From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
Date: Wed, 3 Feb 2021 00:17:20 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <20210203001719.GA32098@gyle.altlinux.org>
Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: p9/branch packages: -1 +4 (18138)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 00:17:20 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/20210203001719.GA32098@gyle.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	1 REMOVED package

code	1.51.1-alt1

	4 UPDATED packages

chromium - An open source web browser developed by Google       	[1015M]
* Tue Jan 26 2021 Andrey Cherepanov <cas@altlinux> 88.0.4324.96-alt0.1.p9
- Backport new version to p9 branch.
* Sun Jan 24 2021 Alexey Gladkov <legion@altlinux> 88.0.4324.96-alt1
- New version (88.0.4324.96).
- Security fixes:
  - CVE-2020-16044: Use after free in WebRTC.
  - CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
  - CVE-2021-21118: Insufficient data validation in V8.
  - CVE-2021-21119: Use after free in Media.
  - CVE-2021-21120: Use after free in WebSQL.
  - CVE-2021-21121: Use after free in Omnibox.
  - CVE-2021-21122: Use after free in Blink.
  - CVE-2021-21123: Insufficient data validation in File System API.
  - CVE-2021-21124: Potential user after free in Speech Recognizer.
  - CVE-2021-21125: Insufficient policy enforcement in File System API.
  - CVE-2021-21126: Insufficient policy enforcement in extensions.
  - CVE-2021-21127: Insufficient policy enforcement in extensions.
  - CVE-2021-21128: Heap buffer overflow in Blink.
  - CVE-2021-21129: Insufficient policy enforcement in File System API.
  - CVE-2021-21130: Insufficient policy enforcement in File System API.
  - CVE-2021-21131: Insufficient policy enforcement in File System API.
  - CVE-2021-21132: Inappropriate implementation in DevTools.
  - CVE-2021-21133: Insufficient policy enforcement in Downloads.
  - CVE-2021-21134: Incorrect security UI in Page Info.
  - CVE-2021-21135: Inappropriate implementation in Performance API.
  - CVE-2021-21136: Insufficient policy enforcement in WebView.
  - CVE-2021-21137: Inappropriate implementation in DevTools.
  - CVE-2021-21138: Use after free in DevTools.
  - CVE-2021-21139: Inappropriate implementation in iframe sandbox.
  - CVE-2021-21140: Uninitialized Use in USB.
  - CVE-2021-21141: Insufficient policy enforcement in File System API.
* Fri Jan 15 2021 Alexey Gladkov <legion@altlinux> 87.0.4280.141-alt2
- Fix ServiceWorkerRegistrationObjectHost double free
* Mon Jan 11 2021 Andrey Cherepanov <cas@altlinux> 87.0.4280.141-alt0.1.p9

kernel-image-std-debug - The Linux kernel (the core of the Linux operating system)
* Mon Feb 01 2021 Kernel Bot <kernelbot@altlinux> 2:5.4.94-alt1
- v5.4.94
* Thu Jan 28 2021 Kernel Bot <kernelbot@altlinux> 2:5.4.93-alt1

nagios - Services and network monitoring system
* Wed Jan 27 2021 Paul Wolneykien <manowar@altlinux> 3.0.6-alt15
- Fixes:
  + CVE-2017-12847 Kill arbitrary processes by leveraging access to PID file.
- Don't install the PID file.
* Wed Jan 27 2021 Paul Wolneykien <manowar@altlinux> 3.0.6-alt14
- Fixes:
  + CVE-2016-8641 Privilege escalation via symbolic links.
  + CVE-2016-9566 Gaining root privileges via a symlink attack on the log file.
  + CVE-2014-1878 Possible segfault in cmd.cgi.
* Wed May 13 2020 Paul Wolneykien <manowar@altlinux> 3.0.6-alt13

xpdf - The PDF viewer and tools
* Sat Jan 30 2021 Andrew Savchenko <bircoph@altlinux> 4.03-alt1
- Version bump
- Many bugfixes, including security, including, but not limited to:
  Fixes: CVE-2020-25725, CVE-2020-35376
* Mon Nov 09 2020 Andrew Savchenko <bircoph@altlinux> 4.02-alt2
- Switch from inkscape to rsvg-convert for svg->png generation.
* Sun Mar 08 2020 Andrey Savchenko <bircoph@altlinux> 4.02-alt1

Total 18138 source packages.