From 87e353e8e5a67e875e39b4686d6674bd06d96ef0 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 3 Oct 2017 12:35:54 +0200
Subject: v3.5: various fixes

---
 v3.5/community.yaml |  24 ++++++++++++
 v3.5/main.yaml      | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 131 insertions(+), 1 deletion(-)

diff --git a/v3.5/community.yaml b/v3.5/community.yaml
index 4964ad8..f50d28b 100644
--- a/v3.5/community.yaml
+++ b/v3.5/community.yaml
@@ -113,6 +113,19 @@ packages:
           - CVE-2017-6846
           - CVE-2017-6847
           - CVE-2017-6849
+  - pkg:
+      name: ruby2.2
+      secfixes:
+        2.2.8-r0:
+          - CVE-2017-0898
+          - CVE-2017-10784
+          - CVE-2017-14033
+          - CVE-2017-14064
+          - CVE-2017-0899
+          - CVE-2017-0900
+          - CVE-2017-0901
+          - CVE-2017-0902
+#
   - pkg:
       name: salt
       secfixes:
@@ -155,3 +168,14 @@ packages:
         1.30.2-r1:
           - CVE-2017-5367
           - CVE-2017-5368
+  - pkg:
+      name: zziplib
+      secfixes:
+        0.13.67-r0:
+          - CVE-2017-5974
+          - CVE-2017-5975
+          - CVE-2017-5976
+          - CVE-2017-5977
+          - CVE-2017-5978
+          - CVE-2017-5979
+          - CVE-2017-5981
diff --git a/v3.5/main.yaml b/v3.5/main.yaml
index 0286ea4..9f3fb15 100644
--- a/v3.5/main.yaml
+++ b/v3.5/main.yaml
@@ -17,6 +17,8 @@ packages:
   - pkg:
       name: apache2
       secfixes:
+        2.4.27-r1:
+          - CVE-2017-9798
         2.4.26-r0:
           - CVE-2017-3167
           - CVE-2017-3169
@@ -25,6 +27,11 @@ packages:
           - CVE-2017-7679
         2.4.27-r0:
           - CVE-2017-9789
+  - pkg:
+      name: augeas
+      secfixes:
+        1.6.0-r1:
+        - CVE-2017-7555
   - pkg:
       name: bash
       secfixes:
@@ -51,11 +58,28 @@ packages:
       secfixes:
         2.27-r1:
         - CVE-2017-7614
+  - pkg:
+      name: bluez
+      secfixes:
+        5.42-r1:
+          - CVE-2017-1000250
+  - pkg:
+      name: busybox
+      secfixes:
+        1.25.0-r0:
+        - CVE-2016-6301
   - pkg:
       name: bzip2
       secfixes:
         1.0.6-r5:
           - CVE-2016-3189
+  - pkg:
+      name: c-ares
+      secfixes:
+        1.12.0-r1:
+          - CVE-2017-1000381
+        1.12.0-r0:
+          - CVE-2016-5180
   - pkg:
       name: collectd
       secfixes:
@@ -103,6 +127,17 @@ packages:
       secfixes:
         2.1.26-r7:
           - CVE-2013-4122
+  - pkg:
+      name: dnsmasq
+      secfixes:
+        2.76-r2:
+          - CVE-2017-14491
+          - CVE-2017-14492
+          - CVE-2017-14493
+          - CVE-2017-14494
+          - CVE-2017-14495
+          - CVE-2017-14496
+#
   - pkg:
       name: dropbear
       secfixes:
@@ -248,8 +283,10 @@ packages:
   - pkg:
       name: libarchive
       secfixes:
+        3.3.1-r2:
+          - CVE-2017-14166
         3.2.2-r1:
-        - CVE-2017-5601.patch
+          - CVE-2017-5601
   - pkg:
       name: libass
       secfixes:
@@ -265,6 +302,11 @@ packages:
         - CVE-2016-10195
         - CVE-2016-10196
         - CVE-2016-10197
+  - pkg:
+      name: libgcrypt
+      secfixes:
+        1.7.9-r0:
+        - CVE-2017-0379
   - pkg:
       name: libgit2
       secfixes:
@@ -288,6 +330,18 @@ packages:
         -  CVE-2016-6261
         -  CVE-2016-6262
         -  CVE-2016-6263
+  - pkg:
+      name: libmspack
+      secfixes:
+        0.5_alpha-r1:
+          - CVE-2017-6419
+          - CVE-2017-11423
+  - pkg:
+      name: libraw
+      secfixes:
+        0.17.2-r1:
+          - CVE-2017-6886
+          - CVE-2017-6887
   - pkg:
       name: libsndfile
       secfixes:
@@ -337,6 +391,16 @@ packages:
   - pkg:
       name: mariadb
       secfixes:
+        10.1.26-r0:
+          - CVE-2017-3636
+          - CVE-2017-3641
+          - CVE-2017-3653
+        10.1.23-r0:
+          - CVE-2017-3308
+          - CVE-2017-3309
+          - CVE-2017-3453
+          - CVE-2017-3456
+          - CVE-2017-3464
         10.1.22-r0:
           - CVE-2017-3313
           - CVE-2017-3302
@@ -361,6 +425,12 @@ packages:
         - CVE-2016-8704
         - CVE-2016-8705
         - CVE-2016-8706
+  - pkg:
+      name: mercurial
+      secfixes:
+        4.3.1-r0:
+        - CVE-2017-1000115
+        - CVE-2017-1000116
   - pkg:
       name: mosquitto
       secfixes:
@@ -392,6 +462,11 @@ packages:
         6.0-r8:
           - CVE-2017-10684
           - CVE-2017-10685
+  - pkg:
+      name: newsbeuter
+      secfixes:
+        2.9-r4:
+        - CVE-2017-12904
   - pkg:
       name: nginx
       secfixes:
@@ -407,6 +482,14 @@ packages:
   - pkg:
       name: openjpeg
       secfixes:
+        2.2.0-r0:
+          - CVE-2017-14040
+          - CVE-2017-14041
+          - CVE-2017-14151
+          - CVE-2017-14152
+          - CVE-2017-14164
+        2.1.2-r2:
+          - CVE-2017-12982
         2.1.2-r1:
           - CVE-2016-9580
           - CVE-2016-9581
@@ -542,6 +625,19 @@ packages:
       secfixes:
         1.2.5-r0:
         - CVE-2017-8114
+  - pkg:
+      name: ruby
+      secfixes:
+        2.3.5-r0:
+          - CVE-2017-0898
+          - CVE-2017-10784
+          - CVE-2017-14033
+          - CVE-2017-14064
+          - CVE-2017-0899
+          - CVE-2017-0900
+          - CVE-2017-0901
+          - CVE-2017-0902
+#
   - pkg:
       name: samba
       secfixes:
@@ -559,6 +655,11 @@ packages:
       secfixes:
         0.12.8-r3:
           - CVE-2017-7506
+  - pkg:
+      name: sqlite
+      secfixes:
+        3.15.2-r1:
+        - CVE-2017-10989
   - pkg:
       name: strongswan
       secfixes:
@@ -570,6 +671,11 @@ packages:
       secfixes:
         1.9.7-r0:
           - CVE-2017-9800
+  - pkg:
+      name: supervisor
+      secfixes:
+        3.2.4-r0:
+          - CVE-2017-11610  
   - pkg:
       name: tar
       secfixes:
-- 
cgit v1.2.3