| |
(Jul 30) |
| |
Security Report Summary
|
| |
(Jul 30) |
| |
Security Report Summary
|
| |
(Jul 28) |
| |
Security Report Summary
|
| |
(Jul 26) |
| |
Security Report Summary
|
| |
(Jul 25) |
| |
Security Report Summary
|
| |
(Jul 25) |
| |
Security Report Summary
|
| |
(Jul 24) |
| |
Security Report Summary
|
| |
(Jul 23) |
| |
Security Report Summary
|
| |
(Jul 23) |
| |
Security Report Summary
|
|
|
|
| |
(Jul 31) |
| |
Handle terminal control characters in scp progressmeter (#1247204) -- Security fix
|
| |
(Jul 30) |
| |
Security fix for CVE-2015-5600
|
| |
(Jul 30) |
| |
Add epoch again. New version. Close bug #1105202 again. Own /etc/xrdp/pulse directory. Reapply service file changes again. Fix sesman default configuration again.
|
| |
(Jul 30) |
| |
Security fix for CVE-2015-3245, CVE-2015-3246
|
| |
(Jul 29) |
| |
## 7.x-3.3See [SA-CONTRIB-2015-133](https://www.drupal.org/node/2533926)* New token `%site:current-page:path-menu-trail:pb-join:*` is an alternative approach to build breadcrumbs based on path hierarchy.* Fixed #2473109: Destination parameter is present but doesn't work during editing breadcrumb* Other improvements and fixes.
|
| |
(Jul 29) |
| |
Fixes salt usage for password wrapping
|
| |
(Jul 29) |
| |
Fix CSRF issue.- Fix font-awesome paths (bug #1219956)- Add upstream patch to fix PyQt4 import (bug #1219997)- Use python2 macros, fix python3 shebang fixFix fontawesome path
|
| |
(Jul 29) |
| |
fixes CVE-2015-0839
|
| |
(Jul 29) |
| |
Fixes salt usage for password wrapping
|
| |
(Jul 29) |
| |
## 7.x-3.3See [SA-CONTRIB-2015-133](https://www.drupal.org/node/2533926)* New token `%site:current-page:path-menu-trail:pb-join:*` is an alternative approach to build breadcrumbs based on path hierarchy.* Fixed #2473109: Destination parameter is present but doesn't work during editing breadcrumb* Other improvements and fixes.
|
| |
(Jul 29) |
| |
Update to new version 2.4.16. This update fixed various bugs as well as few security issues.For full changelog, see
|
| |
(Jul 29) |
| |
Update to nx-libs 3.5.0.32:- Proper integration of all patches in the source tarballs. Bugs in the tarball generation script and patch file names prohibited inclusion of many patches previously, including security fixes.- Better support for debug (DEBUG, TEST, TRACE and other directives) builds, in part thanks to Nito Martinez.- Build fixes due to underlinking of libdl thanks to Bernard Cafarelli.- Retroactively document correct GPLv2 licensing of previously potentially offending DXPC code.- Help text fixups.- Restart reading if interrupted, gets rid of "Negotiation in stage 10" errors thanks to Vadim Troshchinskiy.- A dozen X.Org Server fixes backported by Ulrich Sibiller.The X2Go Project thanks Bernard Cafarelli, Nito Martinez (Qindel Group), Vadim Troshchinskiy (Qindel Group) and Ulrich Sibiller for their contributions.
|
| |
(Jul 29) |
| |
Attempt to fix this DoS.
|
| |
(Jul 29) |
| |
The update adds a patch for the security issue in bug 1241907.
|
| |
(Jul 29) |
| |
Fix CSRF issue.- Fix font-awesome paths (bug #1219956)- Add upstream patch to fix PyQt4 import (bug #1219997)- Use python2 macros, fix python3 shebang fixFix fontawesome path
|
| |
(Jul 29) |
| |
Fix CVE-2015-3239
|
| |
(Jul 29) |
| |
CVE-2015-0848 Heap overflowCVE-2015-4588 RLE decoding doesn't check that the "count" fits into the imageCVE-2015-4695 meta_pen_create heap buffer overflowCVE-2015-4696 wmf2gd/wmf2eps use after free
|
| |
(Jul 28) |
| |
10 Jul 2015, **PHP 5.6.11****Core:*** Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)* Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle)* Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry)* Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski)* Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker)* Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz)* Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita)* Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz)* Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)* Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo)**GD:*** Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)**GMP:*** Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). (Nikita)**PCRE:*** Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb)* Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)**PDO_pgsql:*** Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter)* Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo)* Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo)**SimpleXML:*** Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker)**SPL:*** Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas)* Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).* Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence)**Sqlite3:*** Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence)
|
| |
(Jul 28) |
| |
Security fix for CVE-2015-2059
|
| |
(Jul 28) |
| |
**Release 1.1.2*** Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358)* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]* Fix handling of %-encoded entities in mailto: URLs (#1490346)* Fix zipped messages downloads after selecting all messages in a folder (#1490339)* Fix vpopmaild driver of password plugin* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)* Fix lack of signature separator for plain text signatures in html mode (#1490352)* Fix font artifact in Google Chrome on Windows (#1490353)* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)* Fix mouseup event handling when dragging a list record (#1490359)* Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362)* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)* Fix security issue in contact photo handling (#1490379)* Fix possible memcache/apc cache data consistency issues (#1490390)* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)* Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)* Fix attached file path unsetting in database_attachments plugin (#1490393)* Fix issues when using moduserprefs.sh without --user argument (#1490399)* Fix potential info disclosure issue by protecting directory access (#1490378)* Fix blank image in html_signature when saving identity changes (#1490412)* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)* Fix XSS vulnerability in _mbox argument handling (#1490417)
|
| |
(Jul 28) |
| |
The update adds a patch for the security issue in bug 1241907.
|
| |
(Jul 28) |
| |
Security fix for CVE-2015-2059
|
| |
(Jul 28) |
| |
This update includes the latest stable release of **Apache Subversion**, version **1.8.13**.Three security vulnerabilities are fixed in this update:* CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt* CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt* CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt In addition, the following changes are included in the Subversion 1.8.13 update:**Client-side bugfixes:*** ra_serf: prevent abort of commits that have already succeeded * ra_serf: support case-insensitivity in HTTP headers * better error message if an external is shadowed * ra_svn: fix reporting of directory read errors * fix a redirect handling bug in 'svn log' over HTTP * properly copy tree conflict information * fix 'svn patch' output for reordered hunks * svnrdump load: don't load wrong props with no-deltas dump * fix working copy corruption with relative file external * don't crash if config file is unreadable * svn resolve: don't ask a question with only one answer * fix assertion failure in svn move * working copy performance improvements * handle existing working copies which become externals * fix recording of WC meta-data for foreign repos copies * fix calculating repository path of replaced directories * fix calculating repository path after commit of switched nodes * svnrdump: don't provide HEAD+1 as base revision for deletes * don't leave conflict markers on files that are moved * avoid unnecessary subtree mergeinfo recording * fix diff of a locally copied directory with props**Server-side bugfixes:*** fsfs: fix a problem verifying pre-1.4 repos used with 1.8 * svnadmin freeze: fix memory allocation error * svnadmin load: tolerate invalid mergeinfo at r0* svnadmin load: strip references to r1 from mergeinfo * svnsync: strip any r0 references from mergeinfo * fsfs: reduce memory consumption when operating on dag nodes * reject invalid get-location-segments requests in mod_dav_svn and svnserve * mod_dav_svn: reject invalid txnprop change requests **Client-side and server-side bugfixes:*** fix undefined behaviour in string buffer routines * fix consistency issues with APR r/w locks on Windows * fix occasional SEGV if threads load DSOs in parallel * properly duplicate svn error objects * fix use-after-free in config parser
|
| |
(Jul 28) |
| |
**Release 1.1.2*** Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358)* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]* Fix handling of %-encoded entities in mailto: URLs (#1490346)* Fix zipped messages downloads after selecting all messages in a folder (#1490339)* Fix vpopmaild driver of password plugin* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)* Fix lack of signature separator for plain text signatures in html mode (#1490352)* Fix font artifact in Google Chrome on Windows (#1490353)* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)* Fix mouseup event handling when dragging a list record (#1490359)* Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362)* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)* Fix security issue in contact photo handling (#1490379)* Fix possible memcache/apc cache data consistency issues (#1490390)* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)* Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)* Fix attached file path unsetting in database_attachments plugin (#1490393)* Fix issues when using moduserprefs.sh without --user argument (#1490399)* Fix potential info disclosure issue by protecting directory access (#1490378)* Fix blank image in html_signature when saving identity changes (#1490412)* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)* Fix XSS vulnerability in _mbox argument handling (#1490417)
|
| |
(Jul 28) |
| |
Security fix for CVE-2015-3281
|
| |
(Jul 28) |
| |
New upstream bug-fix release, which fixes CVE-2015-0839
|
| |
(Jul 28) |
| |
Security fix for CVE-2015-3281
|
| |
(Jul 28) |
| |
Update to 0.163. Hardening fixes. Updated eu-addr2line utility. Various bug fixes. Updated translations.
|
| |
(Jul 23) |
| |
apply fix for NDEF record payload length checking
|
| |
(Jul 23) |
| |
apply fix for NDEF record payload length checking
|
| |
(Jul 23) |
| |
update to 1.8.3 fixing 3 CVE
|
|
|
|
| |
(Jul 23) |
| |
A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code.
|
|
|
|
| |
Red Hat: 2015:1526-01: java-1.6.0-openjdk: Important Advisory (Jul 30) |
| |
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1514-01: bind: Important Advisory (Jul 28) |
| |
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1515-01: bind97: Important Advisory (Jul 28) |
| |
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1513-01: bind: Important Advisory (Jul 28) |
| |
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1512-01: qemu-kvm-rhev: Important Advisory (Jul 28) |
| |
Updated qemu-kvm-rhev packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6 and Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 7. [More...]
|
| |
Red Hat: 2015:1510-01: clutter: Moderate Advisory (Jul 27) |
| |
Updated clutter packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1507-01: qemu-kvm: Important Advisory (Jul 27) |
| |
Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1499-01: chromium-browser: Important Advisory (Jul 27) |
| |
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1488-01: java-1.7.0-ibm: Critical Advisory (Jul 23) |
| |
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1483-01: libuser: Important Advisory (Jul 23) |
| |
Updated libuser packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1482-01: libuser: Important Advisory (Jul 23) |
| |
Updated libuser packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
|
| |
(Jul 28) |
| |
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
|
|
|
|
| |
Ubuntu: 2701-1: Linux kernel (Trusty HWE) vulnerabilities (Jul 30) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2700-1: Linux kernel vulnerabilities (Jul 30) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2699-1: HPLIP vulnerability (Jul 30) |
| |
HPLIP could be tricked into downloading a different GPG key whenperforming printer plugin installations.
|
| |
Ubuntu: 2698-1: SQLite vulnerabilities (Jul 30) |
| |
SQLite could be made to crash or run programs if it processed speciallycrafted queries.
|
| |
Ubuntu: 2697-1: Ghostscript vulnerability (Jul 30) |
| |
Ghostscript could be made to crash or run programs if it processed aspecially crafted file.
|
| |
Ubuntu: 2696-1: OpenJDK 7 vulnerabilities (Jul 30) |
| |
Several security issues were fixed in OpenJDK 7.
|
| |
Ubuntu: 2695-1: HTML Tidy vulnerabilities (Jul 29) |
| |
HTML Tidy could be made to crash or run programs if it processed speciallycrafted data.
|
| |
Ubuntu: 2694-1: PCRE vulnerabilities (Jul 29) |
| |
PCRE could be made to crash or run programs if it processed aspecially-crafted regular expression.
|
| |
Ubuntu: 2693-1: Bind vulnerabilities (Jul 28) |
| |
Bind could be made to crash if it received specially crafted networktraffic.
|
| |
Ubuntu: 2692-1: QEMU vulnerabilities (Jul 28) |
| |
Several security issues were fixed in QEMU.
|
| |
Ubuntu: 2691-1: Linux kernel vulnerabilities (Jul 28) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2687-1: Linux kernel (Trusty HWE) vulnerabilities (Jul 28) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2689-1: Linux kernel (Utopic HWE) vulnerabilities (Jul 28) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2690-1: Linux kernel (Vivid HWE) vulnerabilities (Jul 28) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2688-1: Linux kernel vulnerabilities (Jul 28) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2686-1: Apache HTTP Server vulnerabilities (Jul 27) |
| |
Several security issues were fixed in the Apache HTTP server.
|
| |
Ubuntu: 2683-1: Linux kernel (Vivid HWE) vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2679-1: Linux kernel (OMAP4) vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2680-1: Linux kernel (Trusty HWE) vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2684-1: Linux kernel vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2685-1: Linux kernel vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2681-1: Linux kernel vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2682-1: Linux kernel (Utopic HWE) vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu: 2678-1: Linux kernel vulnerabilities (Jul 23) |
| |
Several security issues were fixed in the kernel.
|
