aboutsummaryrefslogtreecommitdiffstats
path: root/main
Commit message (Collapse)AuthorAgeFilesLines
...
* main/asterisk: security upgrade to 12.8.2Timo Teräs2015-04-091-1/+4
| | | | AST-2015-003: TLS Certificate Common name NULL byte exploit
* main/owncloud: owncloud-external needs php-curlLeonardo Arena2015-04-031-2/+2
|
* main/openssl: fix rpath and turn off ssl compression by defaultTimo Teräs2015-03-287-18/+75
| | | | | | | | System wide mitigation for CVE-2012-4929. While most affected programs turn off compression themselves, this is safer default. (cherry picked from commit 5891af54e70fd91c02e6f8ab9b2059662b0ecfd4) (cherry picked from commit ac5c4e2e3e9221c51dfc317c9a79f9b5f04cb694)
* main/musl: cherry-pick fixes from upstream with security implicationsTimo Teräs2015-03-2320-166/+874
|
* main/openssl: security upgrade to 1.0.1mTimo Teräs2015-03-2022-5593/+1118
| | | | | | | | | CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 all patches refreshed (cherry picked from commit fe6a6566db78dfcc252a6b38d6a54d9d1c1d6aa0)
* main/vlc: security upgrade to 2.1.6Natanael Copa2015-03-181-5/+5
| | | | | | | | | | | fixes #3871 CVE-2014-9625 CVE-2014-9626 CVE-2014-9627 CVE-2014-9628 CVE-2014-9629 CVE-2014-9630
* main/patch: security upgrade to 2.7.5Natanael Copa2015-03-182-185/+7
| | | | | | | | fixes #3891 CVE-2014-9637 CVE-2015-1395 CVE-2015-1396
* main/py-pillow: security upgrade to 2.7.0 (CVE-2014-9601)Natanael Copa2015-03-181-4/+4
| | | | fixes #4008
* main/cups: security fix for CVE-2014-9679Natanael Copa2015-03-182-4/+43
| | | | fixes #3995
* main/xorg-server: fix CVE-2015-0255 and upgrade to 1.15.2Natanael Copa2015-03-182-5/+248
| | | | fixes #4000
* main/sudo: security upgrade to 1.8.12 (CVE-2014-9680)Natanael Copa2015-03-175-41/+41
| | | | | ref #3986 fixes #3989
* main/dbus: security upgrade to 1.8.16 (CVE-2015-0245)Natanael Copa2015-03-171-4/+4
| | | | fixes #3984
* main/socat: security upgrade to 1.7.3.0 (CVE-2015-1379)Natanael Copa2015-03-131-4/+4
| | | | fixes #3881
* main/zabbix: disable update_config_sub in APKBUILDLeonardo Arena2015-03-131-2/+2
|
* main/zabbix: upgrade to 2.2.9Leonardo Arena2015-03-131-4/+4
|
* main/clamav: security upgrade to 0.98.6 (CVE-2014-9328)Natanael Copa2015-03-121-4/+4
| | | | fixes #3898
* main/roundcubemail: security upgrade to 1.0.5 (CVE-2015-1433)Natanael Copa2015-03-111-4/+4
| | | | fixes #3903
* main/vsftpd: security fix for CVE-2015-1419Natanael Copa2015-03-112-1/+102
| | | | fixes #3908
* main/vsftpd: fixes #3494Francesco Colista2015-03-112-3/+6
| | | | (cherry picked from commit 01e6a79f76e616857cb3958221e5110452f81f36)
* main/fcgi: security fix for CVE-2012-6687Natanael Copa2015-03-112-5/+96
| | | | | ref #3971 fixes #3974
* main/e2fsprogs: security upgrade to 1.42.12 (CVE-2015-0247)Natanael Copa2015-03-111-4/+4
| | | | fixes #3945
* main/putty: security upgrade to 0.64 (CVE-2015-2157)Natanael Copa2015-03-111-14/+5
| | | | fixes #3960
* main/openldap: security fix for CVE-2015-1545,CVE-2015-1546Natanael Copa2015-03-103-1/+69
| | | | | | ref #3965 ref #3966 fixes #3969
* main/alpine-mirrors: upgrade to 3.1.2Bartłomiej Piotrowski2015-03-062-9/+24
|
* main/tdb: upgrade to 1.2.13Timo Teräs2015-02-241-5/+5
|
* main/ldb: downgrade to version 1.1.17Timo Teräs2015-02-241-4/+4
| | | | | so tdb upgrade is not required, but one that should be sufficient to build new samba.
* main/ldb: upgrade to 1.1.19Timo Teräs2015-02-241-5/+5
| | | | prerequisite for newer samba
* main/samba: security upgrade to 4.1.17 (CVE-2015-0240)Timo Teräs2015-02-241-4/+4
|
* main/pingu: upgrade to 1.5Natanael Copa2015-02-032-203/+6
| | | | (cherry picked from commit 46f864c5e1dfbd4f02c3b29491d57b3c38b5de43)
* main/grep: security fix for CVE-2015-1345Natanael Copa2015-02-022-6/+143
| | | | | | | | | | ref #3864 fixes #3865 (cherry picked from commit 35e60941855d77260fac5b98ec03ef6c6f6e639a) Conflicts: main/grep/APKBUILD
* main/privoxy: security upgrade to 3.0.23 (CVE-2015-1030, CVE-2015-1031)Natanael Copa2015-02-021-5/+5
| | | | | | | | | fixes #3838 (cherry picked from commit b49992f595070138cedb536b7320199788836015) Conflicts: main/privoxy/APKBUILD
* main/patch: security fix for CVE-2015-119Natanael Copa2015-02-022-3/+192
| | | | | | | ref #3854 fixes #3857 (cherry picked from commit 5ac69ea49d71a514ca0d499827d11c4b5bb05d93)
* main/file: security upgrade to 5.22 ↵Natanael Copa2015-02-021-4/+4
| | | | | | | (CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621) fixes #3807 fixes #3862
* main/libpng: security upgrade to 1.6.16 (CVE-2014-9495,CVE-2015-0973)Natanael Copa2015-02-021-7/+7
| | | | fixes #3851
* main/asterisk: security upgrade to 12.8.1Timo Teräs2015-01-291-10/+7
| | | | | AST-2015-001: File descriptor leak when incompatible codecs are offered (chan_pjsip) AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
* main/aaudit: server side fixes, and improvementsTimo Teräs2015-01-202-17/+31
| | | | (cherry picked from commit f2c45aef4503685588c0e2b673d15511dffe277c)
* main/quassel: security fix for CVE-2014-8483Natanael Copa2015-01-132-1/+62
| | | | fixes #3550
* main/clamav: upgrade to 0.98.5Natanael Copa2015-01-131-5/+5
|
* main/acf-provisioning: upgrade to 0.5.1Ted Trask2015-01-121-4/+4
| | | | (cherry picked from commit cd2af5cd5b0d5277e3de8039504717790fdacc72)
* main/acf-core: upgrade to 0.18.5Ted Trask2015-01-121-4/+4
| | | | (cherry picked from commit 4c28ca7633b3f575b988b376855b61a6969d8983)
* main/acf-awall: upgrade to 0.4.1Ted Trask2015-01-121-4/+4
| | | | (cherry picked from commit 9a9f702581eac59ba5a2ef464e07152cc88d7fd9)
* main/dbus: security upgrade to 1.8.14 (CVE-2014-7824)Natanael Copa2015-01-121-4/+4
| | | | fixes #3655
* main/openssl: security upgrade to 1.0.1kTimo Teräs2015-01-092-29/+19
| | | | | | | | | | | | | | | fixes #3685 CVE-2014-3571 DTLS segmentation fault in dtls1_get_record CVE-2015-0206 DTLS memory leak in dtls1_buffer_record CVE-2014-3569 no-ssl3 configuration sets method to NULL CVE-2014-3572 ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 DH client certificates accepted without verification [Server] CVE-2014-8275 Certificate fingerprints can be modified CVE-2014-3570 Bignum squaring may produce incorrect results (cherry picked from commit 26dd384585d2182a35bd9450091726b6472b3b24)
* main/git: security upgrade to 2.0.5 (CVE-2014-9390)Natanael Copa2014-12-221-4/+4
|
* main/roundcubemail: security upgrade to 1.0.4Leonardo Arena2014-12-191-4/+4
| | | | | | | | | * Security: Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins. * Fix attachments encoded in TNEF containers (from Outlook) * Fix compatibility with PHP 5.2 (cherry picked from commit 63a91b306681a06e40bdf440fef6402f67238a25)
* main/roundcubemail: upgrade to 1.0.3Leonardo Arena2014-12-191-4/+4
| | | | (cherry picked from commit 8518e6ebd46b7e03a7e92cce84852a4fa965db43)
* main/cryptsetup: fix segfault in error reportingNatanael Copa2014-12-182-4/+31
| | | | | | | | | | | | | | Problem is that strerror_r in glibc is non-conformat with POSIX. fixes #3470 reported upstream: https://code.google.com/p/cryptsetup/issues/detail?id=237 (cherry picked from commit d98d14163e40a9bbc90bb7ad84876ec069b94fdd) Conflicts: main/cryptsetup/APKBUILD
* main/zabbix$: security upgrade to 2.2.8Leonardo Arena2014-12-171-5/+5
|
* main/quagga: apply fix to rare bgpd crash during route selectionTimo Teräs2014-12-172-2/+43
| | | | | | patch picked up from Cumulus Network's quagga patch queue (cherry picked from commit 102e9e432d62d3b838b7d08923cbb456cfa1b65c)
* main/asterisk: security upgrade to 12.7.2Timo Teräs2014-12-121-1/+4
| | | | AST-2014-019: Remote Crash Vulnerability in WebSocket Server
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 08:23:07 +0000