2020-14782 Enhance certificate processing.
+ CVE-2020-14792 Better range handling.
+ CVE-2020-14796 Improved URI Support.
+ CVE-2020-14797 Better Path Validation.
+ CVE-2020-14798 Enhanced buffer support.
+ CVE-2020-14803 Improved Buffer supports.
+ CVE-2020-14779 Enhance support of Proxy class
+ CVE-2020-14781 Enhanced LDAP contexts
+ CVE-2020-14782 Enhance certificate processing
+ CVE-2020-14792 Better range handling
+ CVE-2020-14796 Improved URI Support
+ CVE-2020-14797 Better Path Validation
+ CVE-2020-14798 Enhanced buffer support
+ CVE-2020-14803 Improved Buffer supports
+ CVE-2020-14579 NullPointerException in DerValue.equals(DerValue)
+ CVE-2020-14578 NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
+ CVE-2020-14556 Better ForkJoinPool behavior
+ CVE-2020-14577 Enhance certificate verification
+ CVE-2020-14581 Better matrix operations
+ CVE-2020-14583 Better Buffer support
+ CVE-2020-14593 Less Affine Transformations
+ CVE-2020-14621 Better XML namespace handling
+ CVE-2020-2754 Forward references to Nashorn
+ CVE-2020-2755 Improve Nashorn matching
+ CVE-2020-2756 Better mapping of serial ENUMs
+ CVE-2020-2757 Less Blocking Array Queues
+ CVE-2020-2773 Better signatures in XML
+ CVE-2020-2781 Improve TLS session handling
+ CVE-2020-2800 Better Headings for HTTP Servers
+ CVE-2020-2803 Enhance buffering of byte buffers
+ CVE-2020-2805 Enhance typing of methods
+ CVE-2020-2830 Better Scanner conversions
+ CVE-2019-2933 Windows file handling redux.
+ CVE-2019-2945 Better socket support.
+ CVE-2019-2949 Better Kerberos ccache handling.
+ CVE-2019-2958 Build Better Processes.
+ CVE-2019-2964 Better support for patterns.
+ CVE-2019-2962 Better Glyph Images.
+ CVE-2019-2973 Better pattern compilation.
+ CVE-2019-2975 Unexpected exception in jjs.
+ CVE-2019-2978 Improved handling of jar files.
+ CVE-2019-2981 Better Path supports.
+ CVE-2019-2983 Better serial attributes.
+ CVE-2019-2987 Better rendering of native glyphs.
+ CVE-2019-2988 Better Graphics2D drawing.
+ CVE-2019-2989 Improve TLS connection support.
+ CVE-2019-2992 Enhance font glyph mapping.
+ CVE-2019-2999 Commentary on Javadoc comments.
+ CVE-2019-2894 Enhance ECDSA operations.
+ CVE-2019-2745 Improved ECC Implementation.
+ CVE-2019-2762 Exceptional throw cases.
+ CVE-2019-2766 Improve file protocol handling.
+ CVE-2019-2769 Better copies of CopiesList.
+ CVE-2019-2786 More limited privilege usage.
+ CVE-2019-7317 Improve PNG support options.
+ CVE-2019-2816 Normalize normalization.
+ CVE-2019-2842 Extended AES support.
О пакете: The PDF viewer and tools
Изменения:
- Version bump
- Many bugfixes, including security, including, but not limited to:
Fixes: CVE-2020-25725, CVE-2020-35376
О пакете: The GNU crypto library
Изменения:
- New version (1.9.1).
- Security fixes:
+ hash-common: fix heap overflow when writing more data after final (A CVE-id
has not yet been assigned).
О пакете: The GNU crypto library
Изменения:
- New version (1.9.1).
- Security fixes:
+ hash-common: fix heap overflow when writing more data after final (A CVE-id
has not yet been assigned).
О пакете: Common Unix Printing System - server package
Изменения:
- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.
1 2 3 4 5 … Следующая › Последняя »