| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
(cherry picked from commit a15984cf2f34e1570fbfddd96c82b3ef061f78e1)
|
|
|
|
|
|
|
|
| |
Patches from Debian Jessie (1:4.2-3+deb8u3 & 1:4.2-3+deb8u2)
fixes #6943
(cherry picked from commit e9a92d060e2e59ac087373af9b81546c2a761d07)
|
|
|
|
| |
ref #6913
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-2350
CVE-2017-2354
CVE-2017-2355
CVE-2017-2356
CVE-2017-2362
CVE-2017-2363
CVE-2017-2364
CVE-2017-2365
CVE-2017-2366
CVE-2017-2369
CVE-2017-2371
CVE-2017-2373
|
|
|
|
| |
Bug fix release http://php.net/archive/2017.php#id2017-02-16-1
|
|
|
|
| |
(cherry picked from commit c78947b324c68dd1f194880e5b2a19963cbc25fe)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
enable sunec (ref #6809)
S8138725: Add options for Javadoc generation
S8140353: Improve signature checking
S8151934, CVE-2017-3231: Resolve class resolution
S8156804, CVE-2017-3241: Better constraint checking
S8158406: Limited Parameter Processing
S8158997: JNDI Protocols Switch
S8159507: RuntimeVisibleAnnotation validation
S8161218: Better bytecode loading
S8161743, CVE-2017-3252: Provide proper login context
S8162577: Standardize logging levels
S8162973: Better component components
S8164143, CVE-2017-3260: Improve components for menu items
S8164147, CVE-2017-3261: Improve streaming socket output
S8165071, CVE-2016-2183: Expand TLS support
S8165344, CVE-2017-3272: Update concurrency support
S8166988, CVE-2017-3253: Improve image processing performance
S8167104, CVE-2017-3289: Additional class construction refinements
S8167223, CVE-2016-5552: URL handling improvements
S8168705, CVE-2016-5547: Better ObjectIdentifier validation
S8168714, CVE-2016-5546: Tighten ECDSA validation
S8168728, CVE-2016-5548: DSA signing improvments
S8168724, CVE-2016-5549: ECDSA signing improvments
(cherry picked from commit 51235b6d75fcf6e3cea97c71c2f89d79fb0f7d48)
|
|
|
|
|
|
|
|
|
|
| |
Bugfix release for PHP 7
- fix #207 Segmentation fault in apc_sma_api_free()
- fix #221 memory leak
- update to apc dashboard (Tyson Andre)
https://pecl.php.net/package-changelog.php?package=APCu&release=5.1.8
|
|
|
|
|
| |
CVE-2017-5192: local_batch client external authentication not respected
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
|
|
|
|
| |
fixes #6787
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
CVE-2017-5396: Use-after-free with Media Decoder
|
|
|
|
| |
fixes #6762
|
|
|
|
|
|
|
|
|
|
| |
This release includes several bug fixes, including security fixes in
opusenc, as well as a few minor enhancements. Changes include:
* opusenc: Improved handling of malformed input files to avoid crashes
and other troublesome behavior
* opusenc: Percent progress is shown while encoding
* opusrtp: New --extract option to extract from input pcap file
* New project files for building with Microsoft Visual Studio
|
| |
|
| |
|
|
|
|
| |
fixes #6672
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
firejail (0.9.44.4) baseline; urgency=low
* security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
* security: disabled --allow-debuggers when running on kernel
versions prior to 4.8; a kernel bug in ptrace system call
allows a full bypass of seccomp filter; problem reported by
Lizzie Dixon (CVE-2017-5206)
* security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
-- netblue30 Sat, 7 Jan 2017 10:00:00 -0500
|
| |
|
|
|
|
|
|
| |
Successful testing over 3 months and 2 version, move to community.
(cherry picked from commit 0b40d7adc34ad5f218876e5496de342698fd3f25)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-9847: Unsafe generation of blowfish secret
CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies
CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte
CVE-2016-9850: Username rule matching issues
CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.
CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities
CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities
CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.
CVE-2016-9861: Bypass white-list protection for URL redirection
CVE-2016-9862: BBCode injection vulnerability
CVE-2016-9863: DOS vulnerability in table partitioning
CVE-2016-9864: Multiple SQL injection vulnerabilities
CVE-2016-9865: Incorrect serialized string parsing
CVE-2016-9866: CSRF token not stripped from the URL
Jumping through 3 versions: 4.6.5, 4.6.5.1, 4.6.5.2
These upgrades does not contain major changes:
https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/
https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/
https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/
|
|
|
|
| |
fixes depends: perl-test-tester ==> perl-test-simple
|
|
|
|
| |
(cherry picked from commit db97c08f4986f5f0dcbefe37251ad9748df81c6e)
|
|
|
|
| |
(cherry picked from commit eeb2c3561a1bf134710c37e737624c76e5057494)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
http://tpaste.us/A9zZ
|
| |
|
| |
|
|
|
|
| |
govender sync didnt have a verbose switch which made abuild process confusingly slow.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|