From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
Date: Thu, 16 Jan 2020 04:44:48 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <20200116044448.GA14531@gyle.altlinux.org>
Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: p9/branch packages: +7 (17841)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2020 04:44:49 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/20200116044448.GA14531@gyle.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	7 UPDATED packages

chromium - An open source web browser developed by Google       	[919M]
* Mon Dec 16 2019 Alexey Gladkov <legion@altlinux> 79.0.3945.79-alt1
- New version (79.0.3945.79).
- Security fixes:
  - CVE-2019-13725: Use after free in Bluetooth.
  - CVE-2019-13726: Heap buffer overflow in password manager.
  - CVE-2019-13727: Insufficient policy enforcement in WebSockets.
  - CVE-2019-13728: Out of bounds write in V8.
  - CVE-2019-13729: Use after free in WebSockets.
  - CVE-2019-13730: Type Confusion in V8.
  - CVE-2019-13732: Use after free in WebAudio.
  - CVE-2019-13734: Out of bounds write in SQLite.
  - CVE-2019-13735: Out of bounds write in V8.
  - CVE-2019-13736: Integer overflow in PDFium.
  - CVE-2019-13737: Insufficient policy enforcement in autocomplete.
  - CVE-2019-13738: Insufficient policy enforcement in navigation.
  - CVE-2019-13739: Incorrect security UI in Omnibox.
  - CVE-2019-13740: Incorrect security UI in sharing.
  - CVE-2019-13741: Insufficient validation of untrusted input in Blink.
  - CVE-2019-13742: Incorrect security UI in Omnibox.
  - CVE-2019-13743: Incorrect security UI in external protocol handling.
  - CVE-2019-13744: Insufficient policy enforcement in cookies.
  - CVE-2019-13745: Insufficient policy enforcement in audio.
  - CVE-2019-13746: Insufficient policy enforcement in Omnibox.
  - CVE-2019-13747: Uninitialized Use in rendering.
  - CVE-2019-13748: Insufficient policy enforcement in developer tools.
  - CVE-2019-13749: Incorrect security UI in Omnibox.
  - CVE-2019-13750: Insufficient data validation in SQLite.
  - CVE-2019-13751: Uninitialized Use in SQLite.
  - CVE-2019-13752: Out of bounds read in SQLite.
  - CVE-2019-13753: Out of bounds read in SQLite.
  - CVE-2019-13754: Insufficient policy enforcement in extensions.
  - CVE-2019-13755: Insufficient policy enforcement in extensions.
  - CVE-2019-13756: Incorrect security UI in printing.
  - CVE-2019-13757: Incorrect security UI in Omnibox.
  - CVE-2019-13758: Insufficient policy enforcement in navigation.
  - CVE-2019-13759: Incorrect security UI in interstitials.
  - CVE-2019-13761: Incorrect security UI in Omnibox.
  - CVE-2019-13762: Insufficient policy enforcement in downloads.
  - CVE-2019-13763: Insufficient policy enforcement in payments.
  - CVE-2019-13764: Type Confusion in V8.
* Mon Dec 02 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.108-alt1
- New version (78.0.3904.108).
- Security fixes:
  - CVE-2019-13723: Use-after-free in Bluetooth.
  - CVE-2019-13724: Out-of-bounds access in Bluetooth.
* Sat Nov 09 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.97-alt1
- New version (78.0.3904.97).
- Security fixes:
  - CVE-2019-13720: Use-after-free in audio.
  - CVE-2019-13721: Use-after-free in PDFium.
* Thu Oct 24 2019 Alexey Gladkov <legion@altlinux> 78.0.3904.70-alt1
- New version (78.0.3904.70).
- Security fixes:
  - CVE-2019-13699: Use-after-free in media.
  - CVE-2019-13700: Buffer overrun in Blink.
  - CVE-2019-13701: URL spoof in navigation.
  - CVE-2019-13702: Privilege elevation in Installer.
  - CVE-2019-13703: URL bar spoofing.
  - CVE-2019-13704: CSP bypass.
  - CVE-2019-13705: Extension permission bypass.
  - CVE-2019-13706: Out-of-bounds read in PDFium.
  - CVE-2019-13707: File storage disclosure.
  - CVE-2019-13708: HTTP authentication spoof.
  - CVE-2019-13709: File download protection bypass.
  - CVE-2019-13710: File download protection bypass.
  - CVE-2019-13711: Cross-context information leak.
  - CVE-2019-13713: Cross-origin data leak.
  - CVE-2019-13714: CSS injection.
  - CVE-2019-13715: Address bar spoofing.
  - CVE-2019-13716: Service worker state error.
  - CVE-2019-13717: Notification obscured.
  - CVE-2019-13718: IDN spoof.
  - CVE-2019-13719: Notification obscured.
  - CVE-2019-15903: Buffer overflow in expat.
* Mon Oct 21 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.120-alt1
- New version (77.0.3865.120).
- Security fixes:
  - CVE-2019-13693: Use-after-free in IndexedDB.
  - CVE-2019-13694: Use-after-free in WebRTC.
  - CVE-2019-13695: Use-after-free in audio.
  - CVE-2019-13696: Use-after-free in V8.
  - CVE-2019-13697: Cross-origin size leak.
* Wed Sep 25 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.90-alt1
- New version (77.0.3865.90).
- Security fixes:
  - CVE-2019-13685: Use-after-free in UI.
  - CVE-2019-13686: Use-after-free in offline pages.
  - CVE-2019-13687: Use-after-free in media.
  - CVE-2019-13688: Use-after-free in media.
* Mon Sep 23 2019 Alexey Gladkov <legion@altlinux> 77.0.3865.75-alt1
- New version (77.0.3865.75).
- Security fixes:
  - CVE-2019-13659: URL spoof.
  - CVE-2019-13660: Full screen notification overlap.
  - CVE-2019-13661: Full screen notification spoof.
  - CVE-2019-13662: CSP bypass.
  - CVE-2019-13663: IDN spoof.
  - CVE-2019-13664: CSRF bypass.
  - CVE-2019-13665: Multiple file download protection bypass.
  - CVE-2019-13666: Side channel using storage size estimate.
  - CVE-2019-13667: URI bar spoof when using external app URIs.
  - CVE-2019-13668: Global window leak via console.
  - CVE-2019-13669: HTTP authentication spoof.
  - CVE-2019-13670: V8 memory corruption in regex.
  - CVE-2019-13671: Dialog box fails to show origin.
  - CVE-2019-13673: Cross-origin information leak using devtools.
  - CVE-2019-13674: IDN spoofing.
  - CVE-2019-13675: Extensions can be disabled by trailing slash.
  - CVE-2019-13676: Google URI shown for certificate warning.
  - CVE-2019-13677: Chrome web store origin needs to be isolated.
  - CVE-2019-13678: Download dialog spoofing.
  - CVE-2019-13679: User gesture needed for printing.
  - CVE-2019-13680: IP address spoofing to servers.
  - CVE-2019-13681: Bypass on download restrictions.
  - CVE-2019-13682: Site isolation bypass.
  - CVE-2019-13683: Exceptions leaked by devtools.
  - CVE-2019-5870: Use-after-free in media.
  - CVE-2019-5871: Heap overflow in Skia.
  - CVE-2019-5872: Use-after-free in Mojo.
  - CVE-2019-5873: URL bar spoofing on iOS.
  - CVE-2019-5874: External URIs may trigger other browsers.
  - CVE-2019-5875: URL bar spoof via download redirect.
  - CVE-2019-5876: Use-after-free in media.
  - CVE-2019-5877: Out-of-bounds access in V8.
  - CVE-2019-5878: Use-after-free in V8.
  - CVE-2019-5879: Extensions can read some local files.
  - CVE-2019-5880: SameSite cookie bypass.
  - CVE-2019-5881: Arbitrary read in SwiftShader.
* Fri Aug 02 2019 Alexey Gladkov <legion@altlinux> 76.0.3809.87-alt1

connector - Remote desktop chooser
* Tue Dec 17 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.6-alt1
- Added 'drag-and-drop' for create label of the connection
- Added the possibility to open Remmina and RDP files
- Updated emblem; added icons of different sizes
- FreeRDP:
 + Added input field for additional user parameters
 + Fixed work connections from previous version
- Added keys 'help' and 'version' for cmdline; updated man
* Thu Nov 07 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.5-alt2
- Fixed version
* Wed Nov 06 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.5-alt1
- Remmina: fixed connect/open/import for RDP/VNC (ALT #36757)
- FreeRDP:  disable fullscreen (auto), when toggled workarea or manually resolution
- FS: if protocol is 'file', then default server is 'localhost'
- 'kiosk' changes:
 + Disable TRAY when activate
 + Added online checking access
- Updated .desktop file
- Updated icons for CITRIX & VMWARE
* Fri Jan 25 2019 Evgeniy Korneechev <ekorneechev@altlinux> 1.8.4-alt1

dhcpcd - DHCP Client
* Thu Jan 09 2020 Mikhail Efremov <sem@altlinux> 1:8.1.5-alt1
- Updated to 8.1.5.
* Mon Dec 23 2019 Mikhail Efremov <sem@altlinux> 1:8.1.4-alt1

dpdk - Set of libraries and drivers for fast packet processing  	[11M]
* Fri Dec 27 2019 Alexey Shabalin <shaba@altlinux> 18.11.5-alt1
- Update to LTS release 18.11.5
- Rename testbbdev to dpdk-test-bbdev
- Fixed broken symlinks in %pmddir
* Fri Nov 01 2019 Alexey Shabalin <shaba@altlinux> 18.11.3-alt1
- Update to latest LTS release 18.11.3
* Wed Jun 05 2019 Alexey Shabalin <shaba@altlinux> 18.11.1-alt1

kde5-set - Set of KDE 5 applications
* Mon Jan 13 2020 Sergey V Turchin <zerg@altlinux> 19.08.0-alt1
- move kfloppy from -big to -maxi
* Fri Jun 28 2019 Sergey V Turchin <zerg@altlinux> 19.04.1-alt1

kf5-kdesu - KDE Frameworks 5 user interface for running shell commands with root privileges
* Thu Jan 09 2020 Aleksei Nikiforov <darktemplar@altlinux> 5.65.0-alt2
- Fixed issue preventing using kdesu to switch to different non-root user.
* Mon Dec 16 2019 Sergey V Turchin <zerg@altlinux> 5.65.0-alt1

publicsuffix-list - Cross-vendor public domain suffix database
* Thu Jan 09 2020 Mikhail Efremov <sem@altlinux> 20200106-alt1
- Use Vcs tag.
- New snapshot.
* Fri Nov 08 2019 Mikhail Efremov <sem@altlinux> 20191108-alt1

Total 17841 source packages.