Репозиторій Sisyphus
Останнє оновлення: 2018-08-17 14:06:46 +0400 | Пакетів: 18661 | Sign in or Sign up
en ru uk br
Security fixes

kernel-image-std-def-1:4.14.63-alt1  build 2018-08-16

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.14.63 (Fixes: CVE-2018-3620)

kernel-image-un-def-1:4.17.15-alt1  build 2018-08-16

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.17.15 (Fixes: CVE-2018-3620)

samba-4.8.4-alt1.S1  build 2018-08-14

Group: Система/Сервери
Про пакет: The Samba4 CIFS and AD client and server suite
Зміни:

- Update to summer security release
- Security fixes:
+ CVE-2018-1139 Weak authentication protocol allowed
+ CVE-2018-1140 Denial of Service Attack on DNS and LDAP server
+ CVE-2018-10858 Insufficient input validation on client directory
listing in libsmbclient
+ CVE-2018-10918 Denial of Service Attack on AD DC DRSUAPI server
+ CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server

libldb-1.3.5-alt1.S1  build 2018-08-14

Group: Система/Бібліотеки
Про пакет: A schema-less, ldap like, API and database
Зміни:

- Update to security release (Fixes: CVE-2018-1140)

samba-DC-4.8.4-alt1.S1  build 2018-08-14

Group: Система/Сервери
Про пакет: Samba Active Directory Domain Controller
Зміни:

- Update to summer security release
- Security fixes:
+ CVE-2018-1139 Weak authentication protocol allowed
+ CVE-2018-1140 Denial of Service Attack on DNS and LDAP server
+ CVE-2018-10858 Insufficient input validation on client directory
listing in libsmbclient
+ CVE-2018-10918 Denial of Service Attack on AD DC DRSUAPI server
+ CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server
+ Build with subpackage for Python3

bind-9.11.4.P1-alt1  build 2018-08-13

Group: Система/Сервери
Про пакет: ISC BIND - DNS server
Зміни:

- 9.11.3 -> 9.11.4.P1 (fixes: CVE-2018-5738, CVE-2018-5740).

gdm-3.28.3-alt1  build 2018-08-13

Group: Графічні оболонки/GNOME
Про пакет: The GNOME Display Manager
Зміни:

- 3.28.3 (fixed CVE-2018-14424)
- disabled parallel build on aarch64

postgresql9.4-9.4.19-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.4.19
- Fix CVE-2018-10915

postgresql9.6-9.6.10-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.6.9
- Fix CVE-2018-10915, CVE-2018-10925

postgresql10-1C-10.5-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later)
Зміни:

- 10.5
- Fix CVE-2018-10915, CVE-2018-10925

postgresql10-10.5-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 10.5
- Fix CVE-2018-10915, CVE-2018-10925

postgresql9.5-9.5.14-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.5.14
- Fix CVE-2018-10915, CVE-2018-10925

postgresql9.3-9.3.24-alt1  build 2018-08-11

Group: Бази даних
Про пакет: PostgreSQL client programs and libraries
Зміни:

- 9.3.24
- Fix CVE-2018-10915

adobe-flash-player-ppapi-3:30-alt1.S1  build 2018-08-09

Group: Мережі/WWW
Про пакет: Adobe Flash Player
Зміни:

- new version (ALT#34555)
- security fixes:
CVE-2018-4944, CVE-2018-4945, CVE-2018-5000, CVE-2018-5001,
CVE-2018-5002, CVE-2018-5007, CVE-2018-5008

exiv2-0.26-alt2  build 2018-08-07

Group: Графіка
Про пакет: Command line tool to access EXIF data in image files
Зміни:

- applied set of fc/upstream patches (fixed CVE-2017-11683,
CVE-2017-14859, CVE-2017-14860, CVE-2017-14862,
CVE-2017-14864, CVE-2017-17669, CVE-2017-17723,
CVE-2017-17725, CVE-2018-10958, CVE-2018-10998,
CVE-2018-11531, CVE-2018-12264, CVE-2018-12265,
CVE-2018-14046, CVE-2018-5772, CVE-2018-8976,
CVE-2018-8977)

firmware-intel-ucode-2:6-alt1.20180703  build 2018-08-06

Group: Система/Ядро та обладнання
Про пакет: Microcode definitions for Intel processors
Зміни:

- Sync with Debian 3.20180703.2:
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
- source: update symlinks to reflect id of the latest release, 20180703

libwebkitgtk4-2.20.4-alt2  build 2018-08-06

Group: Система/Бібліотеки
Про пакет: Web browser engine
Зміни:

- 2.20.4 (fixed CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,
CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,
CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278,
CVE-2018-4284)

NetworkManager-vpnc-1.2.6-alt1  build 2018-08-01

Group: Система/Налаштування/Мережа
Про пакет: NetworkManager VPN plugin for vpnc
Зміни:

- Disable libnm-glib-* support.
- Fix build without libnm-glib-*.
- Updated to 1.2.6 (fixes CVE-2018-10900).

apache2-1:2.4.34-alt1.S1  build 2018-07-31

Group: Система/Сервери
Про пакет: The most widely used Web server on the Internet
Зміни:

- 2.4.34
- fixes:
* CVE-2018-1333 DoS for HTTP/2 connections by crafted requests
* CVE-2018-8011 mod_md, DoS via Coredumps on specially crafted requests

libytnef-1.9.3-alt1  build 2018-07-23

Group: Система/Бібліотеки
Про пакет: TNEF Stream Parser Library
Зміни:

- 1.9.3 (fixed CVE-2017-9470, CVE-2017-9471, CVE-2017-9474, CVE-2017-9058,
CVE-2017-12142, CVE-2017-12141, CVE-2017-12144)

wireshark-2.6.2-alt1.S1  build 2018-07-21

Group: Моніторинг
Про пакет: The BugTraq Award Winning Network Traffic Analyzer
Зміни:

- 2.6.2 (fixes: CVE-2018-14370, CVE-2018-14367, CVE-2018-14369, CVE-2018-14368, CVE-2018-14341, CVE-2018-14339, CVE-2018-14343, CVE-2018-14340, CVE-2018-14344, CVE-2018-14342)

curl-7.61.0-alt1.S1  build 2018-07-17

Group: Мережі/Передача файлів
Про пакет: Gets a file from a FTP, GOPHER or HTTP server
Зміни:

- 7.61.0
- fixes:
* CVE-2018-0500 SMTP send heap buffer overflow

glusterfs3-3.12.12-alt1  build 2018-07-12

Group: Система/Основа
Про пакет: Cluster File System
Зміни:

- new version 3.12.12 (with rpmrb script)
- CVE-2018-10841

kernel-image-std-pae-1:4.4.140-alt1  build 2018-07-11

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.140 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10881, CVE-2018-10882,
CVE-2018-10883)

kernel-image-un-def-1:4.17.6-alt1  build 2018-07-11

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.17.6 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10879, CVE-2018-10880,
CVE-2018-10881, CVE-2018-10882, CVE-2018-10883)

kernel-image-std-def-1:4.14.55-alt1  build 2018-07-11

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.14.55 (Fixes: CVE-2018-10876, CVE-2018-10877, CVE-2018-10879, CVE-2018-10880,
CVE-2018-10881, CVE-2018-10882, CVE-2018-10883)

polkit-0.115-alt1  build 2018-07-10

Group: Система/Бібліотеки
Про пакет: PolicyKit Authorization Framework
Зміни:

- 0.115 (fixed CVE-2018-1116)

libgit2-0.26.5-alt1  build 2018-07-10

Group: Система/Бібліотеки
Про пакет: linkable library for Git
Зміни:

- 0.26.5 (fixed CVE-2018-11235, CVE-2018-10887, CVE-2018-10888)

thunderbird-52.9.0-alt1  build 2018-07-04

Group: Мережі/Пошта
Про пакет: Thunderbird is Mozilla's e-mail client
Зміни:

- New version (52.9.0).
- Enigmail 2.0.7.
- Fixes:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12372 S/MIME and PGP decryption oracles can be built with HTML emails
+ CVE-2018-12373 S/MIME plaintext can be leaked through HTML reply/forward
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12374 Using form to exfiltrate encrypted mail part by pressing enter in form field
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

firefox-61.0-alt1  build 2018-07-02

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New release (61.0).
- Fixed:
+ CVE-2018-12359: Buffer overflow using computed size of canvas element
+ CVE-2018-12360: Use-after-free when using focus()
+ CVE-2018-12361: Integer overflow in SwizzleData
+ CVE-2018-12358: Same-origin bypass using service worker and redirection
+ CVE-2018-12362: Integer overflow in SSSE3 scaler
+ CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363: Use-after-free when appending DOM nodes
+ CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365: Compromised IPC child process can list local filenames
+ CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366: Invalid data handling during QCMS transformations
+ CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368: No warning when opening executable SettingContent-ms files
+ CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
+ CVE-2018-5186: Memory safety bugs fixed in Firefox 61
+ CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

node-8.11.3-alt1  build 2018-06-30

Group: Розробка/Інструменти
Про пакет: Evented I/O for V8 Javascript
Зміни:

- new version (8.11.3) with rpmgs script
- 2018-06-12, Version 8.11.3 'Carbon' (LTS), @evanlucas
- CVE-2018-7167, CVE-2018-7161, CVE-2018-1000168

kernel-image-un-def-1:4.16.18-alt1  build 2018-06-26

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.18 (Fixes: CVE-2018-10840, CVE-2018-1118, CVE-2018-11412)

firefox-esr-60.1.0-alt1  build 2018-06-26

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (60.1.0).
- Fixed:
+ CVE-2018-12359 Buffer overflow using computed size of canvas element
+ CVE-2018-12360 Use-after-free when using focus()
+ CVE-2018-12361 Integer overflow in SwizzleData
+ CVE-2018-12362 Integer overflow in SSSE3 scaler
+ CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture
+ CVE-2018-12363 Use-after-free when appending DOM nodes
+ CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
+ CVE-2018-12365 Compromised IPC child process can list local filenames
+ CVE-2018-12371 Integer overflow in Skia library during edge builder allocation
+ CVE-2018-12366 Invalid data handling during QCMS transformations
+ CVE-2018-12367 Timing attack mitigation of PerformanceNavigationTiming
+ CVE-2018-12368 No warning when opening executable SettingContent-ms files
+ CVE-2018-12369 WebExtension security permission checks bypassed by embedded experiments
+ CVE-2018-5187 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9

kernel-image-std-pae-1:4.4.138-alt1  build 2018-06-19

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.138 (Fixes: CVE-2018-10853)

chromium-67.0.3396.87-alt1  build 2018-06-17

Group: Мережі/WWW
Про пакет: An open source web browser developed by Google
Зміни:

- New version (67.0.3396.87).
- Use ninja-build.
- Security fixes:
- CVE-2018-6149: Out of bounds write in V8.
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6123: Use after free in Blink.
- CVE-2018-6124: Type confusion in Blink.
- CVE-2018-6125: Overly permissive policy in WebUSB.
- CVE-2018-6126: Heap buffer overflow in Skia.
- CVE-2018-6127: Use after free in indexedDB.
- CVE-2018-6128: uXSS in Chrome on iOS.
- CVE-2018-6129: Out of bounds memory access in WebRTC.
- CVE-2018-6130: Out of bounds memory access in WebRTC.
- CVE-2018-6131: Incorrect mutability protection in WebAssembly.
- CVE-2018-6132: Use of uninitialized memory in WebRTC.
- CVE-2018-6133: URL spoof in Omnibox.
- CVE-2018-6134: Referrer Policy bypass in Blink.
- CVE-2018-6135: UI spoofing in Blink.
- CVE-2018-6136: Out of bounds memory access in V8.
- CVE-2018-6137: Leak of visited status of page in Blink.
- CVE-2018-6138: Overly permissive policy in Extensions.
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
- CVE-2018-6141: Heap buffer overflow in Skia.
- CVE-2018-6142: Out of bounds memory access in V8.
- CVE-2018-6143: Out of bounds memory access in V8.
- CVE-2018-6144: Out of bounds memory access in PDFium.
- CVE-2018-6145: Incorrect escaping of MathML in Blink.
- CVE-2018-6147: Password fields not taking advantage of OS protections in Views.

libgcrypt-1.7.10-alt1.S1  build 2018-06-14

Group: Система/Бібліотеки
Про пакет: The GNU crypto library
Зміни:

- new version
- security fixes: CVE-2018-0495

firefox-esr-60.0.2-alt1  build 2018-06-11

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (60.0.2).
- Fixed:
+ CVE-2018-6126 Heap buffer overflow rasterizing paths in SVG with Skia

libwebkitgtk4-2.20.3-alt1  build 2018-06-11

Group: Система/Бібліотеки
Про пакет: Web browser engine
Зміни:

- 2.20.3 (fixed CVE-2018-4190, CVE-2018-4199, CVE-2018-4218,
CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246,
CVE-2018-11646)

gnupg-1.4.22-alt2  build 2018-06-08

Group: Робота з файлами
Про пакет: The GNU Privacy Guard
Зміни:

- Backported upstream fixes
(GnuPG-bug-id: 2923, 3329, 3898, 4012; fixes CVE-2018-12020).

gnupg2-2.2.8-alt1.S1  build 2018-06-08

Group: Робота з текстами
Про пакет: The GNU Privacy Guard suite
Зміни:

- new version
- security fix: CVE-2018-12020

epiphany-3.28.3.1-alt1  build 2018-06-08

Group: Мережі/WWW
Про пакет: Epiphany is a GNOME web browser.
Зміни:

- 3.28.3.1 (fixed CVE-2018-11396, CVE-2018-12016)

firefox-60.0.2-alt1  build 2018-06-07

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New release (60.0.2).
- Fixed:
+ CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia

firefox-esr-60.0.1-alt1  build 2018-06-05

Group: Мережі/WWW
Про пакет: The Mozilla Firefox project is a redesign of Mozilla's browser
Зміни:

- New ESR version (60.0.1).
- Fixed:
+ CVE-2018-5154: Use-after-free with SVG animations and clip paths
+ CVE-2018-5155: Use-after-free with SVG animations and text paths
+ CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
+ CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
+ CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5160: Uninitialized memory use by WebRTC encoder
+ CVE-2018-5152: WebExtensions information leak through webRequest API
+ CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
+ CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
+ CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace
+ CVE-2018-5166: WebExtension host permission bypass through filterReponseData
+ CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger
+ CVE-2018-5168: Lightweight themes can be installed without user interaction
+ CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages
+ CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer
+ CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
+ CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update
+ CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies
+ CVE-2018-5176: JSON Viewer script injection
+ CVE-2018-5177: Buffer overflow in XSLT during number formatting
+ CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox
+ CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink
+ CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar
+ CVE-2018-5151: Memory safety bugs fixed in Firefox 60
+ CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

jq-1.5-alt3.S1  build 2018-05-31

Group: Розробка/Інше
Про пакет: Command-line JSON processor
Зміни:

- security update (fixes: CVE-2016-4074)

python-2.7.14-alt4  build 2018-05-31

Group: Розробка/Python
Про пакет: An interpreted, interactive object-oriented programming language
Зміни:

- Fixed heap-use-after-free bug (Fixes: CVE-2018-1000030).

kernel-image-std-pae-1:4.4.134-alt1  build 2018-05-30

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.4.134 (Fixes: CVE-2018-6412)

wireshark-2.6.1-alt1.S1  build 2018-05-24

Group: Моніторинг
Про пакет: The BugTraq Award Winning Network Traffic Analyzer
Зміни:

- 2.6.1 (fixes: CVE-2018-11359, CVE-2018-11361, CVE-2018-11358, CVE-2018-11360, CVE-2018-11356, CVE-2018-11357, CVE-2018-11355, CVE-2018-11354, CVE-2018-11362)

xen-4.10.1-alt1.S1  build 2018-05-24

Group: Емулятори
Про пакет: Xen is a virtual machine monitor (hypervisor)
Зміни:

- 4.10.1 release
- upstream updates upto 7b35e7807, including:
+ x86/HVM: guard against emulator driving ioreq state in weird ways
(thx Jan Beulich) (XSA-262)
+ x86/vpt: add support for IO-APIC routed interrupts (part of XSA-261)
+ x86/traps: Fix handling of #DB exceptions in hypervisor context
x86/traps: Use an Interrupt Stack Table for #DB
x86/pv: Move exception injection into {,compat_}test_all_events()
x86/traps: Fix %dr6 handing in #DB handler
(thx Andrew Cooper) (part of XSA-260 / CVE-2018-8897)

kernel-image-un-def-1:4.16.10-alt1  build 2018-05-21

Group: Система/Ядро та обладнання
Про пакет: The Linux kernel (the core of the Linux operating system)
Зміни:

- v4.16.10 (Fixes: CVE-2018-1120)

thunderbird-52.8.0-alt1  build 2018-05-19

Group: Мережі/Пошта
Про пакет: Thunderbird is Mozilla's e-mail client
Зміни:

- New version (52.8.0).
- Enigmail 2.0.4.
- Fixes:
+ CVE-2018-5183 Backport critical security fixes in Skia
+ CVE-2018-5184 Full plaintext recovery in S/MIME via chosen-ciphertext attack
+ CVE-2018-5154 Use-after-free with SVG animations and clip paths
+ CVE-2018-5155 Use-after-free with SVG animations and text paths
+ CVE-2018-5159 Integer overflow and out-of-bounds write in Skia
+ CVE-2018-5161 Hang via malformed headers
+ CVE-2018-5162 Encrypted mail leaks plaintext through src attribute
+ CVE-2018-5170 Filename spoofing for external attachments
+ CVE-2018-5168 Lightweight themes can be installed without user interaction
+ CVE-2018-5178 Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
+ CVE-2018-5185 Leaking plaintext through HTML forms
+ CVE-2018-5150 Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8
- Build in several threads.

  1         3     4     5            Остання »  

 
© 2009–2018 Ігор Зубков