Репозитории ALT
Последнее обновление в Пт, 24 июля 2020, 14:09:54 +0000 | Пакетов: 23857
en ru
Исправления уязвимостей

qt4-4.8.7-alt22.src.rpm  сборка 2021-03-04

Группа: Система/Библиотеки
О пакете: Shared library for the Qt4 GUI toolkit
Изменения:

- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.

firefox-86.0-alt1.src.rpm  сборка 2021-03-01

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86

wpa_supplicant-2.9-alt4.src.rpm  сборка 2021-03-01

Группа: Безопасность/Сети
О пакете: wpa_supplicant is an implementation of the WPA Supplicant component
Изменения:

- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)

ipmitool-1.8.18-alt4.src.rpm  сборка 2021-02-27

Группа: Система/Ядро и оборудование
О пакете: ipmitool - Utility for IPMI control
Изменения:

- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10

thunderbird-78.8.0-alt1.src.rpm  сборка 2021-02-25

Группа: Сети/Почта
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:

- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8

libjpeg-turbo-2:2.0.6-alt1.src.rpm  сборка 2021-02-24

Группа: Система/Библиотеки
О пакете: A SIMD-accelerated library for manipulating JPEG image format files
Изменения:

- 2.0.6 released (fixes: CVE-2020-13790)

python3-module-django-2.2.19-alt1.src.rpm  сборка 2021-02-24

Группа: Разработка/Python 3
О пакете: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Изменения:

- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()

wireshark-3.4.3-alt1.src.rpm  сборка 2021-02-24

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)

xterm-366-alt1.src.rpm  сборка 2021-02-24

Группа: Терминалы
О пакете: A standard terminal emulator for the X Window System
Изменения:

- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)

firefox-esr-78.8.0-alt1.src.rpm  сборка 2021-02-23

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

node-14.16.0-alt1.src.rpm  сборка 2021-02-23

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect

bind-9.11.28-alt1.src.rpm  сборка 2021-02-18

Группа: Система/Серверы
О пакете: ISC BIND - DNS server
Изменения:

- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).

dotnet-bootstrap-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:

- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-3.1-3.1.406-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET Core 3.1
Изменения:

- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET
Изменения:

- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-2.1-2.1.25-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:

- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-3.1-3.1.12-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:

- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-3.1-3.1.406-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET Core 3.1
Изменения:

- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET
Изменения:

- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-3.1-3.1.12-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:

- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

lldpd-1.0.8-alt1.src.rpm  сборка 2021-02-16

Группа: Сети/Прочее
О пакете: Link Layer Discovery Protocol Daemon
Изменения:

- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64

lldpd-1.0.8-alt2.src.rpm  сборка 2021-02-16

Группа: Сети/Прочее
О пакете: Link Layer Discovery Protocol Daemon
Изменения:

- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64

subversion-1.14.1-alt1.src.rpm  сборка 2021-02-14

Группа: Разработка/Прочее
О пакете: A version control system
Изменения:

- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

openldap-2.4.57-alt1.src.rpm  сборка 2021-02-13

Группа: Система/Серверы
О пакете: LDAP libraries and sample clients
Изменения:

- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing

libgnome-autoar-0.3.0-alt1.src.rpm  сборка 2021-02-12

Группа: Система/Библиотеки
О пакете: Automatic archives creating and extracting library
Изменения:

- 0.3.0 (fixed CVE-2020-36241)

postgresql11-11.11-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 11.11 (Fixes CVE-2021-3393)

postgresql12-12.6-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 12.6 (Fixes CVE-2021-3393)

postgresql13-13.2-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 13.2 (Fixes CVE-2021-20229, CVE-2021-3393)

postgresql12-1C-12.5-alt4.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

postgresql12-1C-12.5-alt5.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

php7-7.4.15-alt1.src.rpm  сборка 2021-02-09

Группа: Разработка/Прочее
О пакете: The PHP7 scripting language
Изменения:

- 7.4.15 (Fixes: CVE-2021-21702)

chromium-88.0.4324.150-alt1.src.rpm  сборка 2021-02-06

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

chromium-gost-88.0.4324.150-alt1.src.rpm  сборка 2021-02-06

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

node-14.15.4-alt1.src.rpm  сборка 2021-02-05

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 14.15.4 (with rpmrb script)
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
- CVE-2020-8265: use-after-free in TLSWrap (High)
- CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

node-14.16.0-alt1.src.rpm  сборка 2021-02-05

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 14.15.4 (with rpmrb script)
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
- CVE-2020-8265: use-after-free in TLSWrap (High)
- CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)

chromium-88.0.4324.146-alt1.src.rpm  сборка 2021-02-03

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.

chromium-88.0.4324.150-alt1.src.rpm  сборка 2021-02-03

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.

chromium-gost-88.0.4324.150-alt1.src.rpm  сборка 2021-02-03

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.146).
- Security fixes:
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.

java-1.8.0-openjdk-0:1.8.0.282.b08-alt1_0jpp8.src.rpm  сборка 2021-02-03

Группа: Разработка/Прочее
О пакете: OpenJDK Runtime Environment 8
Изменения:

- New version (ALT #39635)
- Require ca-trust-java instead of ca-trust (ALT #35690)
- Package nss.cfg
- Security fixes since 1.8.0.212.b04-alt2_0jpp8:
+ JDK-8247619 Improve Direct Buffering of Characters
+ CVE-2020-14779 Enhance support of Proxy class.
+ CVE-2020-14781 Enhanced LDAP contexts.
+ CVE-2020-14782 Enhance certificate processing.
+ CVE-2020-14792 Better range handling.
+ CVE-2020-14796 Improved URI Support.
+ CVE-2020-14797 Better Path Validation.
+ CVE-2020-14798 Enhanced buffer support.
+ CVE-2020-14803 Improved Buffer supports.
+ CVE-2020-14779 Enhance support of Proxy class
+ CVE-2020-14781 Enhanced LDAP contexts
+ CVE-2020-14782 Enhance certificate processing
+ CVE-2020-14792 Better range handling
+ CVE-2020-14796 Improved URI Support
+ CVE-2020-14797 Better Path Validation
+ CVE-2020-14798 Enhanced buffer support
+ CVE-2020-14803 Improved Buffer supports
+ CVE-2020-14579 NullPointerException in DerValue.equals(DerValue)
+ CVE-2020-14578 NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
+ CVE-2020-14556 Better ForkJoinPool behavior
+ CVE-2020-14577 Enhance certificate verification
+ CVE-2020-14581 Better matrix operations
+ CVE-2020-14583 Better Buffer support
+ CVE-2020-14593 Less Affine Transformations
+ CVE-2020-14621 Better XML namespace handling
+ CVE-2020-2754 Forward references to Nashorn
+ CVE-2020-2755 Improve Nashorn matching
+ CVE-2020-2756 Better mapping of serial ENUMs
+ CVE-2020-2757 Less Blocking Array Queues
+ CVE-2020-2773 Better signatures in XML
+ CVE-2020-2781 Improve TLS session handling
+ CVE-2020-2800 Better Headings for HTTP Servers
+ CVE-2020-2803 Enhance buffering of byte buffers
+ CVE-2020-2805 Enhance typing of methods
+ CVE-2020-2830 Better Scanner conversions
+ CVE-2019-2933 Windows file handling redux.
+ CVE-2019-2945 Better socket support.
+ CVE-2019-2949 Better Kerberos ccache handling.
+ CVE-2019-2958 Build Better Processes.
+ CVE-2019-2964 Better support for patterns.
+ CVE-2019-2962 Better Glyph Images.
+ CVE-2019-2973 Better pattern compilation.
+ CVE-2019-2975 Unexpected exception in jjs.
+ CVE-2019-2978 Improved handling of jar files.
+ CVE-2019-2981 Better Path supports.
+ CVE-2019-2983 Better serial attributes.
+ CVE-2019-2987 Better rendering of native glyphs.
+ CVE-2019-2988 Better Graphics2D drawing.
+ CVE-2019-2989 Improve TLS connection support.
+ CVE-2019-2992 Enhance font glyph mapping.
+ CVE-2019-2999 Commentary on Javadoc comments.
+ CVE-2019-2894 Enhance ECDSA operations.
+ CVE-2019-2745 Improved ECC Implementation.
+ CVE-2019-2762 Exceptional throw cases.
+ CVE-2019-2766 Improve file protocol handling.
+ CVE-2019-2769 Better copies of CopiesList.
+ CVE-2019-2786 More limited privilege usage.
+ CVE-2019-7317 Improve PNG support options.
+ CVE-2019-2816 Normalize normalization.
+ CVE-2019-2842 Extended AES support.

xpdf-4.03-alt1.src.rpm  сборка 2021-01-30

Группа: Офис
О пакете: The PDF viewer and tools
Изменения:

- Version bump
- Many bugfixes, including security, including, but not limited to:
Fixes: CVE-2020-25725, CVE-2020-35376

libgcrypt-1.9.1-alt1.src.rpm  сборка 2021-01-29

Группа: Система/Библиотеки
О пакете: The GNU crypto library
Изменения:

- New version (1.9.1).
- Security fixes:
+ hash-common: fix heap overflow when writing more data after final (A CVE-id
has not yet been assigned).

libgcrypt-1.9.2-alt1.src.rpm  сборка 2021-01-29

Группа: Система/Библиотеки
О пакете: The GNU crypto library
Изменения:

- New version (1.9.1).
- Security fixes:
+ hash-common: fix heap overflow when writing more data after final (A CVE-id
has not yet been assigned).

cups-2.3.3-alt1.src.rpm  сборка 2021-01-28

Группа: Система/Серверы
О пакете: Common Unix Printing System - server package
Изменения:

- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.

  1         3     4     5            Последняя »  

 
Ветви:
свернуть окно
Проект Geyser основан на коде из проекта Prometheus 2.0, который был доступен по лицензии MIT