From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sat, 21 May 2016 04:46:06 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: <20160521044606.GA1975@gyle.altlinux.org> Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p7/branch packages: +2! +9 (14979) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 May 2016 04:45:57 -0000 Archived-At: List-Archive: 2 ADDED packages firefox-gost - The Mozilla Firefox project is a redesign of Mozilla's browser [143M] * Fri May 20 2016 Andrey Cherepanov 38.7.0-alt0.M70P.1 - New package with support GOST encryption [firefox-gost_patch38.patch] - Build with bundled nss firefox-gost-ru - Russian (RU) Language Pack for Firefox GOST * Fri May 20 2016 Andrey Cherepanov 38.7.0-alt1 - New package for firefox-gost 9 UPDATED packages ImageMagick - An X application for displaying and manipulating images * Wed May 18 2016 Andrey Cherepanov 6.8.4.10-alt3.M70P.1 - Apply security patches from Debian: ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT are disabled via policy.xml file, since they are vulnerable to code injection. This mitigates CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718. Since ImageMagick reverts to its internal SVG renderer (which uses MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg is included. Closes: 823542. In addition, some other actions were taken with respect to these vulnerabilities: - Drop the PLT/Gnuplot decoder, which was vulnerable to command injection. - Some sanitization for input filenames in http/https delegates is added. - Indirect filename are now authorized by policy. - Indirect reads with label:@ are prevented. - Less secure coders (such as MVG, TEXT, and MSL) require explicit reference in the filename (e.g. mvg:my-graph.mvg). * Thu Apr 25 2013 Fr. Br. George 6.8.4.10-alt2.1 alterator-net-openvpn - Alterator module for openvpn connections configuration * Tue Jan 20 2015 Mikhail Efremov 0.8.10-alt1 - Add tmp-dir option to ovpnoptions. - backend: Rename IFACEDIR to IFACESDIR. * Fri Dec 21 2012 Mikhail Efremov 0.8.9-alt1 alterator-openvpn-server - Alterator module for openvpn server configuration * Mon May 16 2016 Mikhail Efremov 0.8.5-alt1 - Fix check for addresses range. * Tue Jan 20 2015 Mikhail Efremov 0.8.4-alt1 - Add tmp-dir option to ovpnoptions. - Rename {,ETCNET_}IFACEDIR to {,ETCNET_}IFACESDIR. * Fri Dec 21 2012 Mikhail Efremov 0.8.3-alt1 postgresql9.1 - PostgreSQL client programs and libraries [10M] * Fri May 13 2016 Alexei Takaseev 9.1.22-alt0.M70P.1 - 9.1.22 * Thu Mar 31 2016 Alexei Takaseev 9.1.21-alt0.M70P.1 postgresql9.3 - PostgreSQL client programs and libraries [10M] * Fri May 13 2016 Alexei Takaseev 9.3.13-alt0.M70P.1 - 9.3.13 * Thu Mar 31 2016 Alexei Takaseev 9.3.12-alt0.M70P.1 postgresql9.4 - PostgreSQL client programs and libraries [11M] * Fri May 13 2016 Alexei Takaseev 9.4.8-alt0.M70P.1 - 9.4.8 * Thu Mar 31 2016 Alexei Takaseev 9.4.7-alt0.M70P.1 postgresql9.4-1C - PostgreSQL client programs and libraries (edition for 1C 8.3.3 and later) [11M] * Fri May 13 2016 Alexei Takaseev 9.4.8-alt0.M70P.1 - 9.4.8 * Thu Mar 31 2016 Alexei Takaseev 9.4.7-alt0.M70P.1 postgresql9.5 - PostgreSQL client programs and libraries [11M] * Fri May 13 2016 Alexei Takaseev 9.5.3-alt0.M70P.1 - 9.5.3 * Thu Mar 31 2016 Alexei Takaseev 9.5.2-alt0.M70P.1 zabbix - A network monitor * Thu May 19 2016 Alexei Takaseev 1:3.0.3-alt0.M70P.1 - 3.0.3 * Thu Apr 21 2016 Alexei Takaseev 1:3.0.2-alt0.M70P.1 Total 14979 source packages.