aboutsummaryrefslogtreecommitdiffstats
path: root/main
Commit message (Collapse)AuthorAgeFilesLines
...
* main/nodejs: add secfix comment for CVE-2016-5129 and CVE-2016-5180Natanael Copa2018-02-231-1/+5
| | | | | | | | CVE-2016-5129 was fixed with: https://github.com/nodejs/node/commit/e71129ebbc115f86f518ff71f3b35b5d88923d81#diff-a416e90888b99aad5d014b86a1ad585d CVE-2016-5180 was fixed with: https://github.com/nodejs/node/commit/23a851dfe61ceb5859779df12c5dfb8da3a7a0c0#diff-e37d7b61b3e6004aa59373f7cb76e40b
* main/sqlite: security fix for CVE-2017-15286Natanael Copa2018-02-222-1/+22
| | | | fixes #8545
* main/python2: security upgrade to 2.7.14 (CVE-2017-1000158)Natanael Copa2018-02-221-9/+9
| | | | fixes #8541
* main/xen: XSA-254 XPTIHenrik Riomar2018-02-215-1/+1382
| | | | | | Add Xen page-table isolation (XPTI) for XEN 4.8.2 More info: http://xenbits.xen.org/xsa/xsa254/README.pti
* main/libraw: security upgrade to 0.18.6 (CVE-2017-16910)Natanael Copa2018-02-203-184/+3
| | | | fixes #8340
* main/quagga: upgrade to 1.2.4Timo Teräs2018-02-201-2/+2
| | | | (cherry picked from commit cacf8c7b23a8bca8e1ae7bf9b8f4ee3c29fdd06d)
* main/libxcursor: security upgrade to 1.1.15 (CVE-2017-16612)Natanael Copa2018-02-201-5/+7
| | | | fixes #8228
* main/irssi: security upgrade to 1.0.6Leonardo Arena2018-02-191-2/+17
| | | | | | | CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054 Fixes #8502
* main/quagga: security upgrade to 1.2.3Timo Teräs2018-02-161-2/+2
| | | | (cherry picked from commit 0ebf73b2c2c90ac66f1619b6104435d7ea730a3a)
* main/postgresql: security upgrade to 9.6.7Jakub Jirutka2018-02-092-3/+21
| | | | | | | | | | | This upgrade contains one incompatible change in contrib/cube (packaged in -contrib subpackage). Explanation from https://www.postgresql.org/docs/10/static/release-9-6-7.html: > This is an incompatible change, but since the point of the operator > was to be used in KNN searches, it seems rather useless as-is. After > installing this update, any expression indexes or materialized views > using this operator will need to be reindexed/refreshed.
* main/tiff: security fix CVE-2017-18013Leonardo Arena2018-02-082-2/+40
| | | | Fixes #8462
* main/bind: security upgrade to 9.11.2-P1 (CVE-2017-3145)Leonardo Arena2018-02-081-3/+5
| | | | Fixes #8418
* main/curl: security upgrade to 7.58.0Leonardo Arena2018-02-081-4/+5
| | | | | | CVE-2018-1000005, CVE-2018-1000007 Fixes #8440
* main/mkinitfs: skip apk hooksHenrik Riomar2018-01-312-3/+35
| | | | | | Skip pre/post apk hooks on diskless initramfs installation. (cherry picked from commit 8c9aa20b2f1445d63a2923145fffca1b40f1470a)
* main/py-django-sorl-thumbnail: upgrade to 12.4.1Kaarle Ritvanen2018-01-301-4/+2
|
* main/libxml2: security upgrade to 2.9.5 (CVE-2017-16931)Leonardo Arena2018-01-234-449/+6
| | | | Fixes #8397
* main/ncurses: security upgrade to 6.0-20171125 (CVE-2017-16879)Leonardo Arena2018-01-231-14/+15
| | | | Fixes #8393
* main/apk-tools: upgrade to 2.7.5Timo Teräs2018-01-091-2/+2
|
* main/asterisk: upgrade to 14.7.5Timo Teräs2018-01-083-329/+90
| | | | | | | | | | | fixes #8354 AST-2017-009 Buffer overflow in pjproject header parsing can cause crash AST-2017-010 Buffer overflow in CDR's set user AST-2017-011 Memory leak in pjsip session resource AST-2017-012 Remote Crash Vulnerability in RTCP Stack AST-2017-013 DOS Vulnerability in Asterisk chan_skinny AST-2017-014 Crash in PJSIP resource when missing a contact header
* main/awstats: security fix (CVE-2017-1000501)Leonardo Arena2018-01-053-6/+149
| | | | Fixes #8373
* main/wget: security upgrade to 1.19.2 (CVE-2017-13089, CVE-2017-13090)Leonardo Arena2018-01-052-33/+8
| | | | Fixes #8074
* main/collectd: adjust security info tagLeonardo Arena2018-01-051-1/+1
|
* main/collectd: security fixes (CVE-2017-7401, CVE-2017-16820)Leonardo Arena2018-01-053-12/+120
| | | | Fixes #8170
* main/libxfont: security fix (CVE-2017-16611)Leonardo Arena2018-01-052-6/+113
| | | | Fixes #8224
* main/xen: security fixesLeonardo Arena2018-01-0524-2/+1902
| | | | | | | CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15593, CVE-2017-15592, CVE-2017-15594, CVE-2017-15595, CVE-2017-15596, CVE-2017-15597, CVE-2017-17046 Fixes #8062
* main/xen: security fixes (CVE-2017-17044, CVE-2017-17045)Leonardo Arena2017-12-294-1/+369
| | | | Fixes #8220
* main/openssh: security fix (CVE-2017-15906)Leonardo Arena2017-12-292-3/+38
| | | | Fixes #8283
* main/heimdal: security fix (CVE-2017-17439)Leonardo Arena2017-12-292-2/+52
| | | | Fixes #8293
* main/rsync: security fixesLeonardo Arena2017-12-295-2/+149
| | | | | | CVE-2017-16548, CVE-2017-17433, CVE-2017-17434 Fixes #8319
* main/gd: security upgrade to 2.2.5 (CVE-2017-6362, CVE-2017-7890)Leonardo Arena2017-12-281-3/+8
| | | | Fixes #8329
* main/ruby: security upgrade to 2.4.3Jakub Jirutka2017-12-151-2/+4
| | | | See: https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/
* main/openssl: security upgrade to 1.0.2nColin Williams2017-12-151-2/+5
| | | | | | | | | fixes #8275 CVE-2017-3737 CVE-2017-3738 (cherry picked from commit d2d350f8a099c9ed303f00888e05626662e5c7f6)
* main/bacula: fix rundirLeonardo Arena2017-12-084-5/+17
|
* main/redis: upgrade to 3.2.11Jakub Jirutka2017-12-071-2/+2
|
* main/samba: security upgrade to 4.6.11 (CVE-2017-14746,CVE-2017-15275)Natanael Copa2017-12-071-2/+2
| | | | fixes #8182
* main/tevent: upgrade to 0.9.34Natanael Copa2017-12-071-4/+2
|
* main/talloc: upgrade to 2.1.10Natanael Copa2017-12-071-2/+2
|
* main/ffmpeg: ssecurity upgrade to 3.2.9Natanael Copa2017-12-071-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes #8206 3.2.9-r0: - CVE-2017-15186 3.2.8-r0: - CVE-2017-14054 - CVE-2017-14055 - CVE-2017-14056 - CVE-2017-14057 - CVE-2017-14058 - CVE-2017-14059 - CVE-2017-14169 - CVE-2017-14170 - CVE-2017-14171 - CVE-2017-14222 - CVE-2017-14223 - CVE-2017-14225 - CVE-2017-14767 3.2.7-r0: - CVE-2017-11399 - CVE-2017-11665 - CVE-2017-11665 - CVE-2017-11719 3.2.6-r0: - CVE-2017-9608 - CVE-2017-9993 3.2.5-r0: - CVE-2017-9991 - CVE-2017-9992 - CVE-2017-9994 - CVE-2017-9996 3.2.4-r0: - CVE-2017-5024 - CVE-2017-5025
* main/curl: security upgrade to 7.57.0Natanael Copa2017-12-071-2/+6
| | | | | | | | CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 fixes #8213
* main/pcre: add secfixes comment for CVE-2017-16231Natanael Copa2017-12-041-0/+1
| | | | | | | | We are not affected by CVE-2017-16231 due to our build with --with-match-limit-recursion=8192. We had this option since first commit, version 7.8, and were never affected. fixes #8140
* main/nginx: fix upgrade from version < 1.12.0-r1Jakub Jirutka2017-11-242-2/+29
| | | | Fixes http://bugs.alpinelinux.org/issues/8057
* main/libvorbis: fix for CVE-2017-14160Natanael Copa2017-11-232-12/+70
| | | | | | upstream issue: https://gitlab.xiph.org/xiph/vorbis/issues/2330 fixes #7938
* main/quagga: security upgrade to 1.2.2 (CVE-2017-16227)Natanael Copa2017-11-231-3/+5
| | | | fixes #8083
* main/openvpn: security upgrade to 2.4.4 (CVE-2017-12166)Natanael Copa2017-11-231-2/+2
| | | | fixes #8126
* main/busybox: secfixes for CVE-2017-15873,CVE-2017-16544Natanael Copa2017-11-233-1/+261
| | | | fixes #8188
* main/tiff: security upgrade to 4.0.9 (CVE-2017-16231,CVE-2017-16232)Natanael Copa2017-11-2319-1184/+5
| | | | fixes #8146
* main/postgresql: upgrade to 9.6.6 (security fixes)Jakub Jirutka2017-11-211-2/+5
| | | | | | | | Fixes: CVE-2017-15098, CVE-2017-15099 Release Notes: https://www.postgresql.org/about/news/1801/ PostgreSQL on Alpine has never been affected by CVE-2017-12172.
* main/varnish: security upgrade to 4.1.9 (CVE-2017-8807)Natanael Copa2017-11-213-154/+17
| | | | fixes #8165
* main/libvirt: security fix (CVE 2017-1000256). Fixes #8158Francesco Colista2017-11-212-2/+48
|
* main/openssl: security upgrade to 1.0.2mAndy Postnikov2017-11-091-2/+5
| | | | | | | | | CVE-2017-3735 CVE-2017-3736 fixes #8114 (cherry picked from commit c57b41c34309ede6b832e2edc306f6ab14a5d78c)
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 23:57:19 +0000