О пакете: Clam Antivirus scanner
Изменения:
- 0.103.2
+ CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only.
+ CVE-2021-1404 - 0.103.1 and prior
О пакете: A lightweight caching nameserver
Изменения:
- Dropped obsoleted patch.
- Updated to 2.83 (fixes: CVE-2021-3448).
О пакете: Python Imaging Library
Изменения:
- 8.1.2 released (fixes: CVE-2021-27921, CVE-2021-27922, CVE-2021-27923)
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.114).
- Security fixes:
- CVE-2021-21194: Use after free in screen capture.
- CVE-2021-21195: Use after free in V8.
- CVE-2021-21196: Heap buffer overflow in TabStrip.
- CVE-2021-21197: Heap buffer overflow in TabStrip.
- CVE-2021-21198: Out of bounds read in IPC.
- CVE-2021-21199: Use Use after free in Aura.
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.11.12 (Fixes: CVE-2021-29657)
О пакете: Tool to manage your infrastructure
Изменения:
- Fixed: CVE-2020-28243, CVE-2020-28972, CVE-2020-35662, CVE-2021-3148,
CVE-2021-3144, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283,
CVE-2021-25284, CVE-2021-25315, CVE-2021-3197, CVE-2020-16846,
CVE-2020-17490, CVE-2020-25592
О пакете: Gets a file from a FTP, GOPHER or HTTP server
Изменения:
- 7.76.0
- Fixes:
* CVE-2021-22876 strip credentials from the auto-referer header field
* CVE-2021-22890 add 'isproxy' argument to Curl_ssl_get/addsessionid()
О пакете: IT and asset management software
Изменения:
- New version 9.5.4
- This is a security release, upgrading is recommended
- Security fixes:
+ CVE-2021-21326 : Horizontal Privilege Escalation
+ CVE-2021-21255 : entities switch IDOR
+ CVE-2021-21258 : XSS injection in ajax/kanban
+ CVE-2021-21314 : XSS injection on ticket update
+ CVE-2021-21312 : Stored XSS on documents
+ CVE-2021-21313 : XSS on tabs
+ CVE-2021-21325 : Stored XSS in budget type
+ CVE-2021-21327 : Unsafe Reflection in getItemForItemtype()
+ CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"
О пакете: Spam filter for email written in perl
Изменения:
- 3.4.5 (fixes: CVE-2020-1946)
- remove dkim patch (fixed by upstream).
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:
- Update to latest stable security release of the Samba 4.14
- Security fixes:
+ CVE-2020-27840: Heap corruption via crafted DN strings
+ CVE-2021-20277: Out of bounds read in AD DC LDAP server
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:
- Updated to 1.1.1k (fixes CVE-2021-3450, CVE-2021-3449).
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (87.0).
- Security fixes:
+ CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory corruption
+ CVE-2021-23984: Malicious extensions could have spoofed popup information
+ CVE-2021-23985: Devtools remote debugging feature could have been enabled without indication to the user
+ CVE-2021-23986: A malicious extension could have performed credential-less same origin policy violations
+ CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
+ CVE-2021-23988: Memory safety bugs fixed in Firefox 87
О пакете: The Samba4 CIFS and AD client and server suite
Изменения:
- Update to latest stable security release of the Samba 4.13
- Security fixes:
+ CVE-2020-27840: Heap corruption via crafted DN strings
+ CVE-2021-20277: Out of bounds read in AD DC LDAP server
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New version (78.9.0).
- Security fixes:
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- Do not build for ppc64le.
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.4.107 (Fixes: CVE-2019-2308)
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.4.107 (Fixes: CVE-2019-2308)
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.4.107 (Fixes: CVE-2019-2308)
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.4.107 (Fixes: CVE-2019-2308)
О пакете: The Linux kernel (the core of the Linux operating system)
Изменения:
- v5.4.107 (Fixes: CVE-2019-2308)
О пакете: A TLS protocol implementation
Изменения:
- Fixed gnulib tests.
- Fixed CVE-2021-20231, CVE-2021-20232
(fixes: CVE-2021-20231, CVE-2021-20232).
- Fixed testpkcs11.
- Dropped self-provide from devel subpackage.
О пакете: An embedded Perl interpreter for the Apache2 Web server
Изменения:
- CVE-2011-2767 Arbitrary Perl code execution in the context
of the user account via a user-owned .htaccess.
- Fix SIGSEGV crash due to wrong use of perl_parse()
- Fix build with recent Apache 2.4.x
- Update Apache::Test module to 1.43
О пакете: Apache2 HTTP request library
Изменения:
- New version
- CVE-2019-12412 Fix a NULL pointer dereference when parsing
malformed multipart data
- Fix memory handling in apreq_brigade_concat()
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.4 (Fixes: CVE-2021-22191)
О пакете: Python Imaging Library
Изменения:
- 8.1.1 released (fixes: CVE-2021-25291)
О пакете: Anonymizing overlay network for TCP (The onion router)
Изменения:
- new version (fixes CVE-2021-28089, CVE-2021-28090)
О пакете: Python Imaging Library
Изменения:
- 8.1.1 released (fixes: CVE-2021-25291)
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.90).
- Security fixes:
- CVE-2021-21191: Use after free in WebRTC.
- CVE-2021-21192: Heap buffer overflow in tab groups.
- CVE-2021-21193: Use after free in Blink.
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.90).
- Security fixes:
- CVE-2021-21191: Use after free in WebRTC.
- CVE-2021-21192: Heap buffer overflow in tab groups.
- CVE-2021-21193: Use after free in Blink.
О пакете: An open source, production quality, multilayer virtual switch
Изменения:
- 2.14.2 (Fixes: CVE-2020-35498)
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:
- Updated to 1.1.1j (fixes CVE-2021-23840 CVE-2021-23841).
О пакете: Common Unix Printing System - server package
Изменения:
- Updated to upstream version 2.3.3op2 (Fixes: CVE-2020-10001).
- Project moved to OpenPrinting.
- Fixed license.
О пакете: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
Изменения:
- Updated to 1.1.1j (fixes CVE-2021-23840, CVE-2021-23841).
О пакете: Common Unix Printing System - server package
Изменения:
- Updated to upstream version 2.3.3op2 (Fixes: CVE-2020-10001).
- Project moved to OpenPrinting.
- Fixed license.
О пакете: A daemon to control runC
Изменения:
- 1.4.4 (Fixes: CVE-2021-21334)
О пакете: The Go Programming Language
Изменения:
- New version (1.16.1).
- Fixes:
+ CVE-2021-27918
+ CVE-2021-27919
- Remove test for other platform scripts.
О пакете: The Go Programming Language
Изменения:
- New version (1.16.1).
- Fixes:
+ CVE-2021-27918
+ CVE-2021-27919
- Remove test for other platform scripts.
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.82).
- Security fixes:
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.82).
- Security fixes:
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
О пакете: An open source web browser developed by Google
Изменения:
- New version (89.0.4389.82).
- Security fixes:
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
О пакете: Shared library for the Qt4 GUI toolkit
Изменения:
- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: wpa_supplicant is an implementation of the WPA Supplicant component
Изменения:
- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: ipmitool - Utility for IPMI control
Изменения:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8
О пакете: A SIMD-accelerated library for manipulating JPEG image format files
Изменения:
- 2.0.6 released (fixes: CVE-2020-13790)
О пакете: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Изменения:
- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
О пакете: A standard terminal emulator for the X Window System
Изменения:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
1 2 3 4 5 … Следующая › Последняя »
