posts/Alpine-3.11.6-released.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

---
title: 'Alpine 3.11.6 released'
date: 2020-04-23
---

Alpine Linux 3.11.6 released
===========================

The Alpine Linux project is pleased to announce the immediate
availability of version 3.11.6 of its Alpine Linux operating system.

This includes an important security fix for openssl (CVE-2020-1967).

The full lists of changes can be found in the [git
log](http://git.alpinelinux.org/cgit/aports/log/?h=v3.11.6).

Git Shortlog
------------

<pre>
Andy Postnikov (2):
      community/php7: security upgrade to 7.3.17 CVE-2020-7067
      community/cacti: upgrade to 1.2.11

Arda Aytekin (1):
      community/openblas: revert LAPACK changes

Ariadne Conill (2):
      community/tor: disable package pending security review
      community/tor: re-enable and rebuild to avoid bogus IDS warning

Carlo Landmeter (1):
      main/py3-crypto: fix operator

J0WI (6):
      main/apache2: security upgrade to 2.4.43
      main/apache2: modernize
      main/haproxy: security upgrade to 2.0.14
      main/gd: patch CVE-2018-14553 and CVE-2019-11038
      main/libssh: security upgrade to 0.9.4
      main/git: security upgrade to 2.24.2

Jake Buchholz (1):
      community/runc: security upgrade to 1.0.0_rc10

Kaarle Ritvanen (3):
      main/strongswan: subpackage for logfile config
      main/in-sync: backport from edge
      main/dmvpn: file list for in-sync

Keith Maxwell (1):
      [3.11] main/ansible: security upgrade to 2.9.7

Kevin Daudt (1):
      main/git: security upgrade to 2.24.3 (CVE-2020-11008)

Leo (22):
      community/py3-twisted: security upgrade to 20.3.0
      main/bluez: fix CVE-2020-0556
      main/icu: fix CVE-2020-10531
      community/py3-bleach: security upgrade to 3.1.4
      main/libmspack: security upgrade to 0.10.1_alpha
      main/libvpx: add missing secfixes info
      community/nethack: upgrade to 3.6.6
      main/unzip: fix CVE-2019-13232
      community/jenkins: security upgrade to 2.228
      main/unzip: actually fix CVE-2019-13232
      main/screen: fix CVE-2020-9366
      community/dia: fix secfixes comment
      main/gnutls: fix GNUTLS-SA-2020-03-31
      main/libgit2: upgrade to 0.28.5
      main/gnutls: add CVE secfixes info
      main/mbedtls: security upgrade to 2.16.5
      main/bubblewrap: security upgrade to 0.4.1
      main/xen: add missing CVE info
      main/mercurial: upgrade to 5.3.2
      community/freerdp: security upgrade to 2.0.0
      community/wireshark: security upgrade to 3.0.10
      main/xen: fix various security issues

Leonardo Arena (2):
      community/nextcloud: upgrade to 17.0.5
      community/racktables: needs mbstring PHP module

Milan P. Stanić (5):
      community/firefox-esr: upgrade to 68.6.1
      community/firefox-esr: upgrade to 68.7.0
      main/ncurses: fix missing vtXXX terminfo in ncurses-terminfo-base
      main/st: set depends on ncurses-terminfo-base
      testing/st-xrdb: set depends on ncurses-terminfo-base

Natanael Copa (16):
      main/screen: fix patch for CVE-2020-9366
      main/uwsgi: use libucontext for ugreen plugin
      community/graphicsmagick: security upgrade to 1.3.35 (CVE-2020-10938)
      main/freeradius: fix going though post-proxy on dead home server
      main/openssl: security upgrade to 1.1.1g (CVE-2020-1967)
      main/linux-lts: upgrade to 5.4.34 and misc config fixes
      community/jool-modules-lts: rebuild against kernel 5.4.34-r0
      community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.34-r0
      community/wireguard-lts: update to 1.0.20200401 / 5.4.34-r0
      main/drbd-lts: rebuild against kernel 5.4.34-r0
      main/xtables-addons-lts: rebuild against kernel 5.4.34-r0
      main/zfs-lts: rebuild against kernel 5.4.34-r0
      main/linux-rpi: upgrade to 5.4.34
      community/jool-modules-rpi: rebuild against kernel 5.4.34-r0
      community/wireguard-rpi: upgrade to 1.0.20200401 / 5.4.34-r0
      ===== release 3.11.6 =====

Rasmus Thomsen (13):
      main/vala: upgrade to 0.46.7
      community/libwpe: new aport
      community/libwpebackend-fdo: new aport
      community/webkit2gtk: security upgrade to 2.28.0
      community/gjs: upgrade to 1.58.6
      community/mutter: upgrade to 3.34.5
      community/gnome-shell: upgrade to 3.34.5
      community/gnome-control-center: upgrade to 3.34.5
      community/gnome-desktop: upgrade to 3.34.5
      community/gnome-weather: upgrade to 3.34.1
      community/gnome-weather: upgrade to 3.34.2
      community/webkit2gtk: security upgrade to 2.28.1
      main/vala: upgrade to 0.46.8

Robert Pritzkow (1):
      main/ruby: security upgrade to 2.6.6

Sören Tempel (1):
      main/mcpp: fix CVE-2019-14274

Thomas Liske (1):
      main/py-dbus: fix packaging

Timo Teräs (1):
      main/apk-tools: upgrade to 2.10.5

Đoàn Trần Công Danh (1):
      main/git: fix and enable tests

</pre>