From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
DKIM-Filter: OpenDKIM Filter v2.11.0 mskdc-relay.altlinux.org CA70660147
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altlinux.org;
 s=relay-alt2025; t=1755130881;
 bh=u70t0iV3H5BCKgXIXORXiObSVyn5rzHWr0wDP/tbAzU=;
 h=Date:From:To:Subject:From;
 b=NWtkTTkQTjsSr5qMngnUTE+gwJrMclBO2MxyhctmjBdWjfcD85cddYjN+oSlMHRF+
 GD45FUoWsQp27rFnZa3mYtyclKqqvmc/8uVE8kJzb8YaH4AwH8LFhU2likDgteDvlh
 NLc/akS/HkibqG2DxXRZsrcuF6FUUaPcX7S/qkUU=
Date: Thu, 14 Aug 2025 00:21:21 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <aJ0sAfvtGzuGlldQ@beehive.mskdc.altlinux.org>
Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: p10/branch packages: +2 (19061)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>, 
 <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2025 00:21:22 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/aJ0sAfvtGzuGlldQ@beehive.mskdc.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	2 UPDATED packages

containerd - A daemon to control runC
* Tue Nov 12 2024 Vladimir Didenko <cow@altlinux> 2.0.0-alt1
- 2.0.0
* Thu Oct 03 2024 Alexey Shabalin <shaba@altlinux> 2.0.0-alt0.rc5
- v2.0.0-rc.5
* Thu Sep 12 2024 Vladimir Didenko <cow@altlinux> 1.7.22-alt1
- 1.7.22
* Wed Aug 28 2024 Vladimir Didenko <cow@altlinux> 1.7.21-alt1
- 1.7.21
* Mon Jul 22 2024 Vladimir Didenko <cow@altlinux> 1.7.20-alt1

glpi - IT and asset management software                         	[55M]
* Wed Jul 16 2025 Pavel Zilke <zidex@altlinux> 10.0.19-alt0.p10.1
- New version 10.0.19
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2025-27514 : Stored XSS on projects kanban
 + CVE-2025-52567 : Blind SSRF in RSS feeds and planning
 + CVE-2025-52897 : XSS and open redirection in planning
 + CVE-2025-53008 : Mail receiver credentials exfiltration
 + CVE-2025-53357 : Reservations modification by unauthorized user
 + CVE-2025-53113 : Access to unallowed items information through external links
 + CVE-2025-53111 : Data exposure to non allowed users
 + CVE-2025-53112 : Data removal from allowed users
 + CVE-2025-53105 : Unauthorized rules execution order update
* Wed Feb 12 2025 Pavel Zilke <zidex@altlinux> 10.0.18-alt1
- New version 10.0.18
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2025-24799 : Unauthenticated SQL injection through the inventory endpoint
 + CVE-2025-24801 : Authenticated Remote code execution
 + CVE-2025-21619 : SQL injection through the rules configuration
 + CVE-2024-11955 : Open Redirection
 + CVE-2025-21627 : Reflected XSS in search page
 + CVE-2025-21626 : Exposure of sensitive information in the status.php endpoint
 + CVE-2025-23024 : Plugins disabled by unauthenticated user
 + CVE-2025-23046 : Unauthorized authentication by email using the OAuthIMAP plugin
 + CVE-2025-25192 : Unauthorized access to debug mode
* Fri Nov 08 2024 Pavel Zilke <zidex@altlinux> 10.0.17-alt1
- New version 10.0.17
- Added glpi-php8.3
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2024-50339 : Unauthenticated session hijacking
 + CVE-2024-40638 : Account takeover through SQL injection
 + CVE-2024-43416 : Users email enumeration by unauthenticated user
 + CVE-2024-47758 : Account takeover without privilege escalation through the API
 + CVE-2024-47761 : Account takeover via the password reset feature
 + CVE-2024-47760 : Account takeover via API
 + CVE-2024-48912 : Insecure account deletion by authenticated user
 + CVE-2024-45608 : Authenticated SQL Injection
 + CVE-2024-41679 : Authenticated SQL injection in ticket form
 + CVE-2024-45611 : Stored XSS in RSS feeds
 + CVE-2024-47759 : Stored XSS via document upload
 + CVE-2024-43417 : Reflected XSS
 + CVE-2024-43418 : Reflected XSS
 + CVE-2024-45609 : Reflected XSS
 + CVE-2024-45610 : Reflected XSS
 + CVE-2024-41678 : Reflected XSS
* Wed Jul 03 2024 Pavel Zilke <zidex@altlinux> 10.0.16-alt1

Total 19061 source packages.