– Use Apple upstream instead of non-fresh Github one – New upstream in 1.8 dev branch with 417.1 subversion – Close CVE-2018-17093 – Close CVE-2018-17094 – Close CVE-2017-11124 – Close CVE-2017-11125 – Close CVE-2010-3798 – Use license macro – Add OpenSSL To Configuration
Archive for February 6th, 2020
3.96, multiple security fixes. —- Patch for CVE-2019-20021
MariaDB clients could be made to crash if they received specially crafted input.
Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of
An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
ReportLab could be made to run programs as your login if it opened a specially crafted file.
Several security issues were fixed in Pillow.
Mesa could be made to expose sensitive information.
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,