[cyber] I: p10/branch packages: +9 (18948)
QA Team Robot
qa на altlinux.org
Вс Ноя 3 03:19:01 MSK 2024
9 UPDATED packages
MySQL - A very fast and reliable SQL database engine [425M]
* Fri Oct 18 2024 Nikolai Kostrigin <nickel на altlinux> 8.0.40-alt1
- new version
+ (fixes: CVE-2024-21193, CVE-2024-21194, CVE-2024-21196, CVE-2024-21197)
+ (fixes: CVE-2024-21198, CVE-2024-21199, CVE-2024-21200, CVE-2024-21201)
+ (fixes: CVE-2024-21203, CVE-2024-21207, CVE-2024-21212, CVE-2024-21213)
+ (fixes: CVE-2024-21218, CVE-2024-21219, CVE-2024-21230, CVE-2024-21231)
+ (fixes: CVE-2024-21236, CVE-2024-21237, CVE-2024-21238, CVE-2024-21239)
+ (fixes: CVE-2024-21241, CVE-2024-21247)
- update mysql-shell 8.0.38 -> 8.0.40
* Tue Oct 15 2024 Andrey Cherepanov <cas на altlinux> 8.0.39-alt1.1
- disable use Faster TLS model (ALT #45499).
* Tue Aug 27 2024 Nikolai Kostrigin <nickel на altlinux> 8.0.39-alt1
blender - 3D modeling, animation, rendering and post-production [42M]
* Tue Oct 22 2024 L.A. Kostis <lakostis на altlinux> 3.3.21-alt0.p10.1
- 3.3.21.
- Build back with gcc (closes #51768).
* Thu Jun 27 2024 L.A. Kostis <lakostis на altlinux> 3.3.20-alt0.p10.1
gtkhash - A cross-platform desktop utility for computing message digests or checksums
* Tue Oct 08 2024 Andrey Cherepanov <cas на altlinux> 1.5-alt2
- Disabled libnettle support.
- Used GOST R 34.11-2012 (Stribog) hash function.
* Tue Apr 16 2024 Andrey Cherepanov <cas на altlinux> 1.5-alt1
kde5-dolphin - The file manager for KDE
* Mon Oct 28 2024 Oleg Solovyov <mcpain на altlinux> 23.08.5-alt4
- Skip MIME guessing on network-mounted file systems when listing dir
* Tue Oct 08 2024 Sergey V Turchin <zerg на altlinux> 23.08.5-alt3
- add nfs:/ handler
* Thu Jul 25 2024 Sergey V Turchin <zerg на altlinux> 23.08.5-alt2
- temporary build without baloo
* Fri Feb 16 2024 Sergey V Turchin <zerg на altlinux> 23.08.5-alt1
kf5-kio - KDE Frameworks 5 network transparent access to files and data
* Wed Oct 23 2024 Oleg Solovyov <mcpain на altlinux> 5.116.0-alt7
- move patch to Dolphin: Skip MIME guessing on network-mounted file systems
* Thu Oct 10 2024 Sergey V Turchin <zerg на altlinux> 5.116.0-alt6
- rename kcm_trash.desktop
* Mon Aug 12 2024 Sergey V Turchin <zerg на altlinux> 5.116.0-alt5
lazarus - Lazarus Component Library and IDE [162M]
* Sat Sep 28 2024 Andrey Cherepanov <cas на altlinux> 1:3.6-alt1
- New version.
* Sat May 25 2024 Andrey Cherepanov <cas на altlinux> 1:3.4-alt1
- New version.
* Mon Mar 18 2024 Andrey Cherepanov <cas на altlinux> 1:3.2-alt2
qgis3 - A user friendly Open Source Geographic Information System [102M]
* Fri Nov 01 2024 Andrey Cherepanov <cas на altlinux> 3.20.3-alt3.p10.2
- Do not use developer map from external untrusted resource.
* Mon Aug 28 2023 Andrey Cherepanov <cas на altlinux> 3.20.3-alt3.p10.1
task-edu - Educational software (base set)
* Fri Nov 01 2024 Andrey Cherepanov <cas на altlinux> 1.5.9-alt13.p10.2
- task-edu-kde5: added kde5-autofs-shares.
- task-edu-server-apps: returned installed-db-mediawiki.
* Sun Sep 29 2024 Andrey Cherepanov <cas на altlinux> 1.5.9-alt13.p10.1
thunderbird - Thunderbird is Mozilla's e-mail client [538M]
* Tue Oct 29 2024 Pavel Vasenkov <pav на altlinux> 115.16.2-alt1
- New version.
- Security fixes:
+ CVE-2024-3852 GetBoundName in the JIT returned the wrong object
+ CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
+ CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
+ CVE-2024-2609 Permission prompt input delay could expire when not in focus
+ CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
+ CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
+ CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
+ CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
+ CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
+ CVE-2024-4367 Arbitrary JavaScript execution in PDF.js
+ CVE-2024-4767 IndexedDB files retained in private browsing mode
+ CVE-2024-4768 Potential permissions request bypass via clickjacking
+ CVE-2024-4769 Cross-origin responses could be distinguished between script and non-script content-types
+ CVE-2024-4770 Use-after-free could occur when printing to PDF
+ CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
+ CVE-2024-5702 Use-after-free in networking
+ CVE-2024-5688 Use-after-free in JavaScript object transplant
+ CVE-2024-5690 External protocol handlers leaked by timing attack
+ CVE-2024-5691 Sandboxed iframes were able to bypass sandbox restrictions to open a new window
+ CVE-2024-5692 Bypass of file name restrictions during saving
+ CVE-2024-5693 Cross-Origin Image leak via Offscreen Canvas
+ CVE-2024-5696 Memory Corruption in Text Fragments
+ CVE-2024-5700 Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
+ CVE-2024-7652 Type Confusion in Async Generators in Javascript Engine
+ CVE-2024-6600 Memory corruption in WebGL API
+ CVE-2024-6601 Race condition in permission assignment
+ CVE-2024-6602 Memory corruption in NSS
+ CVE-2024-6603 Memory corruption in thread creation
+ CVE-2024-6604 Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13
+ CVE-2024-7519 Out of bounds memory access in graphics shared memory handling
+ CVE-2024-7521 Incomplete WebAssembly exception handing
+ CVE-2024-7522 Out of bounds read in editor component
+ CVE-2024-7525 Missing permission check when creating a StreamFilter
+ CVE-2024-7526 Uninitialized memory used by WebGL
+ CVE-2024-7527 Use-after-free in JavaScript garbage collection
+ CVE-2024-7529 Document content could partially obscure security prompts
+ CVE-2024-7519 Out of bounds memory access in graphics shared memory handling
+ CVE-2024-7521 Incomplete WebAssembly exception handing
+ CVE-2024-7522 Out of bounds read in editor component
+ CVE-2024-7525 Missing permission check when creating a StreamFilter
+ CVE-2024-7526 Uninitialized memory used by WebGL
+ CVE-2024-7527 Use-after-free in JavaScript garbage collection
+ CVE-2024-7529 Document content could partially obscure security prompts
* Wed Apr 03 2024 Pavel Vasenkov <pav на altlinux> 115.9.0-alt1
Total 18948 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk