5 days ago | Ivan Pavlov | openvpn: update to 2.6.12 - the fix for CVE-2024-5594 (refuse control channel... |
commit | commitdiff | tree |
2024-07-10 | Hirokazu MORIKAWA | node: July 8, 2024 Security Releases CVE-2024-36138 - Bypass incomplete... CVE-2024-22020 - Bypass network import... CVE-2024-22018 - fs.lstat bypasses... CVE-2024-36137 - fs.fchown/fchmod... CVE-2024-37372 - Permission model... |
commit | commitdiff | tree |
2024-07-02 | John Audia | openssh: bump to 9.8p1 * 9.8p1 fixes CVE-2024-6387 |
commit | commitdiff | tree |
2024-06-23 | Daniel Golle | opensc: update to version 0.25.1 * [CVE-2023-5992](https://github.com... * [CVE-2024-1454](https://github.com... |
commit | commitdiff | tree |
2024-06-21 | Ivan Pavlov | openvpn: update to 2.6.11 - CVE-2024-4877: Windows: harden interactive... - CVE-2024-5594: control channel: refuse... - CVE-2024-28882: only call schedule_exit... |
commit | commitdiff | tree |
2024-06-17 | Christian Marangi | uwsgi: bump to latest 2.0.26 release ...handle CL/TE for non-http handlers CVE-2024-24795 (Eric Covener) |
commit | commitdiff | tree |
2024-06-17 | Luiz Angelo Daros... | ruby: update to 3.3.3 - CVE-2024-27282: Arbitrary memory address... - CVE-2024-27281: RCE vulnerability... - CVE-2024-27280: Buffer overread vulnerabili... |
commit | commitdiff | tree |
2024-06-16 | Ryan Keane | unbound: Update to 1.20.0 ...has a fix for the DNSBomb issue CVE-2024-33655. This has a |
commit | commitdiff | tree |
2024-06-08 | Michael Heimpold | php8: update to 8.3.8 - CVE-2024-4577 - CVE-2024-5458 - CVE-2024-5585 |
commit | commitdiff | tree |
2024-05-28 | Jonas Jelonek | croc: update to 10.0.5 breaking changes to fix several CVEs. croc v10.x.x cannot be used... |
commit | commitdiff | tree |
2024-05-22 | Peter van Dijk | dnsdist: update to 1.9.4 fixes CVE-2024-25581 |
commit | commitdiff | tree |
2024-05-02 | Pascal Ernster | gnutls: Update to version 3.8.5 ...important changes are two "medium" CVEs fixed in GnuTLS 3.8.4: - CVE-2024-28834 / GNUTLS-SA-2023-12-04 - CVE-2024-28835 / GNUTLS-SA-2024-01-23 ...SA-2023-12-04, CVSS: medium] [CVE-2024-28834] ...SA-2024-01-23, CVSS: medium] [CVE-2024-28835] |
commit | commitdiff | tree |
2024-04-30 | Peter van Dijk | pdns-recursor: update to 5.0.4, fixes CVE-2024-25583 ...recursor: update to 5.0.4, fixes CVE-2024-25583 |
commit | commitdiff | tree |
2024-04-24 | Hirokazu MORIKAWA | node: bump to v20.12.2 * CVE-2024-27980 - Command injection... |
commit | commitdiff | tree |
2024-04-17 | Michael Heimpold | php8: update to 8.3.6 - CVE-2024-1874 - CVE-2024-2756 - CVE-2024-2757 - CVE-2024-3096 |
commit | commitdiff | tree |
2024-04-13 | Hirokazu MORIKAWA | nghttp2: fix CVE-2024-28182 nghttp2: fix CVE-2024-28182 CVE-2024-28182: Reading unbounded... |
commit | commitdiff | tree |
2024-04-08 | Daniel Golle | exim: update to 4.97.1 ...under the name "smtp smuggling", CVE-2023-51766). CVE-2023-42115 CVE-2023-42116 CVE-2023-42114 CVE-2023-42219 CVE-2023-42115 CVE-2023-42116 CVE-2023-42114 |
commit | commitdiff | tree |
2024-04-07 | Hirokazu MORIKAWA | node: April 3, 2024 Security Releases * CVE-2024-27983 - Assertion failed... * CVE-2024-27982 - HTTP Request Smuggling... |
commit | commitdiff | tree |
2024-03-29 | Petr Štetiar | Revert "tools/xz: update to 5.6.1" (CVE-2024-3094) Revert "tools/xz: update to 5.6.1" (CVE-2024-3094) |
commit | commitdiff | tree |
2024-03-24 | Michal Hrusecky | knot-resolver: Update to version 5.7.1 - Fixes CVE-2023-50868 and CVE-2023-50387 |
commit | commitdiff | tree |
2024-03-24 | krant | giflib: update to 5.2.2 Drop upstreamed CVE patches. |
commit | commitdiff | tree |
2024-03-23 | Ivan Pavlov | openvpn: update to 2.6.10 - CVE-2024-27459: Windows: fix a possible... - CVE-2024-24974: Windows: disallow... - CVE-2024-27903: Windows: disallow... |
commit | commitdiff | tree |
2024-03-20 | Zephyr Lykos | golang: Update to 1.22.1 - CVE-2024-24783: - CVE-2023-45290 - CVE-2023-45289 - CVE-2024-24785 - CVE-2024-24784 |
commit | commitdiff | tree |
2024-02-20 | Hirokazu MORIKAWA | libuv: fix CVE-2024-24806 libuv: fix CVE-2024-24806 CVE-2024-24806 : Improper Domain Lookup... * CVE-2024-24806 / GHSA-f74f-cvh7-c6q6... |
commit | commitdiff | tree |
2024-02-18 | S. Brusch | unbound: update to latest upstream release version... Fixes: CVE-2023-50387, CVE-2023-50868 |
commit | commitdiff | tree |
2024-02-16 | Noah Meyerhans | bind: bump to 9.18.24 Fixes CVEs: - CVE-2023-50387: Validating DNS messages... - CVE-2023-50868: Preparing an NSEC3... - CVE-2023-4408: Parsing DNS messages... - CVE-2023-5517: Specific queries could... - CVE-2023-5679: A bad interaction between... |
commit | commitdiff | tree |
2024-02-16 | Hirokazu MORIKAWA | node: February 14 2024 Security Releases * CVE-2024-21892 - Code injection and... * CVE-2024-22019 - http: Reading unprocessed... * CVE-2024-21896 - Path traversal by... * CVE-2024-22017 - setuid() does not... * CVE-2023-46809 - Node.js is vulnerable... * CVE-2024-21891 - Multiple permission... * CVE-2024-21890 - Improper handling... * CVE-2024-22025 - Denial of Service... |
commit | commitdiff | tree |
2024-02-15 | Peter van Dijk | pdns-recursor: update to 5.0.2 (fixes CVE-2023-50387... ...recursor: update to 5.0.2 (fixes CVE-2023-50387, CVE-2023-50868) |
commit | commitdiff | tree |
2024-02-14 | Rosen Penev | python-aiohttp: update to 3.9.3 Fixes CVE-2023-47627 |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | redis: update to 6.2.14 Fixes CVE-2022-24735 and CVE-2022-24736 |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | zlog: update to 1.2.17 Fixes CVE-2021-43521 |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | libmicrohttpd: update to 0.9.77 Fixes CVE-2023-27371 |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | libao: backport fix for CVE-2017-11548 libao: backport fix for CVE-2017-11548 |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | yajl: backport CVE-2023-33460 fix yajl: backport CVE-2023-33460 fix |
commit | commitdiff | tree |
2024-02-12 | Rosen Penev | postgesql: update to 15.6 Fixes CVE-2023-39417 and CVE-2023-39418 |
commit | commitdiff | tree |
2024-02-11 | Alexandru Ardelean | Merge pull request #23354 from neheb/2 tcpreplay: backport CVE fix |
commit | commitdiff | tree |
2024-02-11 | Rosen Penev | confuse: fix CVE-2022-40320 confuse: fix CVE-2022-40320 |
commit | commitdiff | tree |
2024-02-11 | Rosen Penev | giflib: fix CVEs giflib: fix CVEs |
commit | commitdiff | tree |
2024-02-11 | Rosen Penev | avahi: backport CVE fixes from upstream avahi: backport CVE fixes from upstream |
commit | commitdiff | tree |
2024-02-11 | Rosen Penev | libvpx: update to 1.14.0 Fixes CVE-2023-5217 |
commit | commitdiff | tree |
2024-02-11 | Rosen Penev | libssh2: update to 1.11.0 Fixes CVE-2020-22218 |
commit | commitdiff | tree |
2024-02-10 | Rosen Penev | tcpreplay: backport CVE fix tcpreplay: backport CVE fix |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | lang/python/python-yaml: fix PKG_CPE_ID There is not a single CVE linked to pyyaml_project:pyyaml... |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | utils/ntfs-3g: fix PKG_CPE_ID has the latest CVEs (whereas ntfs-3g:ntfs-3g only... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | utils/gpsd: fix PKG_CPE_ID ID has the latest CVEs (whereas berlios:gps_daemon only... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | lang/python/python-pip: fix PKG_CPE_ID There is not a single CVE linked to python:pip so use pypa... |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | net/nbd: fix PKG_CPE_ID There is not a single CVE linked to network_block_device... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | multimedia/motion: fix PKG_CPE_ID ID has the latest CVE (whereas lavrsen:motion only a... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | net/miniupnpc: fix PKG_CPE_ID ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | libs/libidn2: fix PKG_CPE_ID There is not a single CVE linked to libidn2_project:libidn2... ...(treewide: add PKG_CPE_ID for cvescanner) |
commit | commitdiff | tree |
2024-02-05 | Fabrice Fontaine | libs/expat: fix PKG_CPE_ID There is not a single CVE linked to libexpat:expat so use |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | utils/lrzsz: fix PKG_CPE_ID ...update to v0.12.21rc and fix a CVE) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | utils/zsh: fix PKG_CPE_ID latest CVEs (whereas zsh_project:zsh only... |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | utils/tmux: fix PKG_CPE_ID CPE ID has the latest CVE (whereas nicholas_marriott:tmux... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | net/tinyproxy: fix PKG_CPE_ID this CPE ID has the latest CVEs (whereas banu:tinyproxy only... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | net/tinc: fix PKG_CPE_ID latest CVEs (whereas tinc:tinc only has CVEs... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | net/vsftpd: fix PKG_CPE_ID ID has the latest CVEs (whereas beasts:vsftpd only has... |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | libs/redis: fix PKG_CPE_ID There is not a single CVE linked to pivotal_software:redis... ...(treewide: add PKG_CPE_ID for cvescanner) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | lang/python/python-requests: fix PKG_CPE_ID There is not a single CVE linked to python-requests:requests... ...(treewide: add PKG_CPE_ID for cvescanner) |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | lang/python/python-urllib3: fix PKG_CPE_ID There is not a single CVE linked to urllib3_project:urllib3... |
commit | commitdiff | tree |
2024-02-04 | Fabrice Fontaine | lang/python/python-aiohttp: fix PKG_CPE_ID CPE ID has the latest CVEs (whereas aio-libs_project:aiohttp... one CVE from 2018): |
commit | commitdiff | tree |
2024-02-02 | Fabrice Fontaine | utils/squashfs-tools: fix PKG_CPE_ID There is not a single CVE linked to phillip_lougher:squashfs... ...treewide: add PKG_CPE_ID for better cvescanner coverage) |
commit | commitdiff | tree |
2024-02-02 | Fabrice Fontaine | admin/sudo: fix PKG_CPE_ID ID has the latest CVEs (whereas todd_miller:sudo only... |
commit | commitdiff | tree |
2024-02-02 | Fabrice Fontaine | libs/vips: fix PKG_CPE_ID latest CVEs (whereas vips only has an old... |
commit | commitdiff | tree |
2024-02-02 | Fabrice Fontaine | net/krb5: fix PKG_CPE_ID the latest CVEs (whereas mit:kerberos only has... |
commit | commitdiff | tree |
2024-02-01 | Fabrice Fontaine | libs/libpam: fix PKG_CPE_ID ID has the latest CVEs (whereas kernel:linux-pam only... SUSE-specific CVE): |
commit | commitdiff | tree |
2024-01-29 | Fabrice Fontaine | libs/freetype: fix PKG_CPE_ID There is not a single CVE under cpe:/a:freetype:freetype2 |
commit | commitdiff | tree |
2024-01-25 | Fabrice Fontaine | net/tcpreplay: fix PKG_CPE_ID There is not a single CVE under cpe:/a:appneta:tcpreplay |
commit | commitdiff | tree |
2024-01-24 | Fabrice Fontaine | libs/apr: fix PKG_CPE_ID There is not a single CVE under cpe:/a:apache:apr |
commit | commitdiff | tree |
2024-01-24 | Fabrice Fontaine | libs/libvpx: fix PKG_CPE_ID There is not a single CVEs under cpe:/a:john_koleszar:libvpx |
commit | commitdiff | tree |
2023-12-20 | Daniel Golle | opensc: update to version 0.24.0 Brings security fixes for CVE-2023-40660, CVE-2023-40661 and CVE-2023-4535. |
commit | commitdiff | tree |
2023-12-11 | Jeffery To | golang: Update to 1.21.5 Includes fix for CVE-2023-39326 (net/http: limit chunked... |
commit | commitdiff | tree |
2023-12-07 | Jeffery To | python-cryptography: Update to 41.0.7 41.0.6 included a fix for CVE-2023-49083 (loading certificates... |
commit | commitdiff | tree |
2023-11-19 | Ivan Pavlov | openvpn: update to 2.6.8 CVE-2023-46850 OpenVPN versions between... CVE-2023-46849 OpenVPN versions between... |
commit | commitdiff | tree |
2023-11-13 | Jeffery To | golang: Update to 1.21.4 Includes fixes for CVE-2023-45283 and CVE-2023-45284... |
commit | commitdiff | tree |
2023-10-24 | Daniel Golle | exim: update to version 4.96.2 ...Neutralization of Special Elements (CVE-2023-42117) - dnsdb Out-Of-Bounds Read (CVE-2023-42119) |
commit | commitdiff | tree |
2023-10-17 | Hirokazu MORIKAWA | node: Friday October 13 2023 Security Releases The following CVEs are fixed in this release: * CVE-2023-44487: nghttp2 Security Release... * CVE-2023-45143: undici Security Release... * CVE-2023-38552: Integrity checks according... * CVE-2023-39333: Code injection via... |
commit | commitdiff | tree |
2023-10-16 | Michal Hrusecky | samba4: Update to version 4.18.8 Mainly security release, fixing CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and... |
commit | commitdiff | tree |
2023-10-15 | Jeffery To | golang: Update to 1.21.3 Includes fix for CVE-2023-39325 (net/http, x/net/http2... |
commit | commitdiff | tree |
2023-10-15 | Hirokazu MORIKAWA | nghttp2: fix CVE-2023-44487 nghttp2: fix CVE-2023-44487 CVE-2023-44487 : HTTP/2 Rapid Reset |
commit | commitdiff | tree |
2023-10-14 | Peter van Dijk | h2o: ABI-breaking patch for CVE-2023-44487 h2o: ABI-breaking patch for CVE-2023-44487 |
commit | commitdiff | tree |
2023-10-11 | Michal Hrusecky | curl: Update to version 8.4.0 Fixes CVE-2023-38546 and CVE-2023-38545. |
commit | commitdiff | tree |
2023-10-08 | Daniel Golle | exim: update to version 4.96.1 CVE-2023-42115 CVE-2023-42116 CVE-2023-42114 |
commit | commitdiff | tree |
2023-10-07 | Luiz Angelo Daros... | libvpx: update to 1.13.1 - https://crbug.com/1486441 (CVE-2023-5217) ...with smaller width bigger size (CVE-2023-44488) |
commit | commitdiff | tree |
2023-10-07 | Jeffery To | golang: Update to 1.21.2 Includes fix for CVE-2023-39323 (cmd/go: line directives... |
commit | commitdiff | tree |
2023-10-03 | Josef Schlehofer | prometheus-node-exporter-lua: drop bmx6 package ...app was vulnerable to several CVEs, as found by dependabot. It has... |
commit | commitdiff | tree |
2023-09-27 | Noah Meyerhans | bind: bump to 9.18.19 Fixes CVEs: CVE-2023-3341 - Previously, sending... CVE-2023-4236 - A flaw in the networking... |
commit | commitdiff | tree |
2023-09-27 | Alexandru Ardelean | libwebp: bump to version 1.3.2 ...lossless decoder (chromium: #1479274, CVE-2023-4863) |
commit | commitdiff | tree |
2023-09-17 | Josef Schlehofer | ffmpeg: update to version 5.1.3 Fixes CVEs: CVE-2022-3964 [1] CVE-2022-3965 [2] [1] https://nvd.nist.gov/vuln/detail/CVE-2022-3964 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-3965 |
commit | commitdiff | tree |
2023-09-16 | Josef Schlehofer | curl: update to version 8.3.0 CVE-2023-38039 [1] [1] https://curl.se/docs/CVE-2023-38039.html |
commit | commitdiff | tree |
2023-09-10 | Jeffery To | golang: Update to 1.21.1 * CVE-2023-39318: html/template: improper... * CVE-2023-39319: html/template: improper... * CVE-2023-39320: cmd/go: go.mod toolchain... * CVE-2023-39321 and CVE-2023-39322... |
commit | commitdiff | tree |
2023-09-08 | Jeffery To | python3: Update to 3.11.5, refresh patches Includes fix for CVE-2023-40217 (Bypass TLS handshake... |
commit | commitdiff | tree |
2023-09-01 | Lucian Cristian | libreswan: update to 4.12 fix CVE-2023-38710, CVE-2023-38711, CVE... |
commit | commitdiff | tree |
2023-08-23 | Karl Palsson | net/mosquitto: bump to 2.0.17 - CVE-2023-28366: Fix memory leak in... - CVE-2023-0809: Fix excessive memory... - CVE-2023-3592: Fix memory leak when... |
commit | commitdiff | tree |
2023-08-21 | Michael Heimpold | php8: update to 8.2.9 - CVE-2023-3824 |
commit | commitdiff | tree |
2023-08-10 | Hirokazu MORIKAWA | node: August 2023 Security Releases The following CVEs are fixed in this release: * CVE-2023-32002: Policies can be bypassed... * CVE-2023-32006: Policies can be bypassed... * CVE-2023-32559: Policies can be bypassed... |
commit | commitdiff | tree |
2023-08-06 | Tianling Shen | rust: Update to 1.71.1 - Fix CVE-2023-38497: Cargo did not respect... |
commit | commitdiff | tree |
2023-08-06 | Jeffery To | golang: Update to 1.20.7 Includes fix for CVE-2023-29409 (crypto/tls: verifying... |
commit | commitdiff | tree |
2023-08-05 | Daniel Golle | postgresql: update to version 15.3 * CVE-2023-2454 * CVE-2023-2455 |
commit | commitdiff | tree |
2023-07-17 | Jeffery To | golang: Update to 1.20.6 Includes fix for CVE-2023-29406 (net/http: insufficient... |
commit | commitdiff | tree |
next |