Ike.ninja

Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).

update to 4.11.4 —- multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)

**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893

**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893

**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. – Fix bug where attachments with Content-Id were attached to the message on reply (#7122) – Fix identity selection on reply when both sender and

https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html

A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated

The 5.6.8 stable kernel update contains a number of important fixes across the tree.

Security fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 – From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The

**horde 5.2.22** * [jan] SECURITY: Protect image processing service from rendering active SVG content within the browser. * [jan] SECURITY: Fix XSS vulnerabilities in administration interface. * [jan] Support Redis Sentinel configuration (Michael Menge <[email protected]>, Request #14998). * [jan] Use file hashing for detecting outdated configuration files.

Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated

Security fix for CVE-2020-11100

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated