rebase to 1.15.0
Archive for Fedora
Fixes possible man-in-the-middle security vulnerability – CVE-2019-11065
This update fixes security vulnerability – Checkstyle loads external DTDs by default. Upstream issue: https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 References: https://checkstyle.org/releasenotes.html#Release_8.18
gnome-desktop 3.30.2.3 release, fixing thumbnailer sandbox escape, CVE-2019-11460
Security fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936
Security fix for CVE-2019-9578
Update to Samba 4.9.8, Security fixes for CVE-2018-16860 —- Update to Samba 4.9.7
Microarchitectural Data Sampling speculative side channel [XSA-297, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091] additional patches so above applies cleanly work around grub2 issues in dom0
Fedora 30: java-1.8.0-openjdk-aarch32 Security Update
8u212 update
Fedora 29: php-typo3-phar-stream-wrapper Security Update
– [3.1.1](https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1) – [TYPO3-PSA-2019-007](https://typo3.org/security/advisory/typo3-psa-2019-007/) / [CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831) – [TYPO3-PSA-2019-008](https://typo3.org/security/advisory/typo3-psa-2019-008/) / [CVE-2019-11830](https://nvd.nist.gov/vuln/detail/CVE-2019-11830) –
Fedora 28: php-typo3-phar-stream-wrapper Security Update
– [3.1.1](https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1) – [TYPO3-PSA-2019-007](https://typo3.org/security/advisory/typo3-psa-2019-007/) / [CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831) – [TYPO3-PSA-2019-008](https://typo3.org/security/advisory/typo3-psa-2019-008/) / [CVE-2019-11830](https://nvd.nist.gov/vuln/detail/CVE-2019-11830) –
Fedora 28: java-11-openjdk Security Update
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
Fedora 29: java-11-openjdk Security Update
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
**PHP version 7.3.5** (02 May 2019) **Core:** * Fixed bug php#77903 (ArrayIterator stops iterating after offsetSet call). (Nikita) **CLI:** * Fixed bug php#77794 (Incorrect Date header format in built-in server). (kelunik) **EXIF** * Fixed bug php#77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). (CVE-2019-11036) (Stas) **Interbase:** * Fixed bug
1.6.2 when v5 client with Will message disconnects, where the Will message has as its first property one of `content-type`, `correlation-data`, `payload-format- indicator`, or `response-topic`. * Fix build for WITH_TLS=no. * Fix Will message not allowing user-property properties. * Fix broker originated messages (e.g.
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248
Fix for CVE-2019-5429
Fix for CVE-2019-5429
This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue.
Restore s390x builds. —- 0.7.3.1
* Mouse cursor doubled on QEMU VNC on ppc64le (bz #1565253) * CVE-2019-3840: NULL deref after running qemuAgentGetInterfaces (bz #1665229)
Security fix for CVE-2019-3885, CVE-2018-16877, CVE-2018-16878
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
New upstream release with significantly reworked PKCS#11 support, GSSAPI key exchange and several fixes for CVE-2019-6111 and CVE-2019-6109
New upstream release
Fedora 29: java-1.8.0-openjdk Security Update
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-April/009115.html
Rebase to latest minor version fixes CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
Fedora 29: php-horde-horde Security Update
**horde 5.2.21** * [mjr] SECURITY: Fix XSS vulnerability in the Cloud Block.
Fedora 29: php-horde-turba Security Update
**turba 4.2.24** * [mjr] SECURITY: Fix XSS vulnerability in display of contact tags. * [jan] Clarify objectClass filter examples for LDAP backends (Ralf Lang).