Fedora Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
- Fix CVE-2018-11396/CVE-2018-12016 (#795740) - Allow Ctrl+T in app mode again due to unintended consequences (#796204) - Don't remember passwords when the setting is disabled (#796219) - Fix password manager crash on chase.com (GitLab #11)
- doc Remove documentation for future option faked sys - build Don't use dev srandom on OpenBSD - Do not use C99 feature - g10 Fix regexp sanitization - g10 Push compress filter only if compressed - gpg Sanitize diagnostic with the original file name [CVE-2018-12020]
Secunia Advisory SA83507, credits Kasper Leigh Haabb, Secunia Research at Flexera parse_qt: possible integer overflow reject broken/crafted NOKIARAW files Backported 0.19-patch to recover read position if TIFF/EXIF tag is too long
Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148
Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200) A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite
The v4.16.15 update contains important fixes across the tree
Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200) A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite
This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix
Remove essentially unused pre_release tagging in spec file Fixup Makefile patch to include LDFLAGS in all linking commands
DWARF5 and split dwarf, including GNU DebugFission, support.
Some more efail fixes, https://enigmail.net/index.php/en/download/changelog
**Version 2.8.41** (2018-05-25) * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured * security #cve-2018-11406 clear CSRF tokens when the user is logged out * security #cve-2018-11385 Adding session authentication strategy to Guard
**Version 4.0.11** (2018-05-25) * bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas) * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas- grekas) * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured * security #cve-2018-11406 clear CSRF tokens when the user