From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Fri, 8 Dec 2023 00:15:53 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +3! +11 (18678) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2023 00:15:57 -0000 Archived-At: List-Archive: 3 ADDED packages branding-alt-platform-builder - System/Base * Wed Nov 29 2023 Andrey Cherepanov 10-alt0.3 - Rename to alt-platform-builder - Modernizate ahttpd theme (thanks arbars@) * Sun Nov 26 2023 Anton Midyukov 10-alt0.2 edk2-loongarch64 - UEFI firmware for loongarch virtual machines [69M] * Mon Nov 13 2023 Alexey Sheplyakov 202308-alt1 - Initial build modbus-utils - CLI utilities to work with Modbus devices * Tue Aug 10 2021 Aleksey Saprunov 1.0.0-alt1 - Initial release 11 UPDATED packages alterator-mirror - local mirrors setup and maintainance * Mon Dec 04 2023 Andrey Cherepanov 0.4.10-alt1 - Supported allowed repo names in /etc/alterator/mirror/allowed. - Fixed regexp for custom url (ALT #43503). - Added alterator-mirror-allowed package with allowed repositories. * Tue Apr 07 2020 Andrey Cherepanov 0.4.9-alt1 glpi - IT and asset management software [55M] * Sun Oct 01 2023 Pavel Zilke 10.0.10-alt1 - New version 10.0.10 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-42802 : Unallowed PHP script execution + CVE-2023-41320 : Account takeover via SQL Injection in UI layout preferences + CVE-2023-41326 : Account takeover via Kanban feature + CVE-2023-41324 : Account takeover through API + CVE-2023-42462 : File deletion through document upload process + CVE-2023-41321 : Sensitive fields enumeration through API + CVE-2023-41322 : Privilege Escalation from technician to super-admin + CVE-2023-41323 : Users login enumeration by unauthenticated user + CVE-2023-41888 : Phishing through a login page malicious URL + CVE-2023-42461 : SQL injection in ITIL actors * Thu Jul 13 2023 Pavel Zilke 10.0.9-alt1 - New version 10.0.9 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-37278 : SQL injection in dashboard administration - Deleted glpi-php7 * Thu Jul 13 2023 Pavel Zilke 10.0.8-alt1 - New version 10.0.8 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-35924 : SQL injection via inventory agent request + CVE-2023-36808 : SQL injection through Computer Virtual Machine information + CVE-2023-35939 : Unauthorized access to Dashboard data + CVE-2023-35940 : Unauthenticated access to Dashboard data + CVE-2023-34244 : Reflected XSS in search pages + CVE-2023-34107 : Unauthorized access to knowledge base items + CVE-2023-34106 : Unauthorized access to user data * Sat May 13 2023 Pavel Zilke 10.0.7-alt1 - New version 10.0.7 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28849 : SQL injection and Stored XSS via inventory agent request + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds * Tue Jan 24 2023 Pavel Zilke 10.0.6-alt1 - New version 10.0.6 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22500 : Unauthorized access to inventory files + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-22724 : XSS in RSS Description Link + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute - Added glpi-php8.2 * Fri Nov 04 2022 Pavel Zilke 10.0.5-alt1 - New version 10.0.5 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information + CVE-2022-39373 : Stored XSS in entity name + CVE-2022-39376 : Improper input validation on emails links + CVE-2022-39370 : Improper access to debug panel + CVE-2022-39234 : User's session persist after permanently deleting his account + CVE-2022-39262 : Stored XSS on login page + CVE-2022-39277 : XSS in external links + CVE-2022-39375 : XSS through public RSS feed + CVE-2022-39323 : SQL Injection on REST API + CVE-2022-39371 : Stored XSS through asset inventory * Wed Sep 14 2022 Pavel Zilke 10.0.3-alt1 - New version 10.0.3 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-31187 : Stored XSS through global search (CVE-2022-31187) + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning * Fri Jul 22 2022 Pavel Zilke 10.0.2-alt1 - New version 10.0.2 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-31061 : Unauthenticated SQL injection on login page + CVE-2022-31056 : SQL injection on actor part in assistance forms + CVE-2022-31068 : Unauthenticated Sensitive Data Exposure on Refused Inventory Files * Fri Jun 10 2022 Pavel Zilke 10.0.1-alt1 - New version 10.0.1 - This is a security release, upgrading is recommended - The GLPI licence has been moved to GPLv3+ * Wed Apr 20 2022 Pavel Zilke 10.0.0-alt1 - New version 10.0.0 - Added glpi-php8.0 - Added glpi-php8.1 * Thu Jan 27 2022 Pavel Zilke 9.5.7-alt1 Note: changelog entry for 9.5.13-alt1 not found. glpi-agent - GLPI Agent * Tue Nov 21 2023 Andrey Cherepanov 1.6.1-alt1 - New version. * Thu Nov 16 2023 Andrey Cherepanov 1.6-alt1 - New version. - Added EnvironmentFile to service. * Sat Jun 24 2023 Andrey Cherepanov 1.5-alt1 - New version. * Mon Feb 06 2023 Andrey Cherepanov 1.4-alt2 java-17-openjdk - OpenJDK 17 Runtime Environment [63M] * Tue Dec 05 2023 Andrey Cherepanov 0:17.0.9.0.9-alt1 - New version (fixes CVE-2023-22081 and CVE-2023-22025). * Mon Sep 04 2023 Andrey Cherepanov 0:17.0.8.0.7-alt2 - Replaced %majorver by %featurever in desktop files (ALT #47000). - Fixed %priotity. * Thu Aug 24 2023 Andrey Cherepanov 0:17.0.8.0.7-alt1 nextcloud - Cloud platform [124M] * Mon Dec 04 2023 Andrey Cherepanov 26.0.9-alt0.p10.1 - New version (fixes CVE-2023-48306, CVE-2023-48305, CVE-2023-48304, CVE-2023-48303, CVE-2023-48302, CVE-2023-48301, CVE-2023-48239, CVE-2023-45148, CVE-2023-39963, CVE-2023-39962, CVE-2023-39961, CVE-2023-39960, CVE-2023-39959, CVE-2023-39958, CVE-2023-39952, CVE-2023-35928, CVE-2023-35927, CVE-2023-35172, CVE-2023-35171, CVE-2023-32320, CVE-2023-32319, CVE-2023-32318) * Mon Mar 27 2023 Andrey Cherepanov 26.0.0-alt1 papirus-icon-theme - All Papirus icon themes [21M] * Sat Dec 02 2023 Kirill Izmestev 20231201-alt1 - New version. * Thu Nov 16 2023 Kirill Izmestev 20231101-alt2 plasma5-polkit-kde-agent - KDE Workspace 5 PolicyKit authentication agent * Thu Nov 30 2023 Sergey V Turchin 1:5.27.9-alt3 - select any user if not selected by default * Thu Nov 02 2023 Sergey V Turchin 1:5.27.9-alt2 - dont force alternate placement * Thu Oct 26 2023 Sergey V Turchin 1:5.27.9-alt1 portproton - Installer for PortProton * Fri Nov 24 2023 Mikhail Tergoev 1.3-alt1 - updated to v1.3 * Sat Nov 11 2023 Mikhail Tergoev 1.2-alt1 - updated to v1.2 - updated icon file (png to svg) * Fri Nov 10 2023 Mikhail Tergoev 1.1-alt1 - updated to v1.1 - added gitlab.eterfund.ru for download scripts - added installation path selection - update desktop file * Fri May 19 2023 Vitaly Lipatov 1.0-alt3 python3-module-simple-term-menu - A Python package which creates simple interactive menus on the command line * Fri Dec 01 2023 Alexander Makeenkov 1.6.3-alt1 - Updated to version 1.6.3. * Mon Mar 27 2023 Alexander Makeenkov 1.6.1-alt1 rpm-macros-branding - RPM helper macros to build branding packages * Thu Nov 23 2023 Anton Midyukov 1.0.9-alt1 - Added alt-platform-builder * Fri Jun 09 2023 Roman Alifanov 1.0.8-alt1 - NMU: Added etersoft-ximper (ALT bug 47384) * Fri Jul 29 2022 Andrey Cherepanov 1.0.7-alt1 xfce4-power-manager - Power management for the Xfce desktop environment * Thu Nov 30 2023 Mikhail Efremov 4.18.3-alt1 - Dropped %xfce4_drop_gitvtag macro. - Required libxfce4ui >= 4.18.4. - Updated to 4.18.3. * Tue May 30 2023 Mikhail Efremov 4.18.2-alt1 Total 18678 source packages.