Репозитории ALT
Последнее обновление в Пт, 24 июля 2020, 14:09:54 +0000 | Пакетов: 24163
en ru
Исправления уязвимостей

qt4-4.8.7-alt22.src.rpm  сборка 2021-03-04

Группа: Система/Библиотеки
О пакете: Shared library for the Qt4 GUI toolkit
Изменения:

- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.

firefox-86.0-alt1.src.rpm  сборка 2021-03-01

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86

wpa_supplicant-2.9-alt4.src.rpm  сборка 2021-03-01

Группа: Безопасность/Сети
О пакете: wpa_supplicant is an implementation of the WPA Supplicant component
Изменения:

- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)

firefox-87.0-alt1.src.rpm  сборка 2021-03-01

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86

firefox-88.0-alt1.src.rpm  сборка 2021-03-01

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86

ipmitool-1.8.18-alt4.src.rpm  сборка 2021-02-27

Группа: Система/Ядро и оборудование
О пакете: ipmitool - Utility for IPMI control
Изменения:

- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10

thunderbird-78.8.0-alt1.src.rpm  сборка 2021-02-25

Группа: Сети/Почта
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:

- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8

libjpeg-turbo-2:2.0.6-alt1.src.rpm  сборка 2021-02-24

Группа: Система/Библиотеки
О пакете: A SIMD-accelerated library for manipulating JPEG image format files
Изменения:

- 2.0.6 released (fixes: CVE-2020-13790)

python3-module-django-2.2.19-alt1.src.rpm  сборка 2021-02-24

Группа: Разработка/Python 3
О пакете: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Изменения:

- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()

wireshark-3.4.3-alt1.src.rpm  сборка 2021-02-24

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)

xterm-366-alt1.src.rpm  сборка 2021-02-24

Группа: Терминалы
О пакете: A standard terminal emulator for the X Window System
Изменения:

- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)

wireshark-3.4.4-alt1.src.rpm  сборка 2021-02-24

Группа: Мониторинг
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:

- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)

firefox-esr-78.8.0-alt1.src.rpm  сборка 2021-02-23

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

node-14.16.0-alt1.src.rpm  сборка 2021-02-23

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect

firefox-esr-78.9.0-alt1.src.rpm  сборка 2021-02-23

Группа: Сети/WWW
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:

- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8

node-14.16.1-alt1.src.rpm  сборка 2021-02-23

Группа: Разработка/Инструменты
О пакете: Evented I/O for V8 Javascript
Изменения:

- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect

bind-9.11.28-alt1.src.rpm  сборка 2021-02-18

Группа: Система/Серверы
О пакете: ISC BIND - DNS server
Изменения:

- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).

dotnet-bootstrap-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:

- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-3.1-3.1.406-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET Core 3.1
Изменения:

- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET
Изменения:

- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-2.1-2.1.25-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-bootstrap-3.1-3.1.12-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core SDK binaries
Изменения:

- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt1.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:

- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-coreclr-3.1-3.1.12-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:

- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-3.1-3.1.406-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET Core 3.1
Изменения:

- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-sdk-5.0-5.0.103-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: SDK for the .NET
Изменения:

- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-5.0-5.0.3-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-aspnetcore-3.1-3.1.12-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:

- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

dotnet-runtime-5.0-5.0.3-alt2.src.rpm  сборка 2021-02-17

Группа: Разработка/Прочее
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:

- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

lldpd-1.0.8-alt1.src.rpm  сборка 2021-02-16

Группа: Сети/Прочее
О пакете: Link Layer Discovery Protocol Daemon
Изменения:

- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64

lldpd-1.0.8-alt2.src.rpm  сборка 2021-02-16

Группа: Сети/Прочее
О пакете: Link Layer Discovery Protocol Daemon
Изменения:

- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64

subversion-1.14.1-alt1.src.rpm  сборка 2021-02-14

Группа: Разработка/Прочее
О пакете: A version control system
Изменения:

- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

openldap-2.4.57-alt1.src.rpm  сборка 2021-02-13

Группа: Система/Серверы
О пакете: LDAP libraries and sample clients
Изменения:

- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing

git-2.29.3-alt1.src.rpm  сборка 2021-02-12

Группа: Разработка/Прочее
О пакете: Git core and tools
Изменения:

- 2.29.2 -> 2.29.3 (fixes: CVE-2021-21300).

libgnome-autoar-0.3.0-alt1.src.rpm  сборка 2021-02-12

Группа: Система/Библиотеки
О пакете: Automatic archives creating and extracting library
Изменения:

- 0.3.0 (fixed CVE-2020-36241)

libgnome-autoar-0.3.1-alt1.src.rpm  сборка 2021-02-12

Группа: Система/Библиотеки
О пакете: Automatic archives creating and extracting library
Изменения:

- 0.3.0 (fixed CVE-2020-36241)

postgresql11-11.11-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 11.11 (Fixes CVE-2021-3393)

postgresql12-12.6-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 12.6 (Fixes CVE-2021-3393)

postgresql13-13.2-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries
Изменения:

- 13.2 (Fixes CVE-2021-20229, CVE-2021-3393)

postgresql12-1C-12.5-alt4.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

postgresql12-1C-12.5-alt5.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

postgresql12-1C-12.6-alt1.src.rpm  сборка 2021-02-11

Группа: Базы данных
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:

- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C

php7-7.4.15-alt1.src.rpm  сборка 2021-02-09

Группа: Разработка/Прочее
О пакете: The PHP7 scripting language
Изменения:

- 7.4.15 (Fixes: CVE-2021-21702)

php7-7.4.16-alt1.src.rpm  сборка 2021-02-09

Группа: Разработка/Прочее
О пакете: The PHP7 scripting language
Изменения:

- 7.4.15 (Fixes: CVE-2021-21702)

chromium-88.0.4324.150-alt1.src.rpm  сборка 2021-02-06

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

chromium-gost-88.0.4324.150-alt1.src.rpm  сборка 2021-02-06

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

chromium-89.0.4389.90-alt1.src.rpm  сборка 2021-02-06

Группа: Сети/WWW
О пакете: An open source web browser developed by Google
Изменения:

- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.

  « Первая             2         4     5     6            Последняя »  

 
Ветви:
свернуть окно
Проект Geyser основан на коде из проекта Prometheus 2.0, который был доступен по лицензии MIT