aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* main/pcre: add secfixes comment for CVE-2017-11164Natanael Copa2017-12-041-0/+4
| | | | | | | | We are not affected by CVE-2017-16231 due to our build with --with-match-limit-recursion=8192. We had this option since first commit, version 7.8, and were never affected. fixes #8141
* main/libvorbis: bump pkgrel and add secfixes commentNatanael Copa2017-11-231-1/+5
| | | | really fixes #7939
* main/libvorbis: fix CVE-2017-14160Natanael Copa2017-11-232-12/+70
| | | | fixes #7939
* main/quagga: fix CVE-2017-16227Natanael Copa2017-11-232-2/+39
| | | | fixes #8084
* main/openvpn: security upgrade to 2.3.18 (CVE-2017-12166)Natanael Copa2017-11-231-4/+4
| | | | fixes #8127
* main/busybox: secfixes for CVE-2017-15873,CVE-2017-16544Natanael Copa2017-11-233-1/+262
| | | | fixes #8189
* main/tiff: security upgrade to 4.0.9 (CVE-2017-16231,CVE-2017-16232)Natanael Copa2017-11-2314-861/+7
| | | | fixes #8147
* main/postgresql: upgrade to 9.6.6 (security fixes)Jakub Jirutka2017-11-211-2/+5
| | | | | | | | Fixes: CVE-2017-15098, CVE-2017-15099 Release Notes: https://www.postgresql.org/about/news/1801/ PostgreSQL on Alpine has never been affected by CVE-2017-12172.
* main/varnish: security upgrade to 4.1.9 (CVE-2017-8807)Natanael Copa2017-11-213-154/+17
| | | | fixes #8166
* main/libvirt: security fix (CVE 2017-1000256). Fixes #8159Francesco Colista2017-11-212-2/+48
|
* main/openssl: security upgrade to 1.0.2mAndy Postnikov2017-11-091-4/+7
| | | | | | | CVE-2017-3735 CVE-2017-3736 fixes #8115
* main/roundcubemail: security upgrade to 1.2.7 (CVE-2017-16651)Leonardo Arena2017-11-091-6/+8
|
* main/php5: upgrade to 5.6.32Andy Postnikov2017-11-021-4/+6
| | | | Security release http://php.net/archive/2017.php#id2017-10-26-3
* community/php7: build fixNatanael Copa2017-10-311-1/+1
| | | | lsphp was renamed upstream
* community/php7: security upgrade to 7.0.25Andy Postnikov2017-10-311-4/+6
| | | | ref #8071
* main/xen: add secinfoLeonardo Arena2017-10-251-0/+13
|
* main/xen: add leftout patch from previous commitLeonardo Arena2017-10-252-1/+39
|
* main/xen: security upgrade to 4.7.3Leonardo Arena2017-10-2511-810/+666
| | | | | | (CVE-2017-12135, CVE-2017-12137, CVE-2017-12136, CVE-2017-12134, CVE-2017-12855) fixes #7734
* main/xen: update source for goodLeonardo Arena2017-10-251-2/+2
|
* main/xen: update sourceLeonardo Arena2017-10-251-2/+2
|
* main/xen: securit fixesLeonardo Arena2017-10-255-1/+390
| | | | | | (CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319) fixes #7821
* main/gdk-pixbuf: security upgrade to 2.36.7 (CVE-2017-2862)Leonardo Arena2017-10-251-4/+6
| | | | Fixes #7867
* main/newsbeuter: security fix (CVE-2017-14500)Leonardo Arena2017-10-242-5/+51
| | | | fixes #7878
* main/curl: security upgrade to 7.56.1 (CVE-2017-1000257)Natanael Copa2017-10-241-2/+6
| | | | fixes #8040
* main/samba: security upgrade to 4.5.14Leonardo Arena2017-10-242-54/+12
| | | | | | (CVE-2017-12150, CVE-2017-12151, CVE-2017-12163) fixes #7893
* main/musl: fix CVE-2017-15650Natanael Copa2017-10-232-1/+39
| | | | fixes #8032
* main/strongswan: security fix (CVE-2017-11185)Leonardo Arena2017-10-232-1/+55
| | | | fixes #7904
* main/weechat: security fix (CVE-2017-14727)Leonardo Arena2017-10-232-5/+163
| | | | fixes #7930
* main/ncurses: security fixesLeonardo Arena2017-10-232-212/+18
| | | | | | | (CVE-2017-11112, CVE-2017-11113, CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) fixes #7968
* community/one-context: upgrade to 0.5.3Jakub Jirutka2017-10-231-9/+2
|
* community/wireshark: security upgrade to 2.2.10Leonardo Arena2017-10-231-6/+10
| | | | | | | (CVE-2017-15191, CVE-2017-15192, CVE-2017-15193) (CVE-2017-13765, CVE-2017-13766, CVE-2017-13767) fixes #8015 #7912
* main/acf-dnsmasq: upgrade to 0.7.1Ted Trask2017-10-171-5/+3
| | | | (cherry picked from commit dad897776e7acc96e0965ded745980e2e19fd120)
* main/hostapd: security fixesLeonardo Arena2017-10-178-17/+993
| | | | | | | | | | | | | | | - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13084 (not applicable) - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
* main/wpa_supplicant: security upgradeSören Tempel2017-10-169-15/+1038
| | | | | | | | | | | | | | CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 See also: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
* main/perl: use system zlib and bzip2Natanael Copa2017-10-111-2/+19
| | | | | | | | | | | The bundled zlib 1.2.8 is vulnerable to: - CVE-2016-9843 - CVE-2016-9841 - CVE-2016-9840 - CVE-2016-9842 Force building with system zlib, and while at it, also do that with bzip2
* main/ghostscript: security upgrade to 9.22. Fixes #7994Francesco Colista2017-10-111-11/+9
|
* main/perl: security upgrade to 5.24.3 (CVE-2017-12837,CVE-2017-12883)Natanael Copa2017-10-101-4/+9
| | | | fixes #7899
* main/curl: security upgrade to 7.56.0 (CVE-2017-1000254)Natanael Copa2017-10-042-40/+4
| | | | fixes #7963
* main/busybox: add secfix comment for CVE-2016-6301Natanael Copa2017-10-031-0/+4
| | | | so it gets whitelisted
* main/python3: split out wininst*.exeNatanael Copa2017-10-031-2/+9
| | | | | | | | the wininst is only needed for creating binary distribution for windows and is rarely needed. The precompiled .exe files contains statically linked version of zlib 1.2.8 which is vulnerable. Remove them from main package and save a couple of MB.
* main/sqlite: security fix for CVE-2017-10989Natanael Copa2017-10-022-1/+24
| | | | fixes #7951
* main/dnsmasq: backport patches for CVE-2017-14491..14496Jakub Jirutka2017-10-028-9/+554
|
* main/openjpeg: security upgrade to 2.2.0 and fixesFrancesco Colista2017-09-217-24/+309
| | | | | | | | | | | - CVE-2017-14040 - CVE-2017-14041 - CVE-2017-14151 - CVE-2017-14152 - CVE-2017-14164 Fixes partially #7827. Not yet fixed CVE-2017-14039 since patch is not available for 2.2.0
* main/apache2: fix CVE-2017-9798 aka OptionsbleedDaniel Isaksen2017-09-212-1/+20
|
* main/asterisk: security upgrade to 14.6.2 (CVE-2017-14099)Timo Teräs2017-09-201-2/+2
| | | | AST-2017-008 (CVE-2017-14099): RTP/RTCP information leak
* main/libgcrypt: security upgrade to 1.7.9 (CVE-2017-0378)Natanael Copa2017-09-191-4/+8
| | | | fixes #7833
* main/bluez: security fixes for CVE-2017-1000250. Fixes #7845Francesco Colista2017-09-182-4/+37
|
* main/tcpdump: upgrade to 4.9.2Andy Postnikov2017-09-151-4/+4
| | | | | Lots of security fixes http://www.tcpdump.org/tcpdump-changes.txt fixes #7840
* main/ruby: upgrade to 2.3.5 (security fixes)Jakub Jirutka2017-09-151-4/+14
|
* community/ruby2.2: upgrade to 2.2.8 (security fixes)Jakub Jirutka2017-09-151-5/+15
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 19:28:16 +0000