Fedora 32: knot-resolver FEDORA-2020-bf68101ad3
– fixes CVE-2020-12667
– fixes CVE-2020-12667
– CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn’t start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. – CVE-2020-10958: lmtp/submission:
Security fix for CVE-2020-12662 and CVE-2020-12663
Backported patch for CVE-2018-10756.
Latest upstream release fixing security issues.
Exclude arch s390x on el8 —- Update from upstream
Exclude arch s390x on el8 —- Update from upstream
### python-markdown2 2.3.9 ### – [pull #335] Added header support for wiki tables – [pull #336] Reset _toc when convert is run – [pull #353] XSS fix – [pull #350] XSS fix
The 5.6.14 stable kernel update contains a number of important fixes across the tree
Security fix for CVE-2018-1285
Update to 8.10 release (CVE-2020-12823)
**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.
New upstream release with fixes for CVEs and other enhancements.
New upstream release with fixes for CVEs and other enhancements.
New upstream release with fixes for CVEs and other enhancements.
The 5.6.13 stable kernel update contains a number of important fixes across the tree —- The 5.6.12 stable update contains a number of important fixes across the tree.
Latest upstream.
This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
Update to OpenJDK 8u252 (April Critical Patch Update) – JDK-8223898, CVE-2020-2754: Forward references to Nashorn – JDK-8223904, CVE-2020-2755: Improve Nashorn matching – JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs – JDK-8224549, CVE-2020-2757: Less Blocking Array Queues – JDK-8225603: Enhancement for big integers – JDK-8227542: Manifest improved jar headers –
Update to latest upstream 8.8.8
8u252 update
Update to latest upstream 8.8.8
Version update + security fix
Version update + security fix
Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog – security fix: escape subdir lastmod file name (#211) – fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: – suppress stack traces (with option to show) (#140) – distinguish text/binary/image files by icons (#166, #175) – colorize alternating file content lines (#167) – link to the instance root from the
The 5.6.12 stable update contains a number of important fixes across the tree.
Last Upstream release, including (among others): – (security) Prevent execution of SQL injection while assigning a technician, – (security) Permit to change key used to store passwords, – (security) Improve CSRF token, – (security) Fix several possible XSS, – (security) Fix a few possible SQL injections, – Fix SCSS caching issues, – Fix inline images handling on item update, – Fix PHP 7.4
61 queries. 8.5 mb Memory usage. 1.317 seconds.