projects / feed / packages.git / search
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
rust: update to 1.80.0
5 days ago Ivan Pavlovopenvpn: update to 2.6.12
 - the fix for CVE-2024-5594 (refuse control channel...
commit | commitdiff | tree
2024-07-10 Hirokazu MORIKAWAnode: July 8, 2024 Security Releases
 CVE-2024-36138 - Bypass incomplete...
CVE-2024-22020 - Bypass network import...
CVE-2024-22018 - fs.lstat bypasses...
CVE-2024-36137 - fs.fchown/fchmod...
CVE-2024-37372 - Permission model...
commit | commitdiff | tree
2024-07-02 John Audiaopenssh: bump to 9.8p1
* 9.8p1 fixes CVE-2024-6387
 commit | commitdiff | tree
2024-06-23 Daniel Golleopensc: update to version 0.25.1
* [CVE-2023-5992](https://github.com...
* [CVE-2024-1454](https://github.com...
commit | commitdiff | tree
2024-06-21 Ivan Pavlovopenvpn: update to 2.6.11
 - CVE-2024-4877: Windows: harden interactive...
- CVE-2024-5594: control channel: refuse...
- CVE-2024-28882: only call schedule_exit...
commit | commitdiff | tree
2024-06-17 Christian Marangiuwsgi: bump to latest 2.0.26 release
 ...handle CL/TE for non-http handlers CVE-2024-24795 (Eric Covener)
 commit | commitdiff | tree
2024-06-17 Luiz Angelo Daros... ruby: update to 3.3.3
- CVE-2024-27282: Arbitrary memory address...
- CVE-2024-27281: RCE vulnerability...
- CVE-2024-27280: Buffer overread vulnerabili...
commit | commitdiff | tree
2024-06-16 Ryan Keaneunbound: Update to 1.20.0
 ...has a fix for the DNSBomb issue CVE-2024-33655. This has a
 commit | commitdiff | tree
2024-06-08 Michael Heimpoldphp8: update to 8.3.8
 - CVE-2024-4577
- CVE-2024-5458
- CVE-2024-5585
 commit | commitdiff | tree
2024-05-28 Jonas Jelonekcroc: update to 10.0.5
breaking changes to fix several CVEs. croc v10.x.x cannot be used...
commit | commitdiff | tree
2024-05-22 Peter van Dijkdnsdist: update to 1.9.4
fixes CVE-2024-25581
 commit | commitdiff | tree
2024-05-02 Pascal Ernstergnutls: Update to version 3.8.5
 ...important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
...SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
...SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
 commit | commitdiff | tree
2024-04-30 Peter van Dijkpdns-recursor: update to 5.0.4, fixes CVE-2024-25583
 ...recursor: update to 5.0.4, fixes CVE-2024-25583
 commit | commitdiff | tree
2024-04-24 Hirokazu MORIKAWAnode: bump to v20.12.2
* CVE-2024-27980 - Command injection...
commit | commitdiff | tree
2024-04-17 Michael Heimpoldphp8: update to 8.3.6
 - CVE-2024-1874
- CVE-2024-2756
- CVE-2024-2757
- CVE-2024-3096
 commit | commitdiff | tree
2024-04-13 Hirokazu MORIKAWAnghttp2: fix CVE-2024-28182
nghttp2: fix CVE-2024-28182
CVE-2024-28182: Reading unbounded...
commit | commitdiff | tree
2024-04-08 Daniel Golleexim: update to 4.97.1
 ...under the name "smtp smuggling", CVE-2023-51766).
CVE-2023-42115
CVE-2023-42116
CVE-2023-42114
CVE-2023-42219
CVE-2023-42115
CVE-2023-42116
CVE-2023-42114
 commit | commitdiff | tree
2024-04-07 Hirokazu MORIKAWAnode: April 3, 2024 Security Releases
* CVE-2024-27983 - Assertion failed...
* CVE-2024-27982 - HTTP Request Smuggling...
commit | commitdiff | tree
2024-03-29 Petr ŠtetiarRevert "tools/xz: update to 5.6.1" (CVE-2024-3094)
Revert "tools/xz: update to 5.6.1" (CVE-2024-3094)
 commit | commitdiff | tree
2024-03-24 Michal Hruseckyknot-resolver: Update to version 5.7.1
- Fixes CVE-2023-50868 and CVE-2023-50387
 commit | commitdiff | tree
2024-03-24 krantgiflib: update to 5.2.2
Drop upstreamed CVE patches.
 commit | commitdiff | tree
2024-03-23 Ivan Pavlovopenvpn: update to 2.6.10
- CVE-2024-27459: Windows: fix a possible...
- CVE-2024-24974: Windows: disallow...
- CVE-2024-27903: Windows: disallow...
commit | commitdiff | tree
2024-03-20 Zephyr Lykosgolang: Update to 1.22.1
- CVE-2024-24783:
- CVE-2023-45290
- CVE-2023-45289
- CVE-2024-24785
- CVE-2024-24784
 commit | commitdiff | tree
2024-02-20 Hirokazu MORIKAWAlibuv: fix CVE-2024-24806
libuv: fix CVE-2024-24806
CVE-2024-24806 : Improper Domain Lookup...
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6...
commit | commitdiff | tree
2024-02-18 S. Bruschunbound: update to latest upstream release version...
Fixes: CVE-2023-50387, CVE-2023-50868
 commit | commitdiff | tree
2024-02-16 Noah Meyerhansbind: bump to 9.18.24
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages...
- CVE-2023-50868: Preparing an NSEC3...
- CVE-2023-4408: Parsing DNS messages...
- CVE-2023-5517: Specific queries could...
- CVE-2023-5679: A bad interaction between...
commit | commitdiff | tree
2024-02-16 Hirokazu MORIKAWAnode: February 14 2024 Security Releases
* CVE-2024-21892 - Code injection and...
* CVE-2024-22019 - http: Reading unprocessed...
* CVE-2024-21896 - Path traversal by...
* CVE-2024-22017 - setuid() does not...
* CVE-2023-46809 - Node.js is vulnerable...
* CVE-2024-21891 - Multiple permission...
* CVE-2024-21890 - Improper handling...
* CVE-2024-22025 - Denial of Service...
commit | commitdiff | tree
2024-02-15 Peter van Dijkpdns-recursor: update to 5.0.2 (fixes CVE-2023-50387...
...recursor: update to 5.0.2 (fixes CVE-2023-50387, CVE-2023-50868)
 commit | commitdiff | tree
2024-02-14 Rosen Penevpython-aiohttp: update to 3.9.3
Fixes CVE-2023-47627
 commit | commitdiff | tree
2024-02-12 Rosen Penevredis: update to 6.2.14
Fixes CVE-2022-24735 and CVE-2022-24736
 commit | commitdiff | tree
2024-02-12 Rosen Penevzlog: update to 1.2.17
Fixes CVE-2021-43521
 commit | commitdiff | tree
2024-02-12 Rosen Penevlibmicrohttpd: update to 0.9.77
Fixes CVE-2023-27371
 commit | commitdiff | tree
2024-02-12 Rosen Penevlibao: backport fix for CVE-2017-11548
libao: backport fix for CVE-2017-11548
 commit | commitdiff | tree
2024-02-12 Rosen Penevyajl: backport CVE-2023-33460 fix
yajl: backport CVE-2023-33460 fix
 commit | commitdiff | tree
2024-02-12 Rosen Penevpostgesql: update to 15.6
Fixes CVE-2023-39417 and CVE-2023-39418
 commit | commitdiff | tree
2024-02-11 Alexandru ArdeleanMerge pull request #23354 from neheb/2
tcpreplay: backport CVE fix
 commit | commitdiff | tree
2024-02-11 Rosen Penevconfuse: fix CVE-2022-40320
confuse: fix CVE-2022-40320
 commit | commitdiff | tree
2024-02-11 Rosen Penevgiflib: fix CVEs
giflib: fix CVEs
 commit | commitdiff | tree
2024-02-11 Rosen Penevavahi: backport CVE fixes from upstream
avahi: backport CVE fixes from upstream
 commit | commitdiff | tree
2024-02-11 Rosen Penevlibvpx: update to 1.14.0
Fixes CVE-2023-5217
 commit | commitdiff | tree
2024-02-11 Rosen Penevlibssh2: update to 1.11.0
Fixes CVE-2020-22218
 commit | commitdiff | tree
2024-02-10 Rosen Penevtcpreplay: backport CVE fix
tcpreplay: backport CVE fix
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainelang/python/python-yaml: fix PKG_CPE_ID
There is not a single CVE linked to pyyaml_project:pyyaml...
commit | commitdiff | tree
2024-02-05 Fabrice Fontaineutils/ntfs-3g: fix PKG_CPE_ID
has the latest CVEs (whereas ntfs-3g:ntfs-3g only...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontaineutils/gpsd: fix PKG_CPE_ID
ID has the latest CVEs (whereas berlios:gps_daemon only...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainelang/python/python-pip: fix PKG_CPE_ID
There is not a single CVE linked to python:pip so use pypa...
commit | commitdiff | tree
2024-02-05 Fabrice Fontainenet/nbd: fix PKG_CPE_ID
There is not a single CVE linked to network_block_device...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainemultimedia/motion: fix PKG_CPE_ID
ID has the latest CVE (whereas lavrsen:motion only a...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainenet/miniupnpc: fix PKG_CPE_ID
 ...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainelibs/libidn2: fix PKG_CPE_ID
There is not a single CVE linked to libidn2_project:libidn2...
...(treewide: add PKG_CPE_ID for cvescanner)
 commit | commitdiff | tree
2024-02-05 Fabrice Fontainelibs/expat: fix PKG_CPE_ID
There is not a single CVE linked to libexpat:expat so use
 commit | commitdiff | tree
2024-02-04 Fabrice Fontaineutils/lrzsz: fix PKG_CPE_ID
 ...update to v0.12.21rc and fix a CVE)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontaineutils/zsh: fix PKG_CPE_ID
latest CVEs (whereas zsh_project:zsh only...
commit | commitdiff | tree
2024-02-04 Fabrice Fontaineutils/tmux: fix PKG_CPE_ID
CPE ID has the latest CVE (whereas nicholas_marriott:tmux...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontainenet/tinyproxy: fix PKG_CPE_ID
this CPE ID has the latest CVEs (whereas banu:tinyproxy only...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontainenet/tinc: fix PKG_CPE_ID
latest CVEs (whereas tinc:tinc only has CVEs...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontainenet/vsftpd: fix PKG_CPE_ID
ID has the latest CVEs (whereas beasts:vsftpd only has...
commit | commitdiff | tree
2024-02-04 Fabrice Fontainelibs/redis: fix PKG_CPE_ID
There is not a single CVE linked to pivotal_software:redis...
...(treewide: add PKG_CPE_ID for cvescanner)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontainelang/python/python-requests: fix PKG_CPE_ID
There is not a single CVE linked to python-requests:requests...
...(treewide: add PKG_CPE_ID for cvescanner)
 commit | commitdiff | tree
2024-02-04 Fabrice Fontainelang/python/python-urllib3: fix PKG_CPE_ID
There is not a single CVE linked to urllib3_project:urllib3...
commit | commitdiff | tree
2024-02-04 Fabrice Fontainelang/python/python-aiohttp: fix PKG_CPE_ID
CPE ID has the latest CVEs (whereas aio-libs_project:aiohttp...
one CVE from 2018):
 commit | commitdiff | tree
2024-02-02 Fabrice Fontaineutils/squashfs-tools: fix PKG_CPE_ID
There is not a single CVE linked to phillip_lougher:squashfs...
...treewide: add PKG_CPE_ID for better cvescanner coverage)
 commit | commitdiff | tree
2024-02-02 Fabrice Fontaineadmin/sudo: fix PKG_CPE_ID
ID has the latest CVEs (whereas todd_miller:sudo only...
commit | commitdiff | tree
2024-02-02 Fabrice Fontainelibs/vips: fix PKG_CPE_ID
latest CVEs (whereas vips only has an old...
commit | commitdiff | tree
2024-02-02 Fabrice Fontainenet/krb5: fix PKG_CPE_ID
the latest CVEs (whereas mit:kerberos only has...
commit | commitdiff | tree
2024-02-01 Fabrice Fontainelibs/libpam: fix PKG_CPE_ID
ID has the latest CVEs (whereas kernel:linux-pam only...
SUSE-specific CVE):
 commit | commitdiff | tree
2024-01-29 Fabrice Fontainelibs/freetype: fix PKG_CPE_ID
There is not a single CVE under cpe:/a:freetype:freetype2
 commit | commitdiff | tree
2024-01-25 Fabrice Fontainenet/tcpreplay: fix PKG_CPE_ID
There is not a single CVE under cpe:/a:appneta:tcpreplay
 commit | commitdiff | tree
2024-01-24 Fabrice Fontainelibs/apr: fix PKG_CPE_ID
There is not a single CVE under cpe:/a:apache:apr
 commit | commitdiff | tree
2024-01-24 Fabrice Fontainelibs/libvpx: fix PKG_CPE_ID
There is not a single CVEs under cpe:/a:john_koleszar:libvpx
 commit | commitdiff | tree
2023-12-20 Daniel Golleopensc: update to version 0.24.0
Brings security fixes for CVE-2023-40660, CVE-2023-40661 and
CVE-2023-4535.
 commit | commitdiff | tree
2023-12-11 Jeffery Togolang: Update to 1.21.5
Includes fix for CVE-2023-39326 (net/http: limit chunked...
commit | commitdiff | tree
2023-12-07 Jeffery Topython-cryptography: Update to 41.0.7
41.0.6 included a fix for CVE-2023-49083 (loading certificates...
commit | commitdiff | tree
2023-11-19 Ivan Pavlovopenvpn: update to 2.6.8
CVE-2023-46850 OpenVPN versions between...
CVE-2023-46849 OpenVPN versions between...
commit | commitdiff | tree
2023-11-13 Jeffery Togolang: Update to 1.21.4
Includes fixes for CVE-2023-45283 and CVE-2023-45284...
commit | commitdiff | tree
2023-10-24 Daniel Golleexim: update to version 4.96.2
 ...Neutralization of Special Elements (CVE-2023-42117)
- dnsdb Out-Of-Bounds Read (CVE-2023-42119)
 commit | commitdiff | tree
2023-10-17 Hirokazu MORIKAWAnode: Friday October 13 2023 Security Releases
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release...
* CVE-2023-45143: undici Security Release...
* CVE-2023-38552: Integrity checks according...
* CVE-2023-39333: Code injection via...
commit | commitdiff | tree
2023-10-16 Michal Hruseckysamba4: Update to version 4.18.8
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and...
commit | commitdiff | tree
2023-10-15 Jeffery Togolang: Update to 1.21.3
Includes fix for CVE-2023-39325 (net/http, x/net/http2...
commit | commitdiff | tree
2023-10-15 Hirokazu MORIKAWAnghttp2: fix CVE-2023-44487
nghttp2: fix CVE-2023-44487
CVE-2023-44487 : HTTP/2 Rapid Reset
 commit | commitdiff | tree
2023-10-14 Peter van Dijkh2o: ABI-breaking patch for CVE-2023-44487
h2o: ABI-breaking patch for CVE-2023-44487
 commit | commitdiff | tree
2023-10-11 Michal Hruseckycurl: Update to version 8.4.0
Fixes CVE-2023-38546 and CVE-2023-38545.
 commit | commitdiff | tree
2023-10-08 Daniel Golleexim: update to version 4.96.1
 CVE-2023-42115
CVE-2023-42116
CVE-2023-42114
 commit | commitdiff | tree
2023-10-07 Luiz Angelo Daros... libvpx: update to 1.13.1
- https://crbug.com/1486441 (CVE-2023-5217)
...with smaller width bigger size (CVE-2023-44488)
 commit | commitdiff | tree
2023-10-07 Jeffery Togolang: Update to 1.21.2
Includes fix for CVE-2023-39323 (cmd/go: line directives...
commit | commitdiff | tree
2023-10-03 Josef Schlehoferprometheus-node-exporter-lua: drop bmx6 package
 ...app was vulnerable to several CVEs, as found by dependabot. It has...
commit | commitdiff | tree
2023-09-27 Noah Meyerhansbind: bump to 9.18.19
Fixes CVEs:
CVE-2023-3341 - Previously, sending...
CVE-2023-4236 - A flaw in the networking...
commit | commitdiff | tree
2023-09-27 Alexandru Ardeleanlibwebp: bump to version 1.3.2
 ...lossless decoder (chromium: #1479274, CVE-2023-4863)
 commit | commitdiff | tree
2023-09-17 Josef Schlehoferffmpeg: update to version 5.1.3
Fixes CVEs:
CVE-2022-3964 [1]
CVE-2022-3965 [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-3964
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-3965
 commit | commitdiff | tree
2023-09-16 Josef Schlehofercurl: update to version 8.3.0
CVE-2023-38039 [1]
[1] https://curl.se/docs/CVE-2023-38039.html
 commit | commitdiff | tree
2023-09-10 Jeffery Togolang: Update to 1.21.1
* CVE-2023-39318: html/template: improper...
* CVE-2023-39319: html/template: improper...
* CVE-2023-39320: cmd/go: go.mod toolchain...
* CVE-2023-39321 and CVE-2023-39322...
commit | commitdiff | tree
2023-09-08 Jeffery Topython3: Update to 3.11.5, refresh patches
Includes fix for CVE-2023-40217 (Bypass TLS handshake...
commit | commitdiff | tree
2023-09-01 Lucian Cristianlibreswan: update to 4.12
fix CVE-2023-38710, CVE-2023-38711, CVE...
commit | commitdiff | tree
2023-08-23 Karl Palssonnet/mosquitto: bump to 2.0.17
- CVE-2023-28366: Fix memory leak in...
- CVE-2023-0809: Fix excessive memory...
- CVE-2023-3592: Fix memory leak when...
commit | commitdiff | tree
2023-08-21 Michael Heimpoldphp8: update to 8.2.9
 - CVE-2023-3824
 commit | commitdiff | tree
2023-08-10 Hirokazu MORIKAWAnode: August 2023 Security Releases
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed...
* CVE-2023-32006: Policies can be bypassed...
* CVE-2023-32559: Policies can be bypassed...
commit | commitdiff | tree
2023-08-06 Tianling Shenrust: Update to 1.71.1
- Fix CVE-2023-38497: Cargo did not respect...
commit | commitdiff | tree
2023-08-06 Jeffery Togolang: Update to 1.20.7
Includes fix for CVE-2023-29409 (crypto/tls: verifying...
commit | commitdiff | tree
2023-08-05 Daniel Gollepostgresql: update to version 15.3
 * CVE-2023-2454
* CVE-2023-2455
 commit | commitdiff | tree
2023-07-17 Jeffery Togolang: Update to 1.20.6
Includes fix for CVE-2023-29406 (net/http: insufficient...
commit | commitdiff | tree
next
Mirror of packages feed