From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: p9/branch packages: +7 (17841) Date: Thu, 16 Jan 2020 04:44:48 +0000 Message-ID: <20200116044448.GA14531@gyle.altlinux.org> (raw) 7 UPDATED packages chromium - An open source web browser developed by Google [919M] * Mon Dec 16 2019 Alexey Gladkov <legion@altlinux> 79.0.3945.79-alt1 - New version (79.0.3945.79). - Security fixes: - CVE-2019-13725: Use after free in Bluetooth. - CVE-2019-13726: Heap buffer overflow in password manager. - CVE-2019-13727: Insufficient policy enforcement in WebSockets. - CVE-2019-13728: Out of bounds write in V8. - CVE-2019-13729: Use after free in WebSockets. - CVE-2019-13730: Type Confusion in V8. - CVE-2019-13732: Use after free in WebAudio. - CVE-2019-13734: Out of bounds write in SQLite. - CVE-2019-13735: Out of bounds write in V8. - CVE-2019-13736: Integer overflow in PDFium. - CVE-2019-13737: Insufficient policy enforcement in autocomplete. - CVE-2019-13738: Insufficient policy enforcement in navigation. - CVE-2019-13739: Incorrect security UI in Omnibox. - CVE-2019-13740: Incorrect security UI in sharing. - CVE-2019-13741: Insufficient validation of untrusted input in Blink. - CVE-2019-13742: Incorrect security UI in Omnibox. - CVE-2019-13743: Incorrect security UI in external protocol handling. - CVE-2019-13744: Insufficient policy enforcement in cookies. - CVE-2019-13745: Insufficient policy enforcement in audio. - CVE-2019-13746: Insufficient policy enforcement in Omnibox. - CVE-2019-13747: Uninitialized Use in rendering. - CVE-2019-13748: Insufficient policy enforcement in developer tools. - CVE-2019-13749: Incorrect security UI in Omnibox. - CVE-2019-13750: Insufficient data validation in SQLite. - CVE-2019-13751: Uninitialized Use in SQLite. - CVE-2019-13752: Out of bounds read in SQLite. - CVE-2019-13753: Out of bounds read in SQLite. - CVE-2019-13754: Insufficient policy enforcement in extensions. - CVE-2019-13755: Insufficient policy enforcement in extensions. - CVE-2019-13756: Incorrect security UI in printing. - CVE-2019-13757: Incorrect security UI in Omnibox. - CVE-2019-13758: Insufficient policy enforcement in navigation. - CVE-2019-13759: Incorrect security UI in interstitials. - CVE-2019-13761: Incorrect security UI in Omnibox. - CVE-2019-13762: Insufficient policy enforcement in downloads. - CVE-2019-13763: Insufficient policy enforcement in payments. - CVE-2019-13764: Type Confusion in V8. * Mon Dec 02 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.108-alt1 - New version (78.0.3904.108). - Security fixes: - CVE-2019-13723: Use-after-free in Bluetooth. - CVE-2019-13724: Out-of-bounds access in Bluetooth. * Sat Nov 09 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.97-alt1 - New version (78.0.3904.97). - Security fixes: - CVE-2019-13720: Use-after-free in audio. - CVE-2019-13721: Use-after-free in PDFium. * Thu Oct 24 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.70-alt1 - New version (78.0.3904.70). - Security fixes: - CVE-2019-13699: Use-after-free in media. - CVE-2019-13700: Buffer overrun in Blink. - CVE-2019-13701: URL spoof in navigation. - CVE-2019-13702: Privilege elevation in Installer. - CVE-2019-13703: URL bar spoofing. - CVE-2019-13704: CSP bypass. - CVE-2019-13705: Extension permission bypass. - CVE-2019-13706: Out-of-bounds read in PDFium. - CVE-2019-13707: File storage disclosure. - CVE-2019-13708: HTTP authentication spoof. - CVE-2019-13709: File download protection bypass. - CVE-2019-13710: File download protection bypass. - CVE-2019-13711: Cross-context information leak. - CVE-2019-13713: Cross-origin data leak. - CVE-2019-13714: CSS injection. - CVE-2019-13715: Address bar spoofing. - CVE-2019-13716: Service worker state error. - CVE-2019-13717: Notification obscured. - CVE-2019-13718: IDN spoof. - CVE-2019-13719: Notification obscured. - CVE-2019-15903: Buffer overflow in expat. * Mon Oct 21 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.120-alt1 - New version (77.0.3865.120). - Security fixes: - CVE-2019-13693: Use-after-free in IndexedDB. - CVE-2019-13694: Use-after-free in WebRTC. - CVE-2019-13695: Use-after-free in audio. - CVE-2019-13696: Use-after-free in V8. - CVE-2019-13697: Cross-origin size leak. * Wed Sep 25 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.90-alt1 - New version (77.0.3865.90). - Security fixes: - CVE-2019-13685: Use-after-free in UI. - CVE-2019-13686: Use-after-free in offline pages. - CVE-2019-13687: Use-after-free in media. - CVE-2019-13688: Use-after-free in media. * Mon Sep 23 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.75-alt1 - New version (77.0.3865.75). - Security fixes: - CVE-2019-13659: URL spoof. - CVE-2019-13660: Full screen notification overlap. - CVE-2019-13661: Full screen notification spoof. - CVE-2019-13662: CSP bypass. - CVE-2019-13663: IDN spoof. - CVE-2019-13664: CSRF bypass. - CVE-2019-13665: Multiple file download protection bypass. - CVE-2019-13666: Side channel using storage size estimate. - CVE-2019-13667: URI bar spoof when using external app URIs. - CVE-2019-13668: Global window leak via console. - CVE-2019-13669: HTTP authentication spoof. - CVE-2019-13670: V8 memory corruption in regex. - CVE-2019-13671: Dialog box fails to show origin. - CVE-2019-13673: Cross-origin information leak using devtools. - CVE-2019-13674: IDN spoofing. - CVE-2019-13675: Extensions can be disabled by trailing slash. - CVE-2019-13676: Google URI shown for certificate warning. - CVE-2019-13677: Chrome web store origin needs to be isolated. - CVE-2019-13678: Download dialog spoofing. - CVE-2019-13679: User gesture needed for printing. - CVE-2019-13680: IP address spoofing to servers. - CVE-2019-13681: Bypass on download restrictions. - CVE-2019-13682: Site isolation bypass. - CVE-2019-13683: Exceptions leaked by devtools. - CVE-2019-5870: Use-after-free in media. - CVE-2019-5871: Heap overflow in Skia. - CVE-2019-5872: Use-after-free in Mojo. - CVE-2019-5873: URL bar spoofing on iOS. - CVE-2019-5874: External URIs may trigger other browsers. - CVE-2019-5875: URL bar spoof via download redirect. - CVE-2019-5876: Use-after-free in media. - CVE-2019-5877: Out-of-bounds access in V8. - CVE-2019-5878: Use-after-free in V8. - CVE-2019-5879: Extensions can read some local files. - CVE-2019-5880: SameSite cookie bypass. - CVE-2019-5881: Arbitrary read in SwiftShader. * Fri Aug 02 2019 Alexey Gladkov <legion@altlinux> 76.0.3809.87-alt1 connector - Remote desktop chooser * Tue Dec 17 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.6-alt1 - Added 'drag-and-drop' for create label of the connection - Added the possibility to open Remmina and RDP files - Updated emblem; added icons of different sizes - FreeRDP: + Added input field for additional user parameters + Fixed work connections from previous version - Added keys 'help' and 'version' for cmdline; updated man * Thu Nov 07 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.5-alt2 - Fixed version * Wed Nov 06 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.5-alt1 - Remmina: fixed connect/open/import for RDP/VNC (ALT #36757) - FreeRDP: disable fullscreen (auto), when toggled workarea or manually resolution - FS: if protocol is 'file', then default server is 'localhost' - 'kiosk' changes: + Disable TRAY when activate + Added online checking access - Updated .desktop file - Updated icons for CITRIX & VMWARE * Fri Jan 25 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.4-alt1 dhcpcd - DHCP Client * Thu Jan 09 2020 Mikhail Efremov <sem@altlinux> 1:8.1.5-alt1 - Updated to 8.1.5. * Mon Dec 23 2019 Mikhail Efremov <sem@altlinux> 1:8.1.4-alt1 dpdk - Set of libraries and drivers for fast packet processing [11M] * Fri Dec 27 2019 Alexey Shabalin <shaba@altlinux> 18.11.5-alt1 - Update to LTS release 18.11.5 - Rename testbbdev to dpdk-test-bbdev - Fixed broken symlinks in %pmddir * Fri Nov 01 2019 Alexey Shabalin <shaba@altlinux> 18.11.3-alt1 - Update to latest LTS release 18.11.3 * Wed Jun 05 2019 Alexey Shabalin <shaba@altlinux> 18.11.1-alt1 kde5-set - Set of KDE 5 applications * Mon Jan 13 2020 Sergey V Turchin <zerg@altlinux> 19.08.0-alt1 - move kfloppy from -big to -maxi * Fri Jun 28 2019 Sergey V Turchin <zerg@altlinux> 19.04.1-alt1 kf5-kdesu - KDE Frameworks 5 user interface for running shell commands with root privileges * Thu Jan 09 2020 Aleksei Nikiforov <darktemplar@altlinux> 5.65.0-alt2 - Fixed issue preventing using kdesu to switch to different non-root user. * Mon Dec 16 2019 Sergey V Turchin <zerg@altlinux> 5.65.0-alt1 publicsuffix-list - Cross-vendor public domain suffix database * Thu Jan 09 2020 Mikhail Efremov <sem@altlinux> 20200106-alt1 - Use Vcs tag. - New snapshot. * Fri Nov 08 2019 Mikhail Efremov <sem@altlinux> 20191108-alt1 Total 17841 source packages.
reply other threads:[~2020-01-16 4:44 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200116044448.GA14531@gyle.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git