О пакете: Shared library for the Qt4 GUI toolkit
Изменения:
- Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt)
- Fixed build with gcc-10+.
- Disabled -reduce-relocation option since it causes issues with new binutils.
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: wpa_supplicant is an implementation of the WPA Supplicant component
Изменения:
- P2P: Fix a corner case in peer addition based on PD Request
(Fixes: CVE-2021-27803)
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New release (86.0).
- Security fixes:
+ CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains
+ CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
+ CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer
+ CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
+ CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
+ CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
+ CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation
+ CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ CVE-2021-23979: Memory safety bugs fixed in Firefox 86
О пакете: ipmitool - Utility for IPMI control
Изменения:
- applied patches from upstream git to fix security issue (Fixes: CVE-2020-5208)
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
- added upstream fix FTBFS with gcc-10
О пакете: Thunderbird is Mozilla's e-mail client
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Thunderbird 78.8
О пакете: A SIMD-accelerated library for manipulating JPEG image format files
Изменения:
- 2.0.6 released (fixes: CVE-2020-13790)
О пакете: A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design.
Изменения:
- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
О пакете: A standard terminal emulator for the X Window System
Изменения:
- Autobuild version bump to 366
- CVE-2021-27135 (Closes: #39725)
О пакете: The BugTraq Award Winning Network Traffic Analyzer
Изменения:
- 3.4.3 (Fixes: CVE-2021-22173, CVE-2021-22174)
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
О пакете: Evented I/O for V8 Javascript
Изменения:
- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect
О пакете: The Mozilla Firefox project is a redesign of Mozilla's browser
Изменения:
- New version (78.8.0).
- Security fixes:
+ CVE-2021-23969 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23968 Content Security Policy violation report could have contained the destination of a redirect
+ CVE-2021-23973 MediaError message property could have leaked information about cross-origin resources
+ CVE-2021-23978 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
О пакете: Evented I/O for V8 Javascript
Изменения:
- new version 14.16.0 (with rpmrb script)
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
- CVE-2021-22884: DNS rebinding in --inspect
О пакете: ISC BIND - DNS server
Изменения:
- 9.11.25 -> 9.11.28 (fixes: CVE-2020-8625).
О пакете: .NET Core SDK binaries
Изменения:
- .NET 5.0.3 and .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET Core 3.1
Изменения:
- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET
Изменения:
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core SDK binaries
Изменения:
- new version (2.1.25) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core SDK binaries
Изменения:
- new version (3.1.12) with rpmgs script
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: .NET Core runtime, called CoreCLR, and the base library, called mscorlib
Изменения:
- .NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET Core 3.1
Изменения:
- .NET Core SDK 3.1.406
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: SDK for the .NET
Изменения:
- .NET SDK 5.0.103
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web application
Изменения:
- ASP.NET Core 3.1.12
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Microsoft .NET Runtime and Microsoft.NETCore.App
Изменения:
- new version (5.0.3) with rpmgs script
- .NET 5.0.3
- CVE-2021-1721: .NET Core Denial of Service Vulnerability
- CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability
О пакете: Link Layer Discovery Protocol Daemon
Изменения:
- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
О пакете: Link Layer Discovery Protocol Daemon
Изменения:
- new version 1.0.8 (Fixes: CVE-2020-27827)
- enable seccomp for x86_64
О пакете: A version control system
Изменения:
- New version.
- Fixes:
+ CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn
О пакете: LDAP libraries and sample clients
Изменения:
- 2.4.57
- Fixes:
+ CVE-2020-36221 Fixed slapd crashes in Certificate Exact Assertion processing
+ CVE-2020-36222 Fixed slapd assertion failures in saslAuthzTo validation
+ CVE-2020-36223 Fixed slapd crash in Values Return Filter control handling
+ CVE-2020-36224 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36225 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36226 Fixed slapd crashes in saslAuthzTo processing
+ CVE-2020-36227 Fixed slapd infinite loop with Cancel operation
+ CVE-2020-36228 Fixed slapd crash in Certificate List Exact Assertion processing
+ CVE-2020-36229 Fixed slapd crash in X.509 DN parsing
+ CVE-2020-36230 Fixed slapd assertion failure in X.509 DN parsing
О пакете: Git core and tools
Изменения:
- 2.29.2 -> 2.29.3 (fixes: CVE-2021-21300).
О пакете: Automatic archives creating and extracting library
Изменения:
- 0.3.0 (fixed CVE-2020-36241)
О пакете: Automatic archives creating and extracting library
Изменения:
- 0.3.0 (fixed CVE-2020-36241)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 11.11 (Fixes CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 12.6 (Fixes CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries
Изменения:
- 13.2 (Fixes CVE-2021-20229, CVE-2021-3393)
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
О пакете: PostgreSQL client programs and libraries (edition for 1C 8.3.13 and later)
Изменения:
- Fix permission checks on constraint violation errors on partitions.
(Fixes CVE-2021-3393)
- Re-applay patch from 1C
О пакете: The PHP7 scripting language
Изменения:
- 7.4.15 (Fixes: CVE-2021-21702)
О пакете: The PHP7 scripting language
Изменения:
- 7.4.15 (Fixes: CVE-2021-21702)
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
О пакете: An open source web browser developed by Google
Изменения:
- New version (88.0.4324.150).
- Security fixes:
- CVE-2021-21148: Heap buffer overflow in V8.
« Первая ‹ Предыдущая 1 2 3 4 5 6 … Следующая › Последняя »
