- New version (1.9.1).
- Security fixes:
+ hash-common: fix heap overflow when writing more data after final (A CVE-id
has not yet been assigned).

- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.

- new version (2.1.24) with rpmgs script
- CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability
- CVE-2020-1597: NET Core Remote Code Execution Vulnerability
- CVE-2020-1147: NET Core Remote Code Execution Vulnerability
- CVE-2020-1108: .NET Core Denial of Service Vulnerability
- CVE-2020-0602: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-1302: ASP.NET Core Elevation Of Privilege Vulnerability
- CVE-2019-1301: Denial of Service Vulnerability in .NET Core
- CVE-2018-8269: Denial of Service Vulnerability in OData
- CVE-2019-1075: ASP.NET Core Spoofing Vulnerability
- CVE-2019-0820: .NET Core Tampering Vulnerability
- CVE-2019-0980: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0981: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0982: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0815: ASP.NET Core denial of service vulnerability

- new version (3.1.11) with rpmgs script
- .NET Core 3.1.11 - January 12, 2021
- CVE-2021-1723: ASP.NET Core Denial of Service Vulnerability
- CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability
- CVE-2020-1597: NET Core Remote Code Execution Vulnerability

- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.

- new version (2.1.24) with rpmgs script
- CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability
- CVE-2020-1597: NET Core Remote Code Execution Vulnerability
- CVE-2020-1147: NET Core Remote Code Execution Vulnerability
- CVE-2020-1108: .NET Core Denial of Service Vulnerability
- CVE-2020-0602: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-1302: ASP.NET Core Elevation Of Privilege Vulnerability
- CVE-2019-1301: Denial of Service Vulnerability in .NET Core
- CVE-2018-8269: Denial of Service Vulnerability in OData
- CVE-2019-1075: ASP.NET Core Spoofing Vulnerability
- CVE-2019-0820: .NET Core Tampering Vulnerability
- CVE-2019-0980: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0981: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0982: ASP.NET Core Denial of Service Vulnerability
- CVE-2019-0815: ASP.NET Core denial of service vulnerability

- new version (3.1.11) with rpmgs script
- .NET Core 3.1.11 - January 12, 2021
- CVE-2021-1723: ASP.NET Core Denial of Service Vulnerability
- CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability
- CVE-2020-1597: NET Core Remote Code Execution Vulnerability

- Updated to upstream version 2.3.3 (Fixes CVE-2019-8842, CVE-2020-3898).
- Built with gnutls support re-enabled.
Gnutls support may be required by cups-filters.

- Fixes:
+ CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file.
- Don't install the PID file.

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7

- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615)
- Added sudo-python package with Sudo Python Plugin API
- Added sudo-logsrvd package with High-performance log server

- Fixes:
+ CVE-2016-8641 Privilege escalation via symbolic links.
+ CVE-2016-9566 Gaining root privileges via a symlink attack on the log file.
+ CVE-2014-1878 Possible segfault in cmd.cgi.

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-15685 IMAP Response Injection when using STARTTLS
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Thunderbird 78.7

- Update to latest security release (fixes: CVE-2021-3156) (closes: 39615)
- Added sudo-python package with Sudo Python Plugin API
- Added sudo-logsrvd package with High-performance log server

- New version.
- Mention previous CVE.

- 0.3.15 released
- Corrected mutliple security issues in tcsd
(Fixes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331)

- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in nsTreeBodyFrame::RowCountChanged
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in nsTreeBodyFrame::RowCountChanged
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in nsTreeBodyFrame::RowCountChanged
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in nsTreeBodyFrame::RowCountChanged
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

- New release (85.0).
- Security fixes:
+ CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
+ CVE-2021-23956: File picker dialog could have been used to disclose a complete directory
+ CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the intent URL scheme
+ CVE-2021-23958: Screen sharing permission leaked across tabs
+ CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
+ CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23962: Use-after-poison in nsTreeBodyFrame::RowCountChanged
+ CVE-2021-23963: Permission prompt inaccessible after asking for additional permissions
+ CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ CVE-2021-23965: Memory safety bugs fixed in Firefox 85

- New version (78.7.0).
- Security fixes:
+ CVE-2021-23953 Cross-origin information leakage via redirected PDF requests
+ CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements
+ CVE-2020-26976 HTTPS pages could have been intercepted by a registered service worker when they should not have been
+ CVE-2021-23960 Use-after-poison for incorrectly redeclared JavaScript variables during GC
+ CVE-2021-23964 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- New version (88.0.4324.96).
- Security fixes:
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.

- 1.4.3 (Fixes: CVE-2020-15257)

- 2.7.5 (Fixes CVE-2016-10937).

- Applied security fix from upstream (Fixes CVE-2018-16789).

- Use useradd -N instead of -n.
- Updated to 2.83 (fixes: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683,
CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687).

- 1.4.3 (Fixes: CVE-2020-15257)

- 2.7.5 (Fixes CVE-2016-10937).

- Use useradd -N instead of -n.
- Updated to 2.83 (fixes: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683,
CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687).

- 1.4.3 (Fixes: CVE-2020-15257)

- Applied security fix from upstream (Fixes CVE-2018-18584).

- Applied security fix from upstream (Fixes CVE-2018-8754).

- New version 1.53.4 (Fixes: CVE-2020-28924).

- Updated to upstream version 3.6.0 (Fixes: CVE-2020-26276).

- new version 0.21.0 (Fixes CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653).

- new version 2.0.24 (with rpmrb script)
- CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c

- new version 2.1.4 (Fixes CVE-2020-15238).

- new version 2.0.24 (with rpmrb script)
- CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c

- new version 2.1.4 (Fixes CVE-2020-15238).