[cyber] I: Sisyphus-20200412 packages: +1! -3 +21 (17566)

QA Team Robot qa на altlinux.org
Вс Апр 12 07:43:21 MSK 2020


	1 ADDED package

python3-module-wheel - A built-package format for Python3
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 0.34.2-alt1
- 0.34.2

	3 REMOVED packages

comix	4.0.4-alt3
easytag	2.4.3-alt2
ffmpeg2theora	0.30-alt3

	21 UPDATED packages

LibreSSL - OpenBSD fork of OpenSSL library
* Thu Apr 09 2020 Vladimir D. Seleznev <vseleznv на altlinux> 3.1.0-alt1
- Updated to 3.1.0.
* Sun Dec 01 2019 Vladimir D. Seleznev <vseleznv на altlinux> 3.0.2-alt2

ansible-lint - Best practices checker for Ansible
* Thu Mar 12 2020 Alexey Shabalin <shaba на altlinux> 4.2.0-alt1
- 4.2.0
* Thu Sep 12 2019 Grigory Ustinov <grenka на altlinux> 4.1.0-alt1

chromium - An open source web browser developed by Google       	[935M]
* Wed Apr 08 2020 Alexey Gladkov <legion на altlinux> 81.0.4044.92-alt1
- New version (81.0.4044.92).
- Security fixes:
  - CVE-2020-6423: Use after free in audio.
  - CVE-2020-6430: Type Confusion in V8.
  - CVE-2020-6431: Insufficient policy enforcement in full screen.
  - CVE-2020-6432: Insufficient policy enforcement in navigations.
  - CVE-2020-6433: Insufficient policy enforcement in extensions.
  - CVE-2020-6434: Use after free in devtools.
  - CVE-2020-6435: Insufficient policy enforcement in extensions.
  - CVE-2020-6436: Use after free in window management.
  - CVE-2020-6437: Inappropriate implementation in WebView.
  - CVE-2020-6438: Insufficient policy enforcement in extensions.
  - CVE-2020-6439: Insufficient policy enforcement in navigations.
  - CVE-2020-6440: Inappropriate implementation in extensions.
  - CVE-2020-6441: Insufficient policy enforcement in omnibox.
  - CVE-2020-6442: Inappropriate implementation in cache.
  - CVE-2020-6443: Insufficient data validation in developer tools.
  - CVE-2020-6444: Uninitialized Use in WebRTC.
  - CVE-2020-6445: Insufficient policy enforcement in trusted types.
  - CVE-2020-6446: Insufficient policy enforcement in trusted types.
  - CVE-2020-6447: Inappropriate implementation in developer tools.
  - CVE-2020-6448: Use after free in V8.
  - CVE-2020-6454: Use after free in extensions.
  - CVE-2020-6455: Out of bounds read in WebSQL.
  - CVE-2020-6456: Insufficient validation of untrusted input in clipboard.
* Fri Mar 06 2020 Alexey Gladkov <legion на altlinux> 80.0.3987.132-alt1

chromium-gost - An open source web browser developed by Google  	[986M]
* Sat Apr 04 2020 Fr. Br. George <george на altlinux> 80.0.3987.132-alt1
- Build GOST version
* Fri Mar 06 2020 Alexey Gladkov <legion на altlinux> 80.0.3987.132-alt0
- New version (80.0.3987.132).
- Security fixes:
  - CVE-2019-18197: Multiple vulnerabilities in XML.
  - CVE-2019-19923: Out of bounds memory access in SQLite.
  - CVE-2019-19925: Multiple vulnerabilities in SQLite.
  - CVE-2019-19926: Inappropriate implementation in SQLite.
  - CVE-2020-6381: Integer overflow in JavaScript.
  - CVE-2020-6382: Type Confusion in JavaScript.
  - CVE-2020-6383: Type confusion in V8.
  - CVE-2020-6384: Use after free in WebAudio.
  - CVE-2020-6385: Insufficient policy enforcement in storage.
  - CVE-2020-6386: Use after free in speech.
  - CVE-2020-6387: Out of bounds write in WebRTC.
  - CVE-2020-6388: Out of bounds memory access in WebAudio.
  - CVE-2020-6389: Out of bounds write in WebRTC.
  - CVE-2020-6390: Out of bounds memory access in streams.
  - CVE-2020-6391: Insufficient validation of untrusted input in Blink.
  - CVE-2020-6392: Insufficient policy enforcement in extensions.
  - CVE-2020-6393: Insufficient policy enforcement in Blink.
  - CVE-2020-6394: Insufficient policy enforcement in Blink.
  - CVE-2020-6395: Out of bounds read in JavaScript.
  - CVE-2020-6396: Inappropriate implementation in Skia.
  - CVE-2020-6397: Incorrect security UI in sharing.
  - CVE-2020-6398: Uninitialized use in PDFium.
  - CVE-2020-6399: Insufficient policy enforcement in AppCache.
  - CVE-2020-6400: Inappropriate implementation in CORS.
  - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox.
  - CVE-2020-6402: Insufficient policy enforcement in downloads.
  - CVE-2020-6403: Incorrect security UI in Omnibox.
  - CVE-2020-6404: Inappropriate implementation in Blink.
  - CVE-2020-6405: Out of bounds read in SQLite.
  - CVE-2020-6406: Use after free in audio.
  - CVE-2020-6407: Out of bounds memory access in streams.
  - CVE-2020-6408: Insufficient policy enforcement in CORS.
  - CVE-2020-6409: Inappropriate implementation in Omnibox.
  - CVE-2020-6410: Insufficient policy enforcement in navigation.
  - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox.
  - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox.
  - CVE-2020-6413: Inappropriate implementation in Blink.
  - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing.
  - CVE-2020-6415: Inappropriate implementation in JavaScript.
  - CVE-2020-6416: Insufficient data validation in streams.
  - CVE-2020-6417: Inappropriate implementation in installer.
  - CVE-2020-6418: Type confusion in V8.
  - CVE-2020-6420: Insufficient policy enforcement in media.
* Mon Feb 03 2020 Alexey Gladkov <legion на altlinux> 79.0.3945.130-alt1
- New version (79.0.3945.130).
- Security fixes:
  - CVE-2019-13767: Use after free in media picker.
  - CVE-2020-6377: Use after free in audio.
  - CVE-2020-6378: Use-after-free in speech recognizer.
  - CVE-2020-6379: Use-after-free in speech recognizer.
  - CVE-2020-6380: Extension message verification error.
* Mon Dec 16 2019 Alexey Gladkov <legion на altlinux> 79.0.3945.79-alt1
- New version (79.0.3945.79).
- Security fixes:
  - CVE-2019-13725: Use after free in Bluetooth.
  - CVE-2019-13726: Heap buffer overflow in password manager.
  - CVE-2019-13727: Insufficient policy enforcement in WebSockets.
  - CVE-2019-13728: Out of bounds write in V8.
  - CVE-2019-13729: Use after free in WebSockets.
  - CVE-2019-13730: Type Confusion in V8.
  - CVE-2019-13732: Use after free in WebAudio.
  - CVE-2019-13734: Out of bounds write in SQLite.
  - CVE-2019-13735: Out of bounds write in V8.
  - CVE-2019-13736: Integer overflow in PDFium.
  - CVE-2019-13737: Insufficient policy enforcement in autocomplete.
  - CVE-2019-13738: Insufficient policy enforcement in navigation.
  - CVE-2019-13739: Incorrect security UI in Omnibox.
  - CVE-2019-13740: Incorrect security UI in sharing.
  - CVE-2019-13741: Insufficient validation of untrusted input in Blink.
  - CVE-2019-13742: Incorrect security UI in Omnibox.
  - CVE-2019-13743: Incorrect security UI in external protocol handling.
  - CVE-2019-13744: Insufficient policy enforcement in cookies.
  - CVE-2019-13745: Insufficient policy enforcement in audio.
  - CVE-2019-13746: Insufficient policy enforcement in Omnibox.
  - CVE-2019-13747: Uninitialized Use in rendering.
  - CVE-2019-13748: Insufficient policy enforcement in developer tools.
  - CVE-2019-13749: Incorrect security UI in Omnibox.
  - CVE-2019-13750: Insufficient data validation in SQLite.
  - CVE-2019-13751: Uninitialized Use in SQLite.
  - CVE-2019-13752: Out of bounds read in SQLite.
  - CVE-2019-13753: Out of bounds read in SQLite.
  - CVE-2019-13754: Insufficient policy enforcement in extensions.
  - CVE-2019-13755: Insufficient policy enforcement in extensions.
  - CVE-2019-13756: Incorrect security UI in printing.
  - CVE-2019-13757: Incorrect security UI in Omnibox.
  - CVE-2019-13758: Insufficient policy enforcement in navigation.
  - CVE-2019-13759: Incorrect security UI in interstitials.
  - CVE-2019-13761: Incorrect security UI in Omnibox.
  - CVE-2019-13762: Insufficient policy enforcement in downloads.
  - CVE-2019-13763: Insufficient policy enforcement in payments.
  - CVE-2019-13764: Type Confusion in V8.
* Mon Dec 02 2019 Alexey Gladkov <legion на altlinux> 78.0.3904.108-alt1
- New version (78.0.3904.108).
- Security fixes:
  - CVE-2019-13723: Use-after-free in Bluetooth.
  - CVE-2019-13724: Out-of-bounds access in Bluetooth.
* Sat Nov 09 2019 Alexey Gladkov <legion на altlinux> 78.0.3904.97-alt1
- New version (78.0.3904.97).
- Security fixes:
  - CVE-2019-13720: Use-after-free in audio.
  - CVE-2019-13721: Use-after-free in PDFium.
* Thu Oct 24 2019 Alexey Gladkov <legion на altlinux> 78.0.3904.70-alt1
- New version (78.0.3904.70).
- Security fixes:
  - CVE-2019-13699: Use-after-free in media.
  - CVE-2019-13700: Buffer overrun in Blink.
  - CVE-2019-13701: URL spoof in navigation.
  - CVE-2019-13702: Privilege elevation in Installer.
  - CVE-2019-13703: URL bar spoofing.
  - CVE-2019-13704: CSP bypass.
  - CVE-2019-13705: Extension permission bypass.
  - CVE-2019-13706: Out-of-bounds read in PDFium.
  - CVE-2019-13707: File storage disclosure.
  - CVE-2019-13708: HTTP authentication spoof.
  - CVE-2019-13709: File download protection bypass.
  - CVE-2019-13710: File download protection bypass.
  - CVE-2019-13711: Cross-context information leak.
  - CVE-2019-13713: Cross-origin data leak.
  - CVE-2019-13714: CSS injection.
  - CVE-2019-13715: Address bar spoofing.
  - CVE-2019-13716: Service worker state error.
  - CVE-2019-13717: Notification obscured.
  - CVE-2019-13718: IDN spoof.
  - CVE-2019-13719: Notification obscured.
  - CVE-2019-15903: Buffer overflow in expat.
* Mon Oct 21 2019 Alexey Gladkov <legion на altlinux> 77.0.3865.120-alt1
- New version (77.0.3865.120).
- Security fixes:
  - CVE-2019-13693: Use-after-free in IndexedDB.
  - CVE-2019-13694: Use-after-free in WebRTC.
  - CVE-2019-13695: Use-after-free in audio.
  - CVE-2019-13696: Use-after-free in V8.
  - CVE-2019-13697: Cross-origin size leak.
* Wed Sep 25 2019 Alexey Gladkov <legion на altlinux> 77.0.3865.90-alt1
- New version (77.0.3865.90).
- Security fixes:
  - CVE-2019-13685: Use-after-free in UI.
  - CVE-2019-13686: Use-after-free in offline pages.
  - CVE-2019-13687: Use-after-free in media.
  - CVE-2019-13688: Use-after-free in media.
* Mon Sep 23 2019 Alexey Gladkov <legion на altlinux> 77.0.3865.75-alt1
- New version (77.0.3865.75).
- Security fixes:
  - CVE-2019-13659: URL spoof.
  - CVE-2019-13660: Full screen notification overlap.
  - CVE-2019-13661: Full screen notification spoof.
  - CVE-2019-13662: CSP bypass.
  - CVE-2019-13663: IDN spoof.
  - CVE-2019-13664: CSRF bypass.
  - CVE-2019-13665: Multiple file download protection bypass.
  - CVE-2019-13666: Side channel using storage size estimate.
  - CVE-2019-13667: URI bar spoof when using external app URIs.
  - CVE-2019-13668: Global window leak via console.
  - CVE-2019-13669: HTTP authentication spoof.
  - CVE-2019-13670: V8 memory corruption in regex.
  - CVE-2019-13671: Dialog box fails to show origin.
  - CVE-2019-13673: Cross-origin information leak using devtools.
  - CVE-2019-13674: IDN spoofing.
  - CVE-2019-13675: Extensions can be disabled by trailing slash.
  - CVE-2019-13676: Google URI shown for certificate warning.
  - CVE-2019-13677: Chrome web store origin needs to be isolated.
  - CVE-2019-13678: Download dialog spoofing.
  - CVE-2019-13679: User gesture needed for printing.
  - CVE-2019-13680: IP address spoofing to servers.
  - CVE-2019-13681: Bypass on download restrictions.
  - CVE-2019-13682: Site isolation bypass.
  - CVE-2019-13683: Exceptions leaked by devtools.
  - CVE-2019-5870: Use-after-free in media.
  - CVE-2019-5871: Heap overflow in Skia.
  - CVE-2019-5872: Use-after-free in Mojo.
  - CVE-2019-5873: URL bar spoofing on iOS.
  - CVE-2019-5874: External URIs may trigger other browsers.
  - CVE-2019-5875: URL bar spoof via download redirect.
  - CVE-2019-5876: Use-after-free in media.
  - CVE-2019-5877: Out-of-bounds access in V8.
  - CVE-2019-5878: Use-after-free in V8.
  - CVE-2019-5879: Extensions can read some local files.
  - CVE-2019-5880: SameSite cookie bypass.
  - CVE-2019-5881: Arbitrary read in SwiftShader.
* Wed Sep 18 2019 Fr. Br. George <george на altlinux> 76.0.3809.87-alt2

chronograf - Open source framework for processing, monitoring, and alerting on time series data	[31M]
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 1.8.1-alt1
- 1.8.1
* Wed Sep 11 2019 Alexey Shabalin <shaba на altlinux> 1.7.14-alt1

cpu-g - CPU-G is an application that shows useful information about your hardware
* Sat Apr 11 2020 Motsyo Gennadi <drool на altlinux> 0.16.2-alt1
- 0.16.2
* Thu Mar 31 2016 Motsyo Gennadi <drool на altlinux> 0.9.0-alt1

flatpak-builder - Tool to build flatpaks from source
* Sat Apr 11 2020 Yuri N. Sedunov <aris на altlinux> 1:1.0.10-alt1.1
- improved "docs" knob
* Sat Mar 21 2020 Yuri N. Sedunov <aris на altlinux> 1:1.0.10-alt1

freeradius - High-performance and highly configurable free RADIUS server
* Fri Apr 10 2020 Alexey Shabalin <shaba на altlinux> 3.0.21-alt1
- 3.0.21
* Mon Mar 16 2020 Alexey Shabalin <shaba на altlinux> 3.0.20-alt1

influxdb - Distributed time-series database                     	[11M]
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 1.7.10-alt1
- 1.7.10
* Sun Dec 22 2019 Alexey Shabalin <shaba на altlinux> 1.7.9-alt1

libinput - Input devices library
* Sat Apr 11 2020 Yuri N. Sedunov <aris на altlinux> 1.15.5-alt1
- 1.15.5
* Wed Mar 18 2020 Yuri N. Sedunov <aris на altlinux> 1.15.4-alt1

libtorrent-rasterbar - libTorrent is a BitTorrent library written in C++ for *nix
* Sat Apr 11 2020 Ivan A. Melnikov <iv на altlinux> 3:1.2.5-alt2
- Link with libatomic on %mips32.
* Fri Apr 10 2020 Aleksei Nikiforov <darktemplar на altlinux> 3:1.2.5-alt1

libwebkitgtk2 - Web browser engine                              	[10M]
* Sat Apr 11 2020 Yuri N. Sedunov <aris на altlinux> 2.4.11-alt10
- switched to python2 for build
* Wed Mar 18 2020 Yuri N. Sedunov <aris на altlinux> 2.4.11-alt9

opera64-dev - A fast and secure web browser and Internet suite  	[80M]
* Sat Apr 11 2020 Motsyo Gennadi <drool на altlinux> 69.0.3653.0-alt1.1
- moved libffmpeg.so from source-package to the separate source file
* Sat Apr 11 2020 Motsyo Gennadi <drool на altlinux> 69.0.3653.0-alt1
- packaged 69.0.3653.0 snapshot
* Sun Feb 16 2020 Motsyo Gennadi <drool на altlinux> 68.0.3590.0-alt1

python-module-wheel - A built-package format for Python
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 0.34.2-alt1
- 0.34.2
- build python2 module only
* Fri Feb 02 2018 Stanislav Levin <slev на altlinux> 0.29.0-alt1.1

rust - The Rust Programming Language                            	[91M]
* Wed Apr 08 2020 Vladimir Lettiev <crux на altlinux> 1:1.41.1-alt1
- 1.41.1
- Fixed i586 build
* Sun Dec 22 2019 Vladimir Lettiev <crux на altlinux> 1:1.40.0-alt1

spirv-tools - API and commands for processing SPIR-V modules
* Sat Apr 11 2020 Michael Shigorin <mike на altlinux> 2019.4-alt2
- E2K: disable -Werror (hex_float.h:766 triggers ftbfs with -Werror=conversion)
* Thu Aug 29 2019 L.A. Kostis <lakostis на altlinux> 2019.4-alt1

telegraf - The plugin-driven server agent for collecting and reporting metrics
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 1.14.0-alt1
- 1.14.0
* Sun Dec 22 2019 Alexey Shabalin <shaba на altlinux> 1.13.0-alt1

torrent-file-editor - Torrent File Editor
* Sat Apr 11 2020 Motsyo Gennadi <drool на altlinux> 0.3.17-alt1.2
- fix build with cmake 3.17
* Sun Feb 02 2020 Motsyo Gennadi <drool на altlinux> 0.3.17-alt1.1

vdo - Management tools for Virtual Data Optimizer
* Sat Apr 11 2020 Alexey Shabalin <shaba на altlinux> 6.2.2.117-alt1
- 6.2.2.117
* Thu Dec 12 2019 Alexey Shabalin <shaba на altlinux> 6.2.2.33-alt1
- 6.2.2.33
* Tue Oct 22 2019 Alexey Shabalin <shaba на altlinux> 6.2.2.18-alt1

xfce4-taskmanager - Taskmanager for Xfce Desktop
* Sat Apr 11 2020 Mikhail Efremov <sem на altlinux> 1.2.3-alt1
- Update url.
- Add Vcs tag.
- Don't use rpm-build-licenses.
- Updated to 1.2.3.
* Wed Dec 19 2018 Mikhail Efremov <sem на altlinux> 1.2.2-alt1

xmrig - RandomX and CryptoNight CPU miner
* Sun Apr 12 2020 Motsyo Gennadi <drool на altlinux> 5.10.0-alt1.1
- add ExcludeArch for aarch64
* Thu Apr 09 2020 Motsyo Gennadi <drool на altlinux> 5.10.0-alt1
- 5.10.0
* Wed Mar 11 2020 Motsyo Gennadi <drool на altlinux> 5.9.0-alt1
- 5.9.0
* Sat Aug 24 2019 Motsyo Gennadi <drool на altlinux> 3.1.0-alt1.1

Total 17566 source packages.


Подробная информация о списке рассылки Sisyphus-cybertalk