Ike.ninja

Update to 80.0.3987.162. Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 * CVE-2020-6452

This update incorporates fixes from the upstream glibc 2.30 stable release branch, including 3 fixes for medium severity security vulnerabilities. (CVE-2020-10029, CVE-2020-1752, CVE-2020-1751)

Security fix for CVE-2020-10188

This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** – This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is

* An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. * An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of

The **phpMyAdmin** team announces the release of both **4.9.5** and **5.0.2**. Both versions contain several security fixes: * PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password * PMASA-2020-3 SQL injection vulnerability relating to the search feature * PMASA-2020-4 SQL injection and XSS having to do with displaying results *

This update incorporates fixes from the upstream glibc 2.31 stable release branch, including 2 fixes for medium severity security vulnerabilities. (CVE-2020-10029, CVE-2020-1752)

Fix DoS vulnerability (CVE-2019-19886, RHBZ #1801720 / #1801719)

Fix CVE-2018-19655

The 5.5.11 stable kernel update contains a number of important fixes across the tree.

**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big

**PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) * Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload

Update Fedora 32 to the final release version of 8u242 (https://bitly.com/oj8u242), bringing in the last security updates, in line with packages already in Fedora 30 & 31 This also resolves RHBZ#1813550 which was seen with the previous attempt at this update.

Update to 80.0.3987.149. Upstream says it fixes “13” security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing