Fedora 31: knot-resolver FEDORA-2019-866dc03603
– update to upstream version 4.3.0 – fixes CVE-2019-19331 – root.keys is moved to /var/lib/knot-resolver – knot-resolver no longer requires write permission to /etc/knot-resolver/
– update to upstream version 4.3.0 – fixes CVE-2019-19331 – root.keys is moved to /var/lib/knot-resolver – knot-resolver no longer requires write permission to /etc/knot-resolver/
Update to Samba 4.11.3 – Security fixes for CVE-2019-14861, CVE-2019-14870 —- Restart winbindd on samba-winbind package upgrade
Fix intermittent SEC_ERROR_UNKNOWN_ISSUER (#1752303, #1648617) —- Updates the nss package to upstream NSS 3.47.1. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes – https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes
Apply upstream fix for CVE-2019-17064.
Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running `npm -g` was risky on RPM-installed systems. Fedora’s packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided versions.
Apply upstream fix for CVE-2019-17064.
**Added:** * amqp_ssl_socket_get_context can be used to get the current OpenSSL CTX* associated with a connection. **Changed:** * openssl: missing OpenSSL config is ignored as an OpenSSL init error (#523) * AMQP_DEFAULT_MAX_CHANNELS is now set to 2047 to follow current default channel limit in the RabbitMQ broker. (#513) **Fixed:** * add additional input
Libidn 2.3.0 (released 2019-11-14) has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) * Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Turn `_idn2_punycode_encode`, `_idn2_punycode_decode` into compat symbols (Fixes #74)
This update addresses a number of bugs affecting processing of CRLs in mod_tls, including possible null pointer dereferences and missing some checks. Thanks to Lionel Debroux for reporting them.
This update addresses a number of bugs affecting processing of CRLs in mod_tls, including possible null pointer dereferences and missing some checks. Thanks to Lionel Debroux for reporting them.
Address CVE-2019-19204 CVE-2019-19203 CVE-2019-19012. Fixes are backported.
* RabbitMQ ver. 3.7.22 * CVE-2019-11281 * CVE-2019-11287
**MySQL 8.0.18** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html Security Advisory: https://www.oracle.com/security-alerts/cpuoct2019.html
Update to Node.js upstream release 12.13.1 https://nodejs.org/en/blog/release/v12.13.1/ Also fixes an issue where running `npm -g` was risky on RPM-installed systems. Fedora’s packaged NPM will now install global content in /usr/local instead of /usr where it could conflict with RPM-provided versions.
The 5.3.14 update contains a number of important fixes across the tree
FreeIPA 4.8.3 is a security update release that includes fixes for two issues: * CVE-2019-10195: Don’t log passwords embedded in commands in calls using batch A flaw was found in the way that FreeIPA’s batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is
tnef release 1.4.18. [CVE-2019-18849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef.
New build after fixing BuildRequires —- – Rebase to upstream version 3.9.0 – fix CVE-2019-14745
* Rebase to 1.8.28 * Fixed CVE-2019-14287
The 5.3.6 update contains a number of important fixes across the tree.
The 5.3.6 update contains a number of important fixes across the tree.
* Rebase to 1.8.28 * Fixed CVE-2019-14287
Resolves: #1757214, #1757290 – CVE-2019-16884 —- add patch for cgroupsv2
Resolves: #1757214, #1757290 – CVE-2019-16884 —- add patch for cgroupsv2
This update provides the final 1.3.2 release (previously the package was 1.3.2 beta). It also includes the previously-omitted database schema directory (resolving [#1415753](https://bugzilla.redhat.com/show_bug.cgi?id=1415753)) and rddmarc tools, and backports proposed fixes for a [crasher bug](https://bugzilla.redhat.com/show_bug.cgi?id=1673293) and [security issue
Update to latest upstream version.
Backport security fixes from [PR#145](https://github.com/libming/libming/pull/145) Fixes: CVE-2018-7866, CVE-2018-7873, CVE-2018-7876, CVE-2018-9009, CVE-2018-9132
This update provides the final 1.3.2 release (previously the package was 1.3.2 beta). It also includes the previously-omitted database schema directory (resolving [#1415753](https://bugzilla.redhat.com/show_bug.cgi?id=1415753)) and rddmarc tools, and backports proposed fixes for a [crasher bug](https://bugzilla.redhat.com/show_bug.cgi?id=1673293) and [security issue
– Update jackson-parent to version 2.10. – Update jackson-bom to version 2.10.0. – Update jackson-annotations to version 2.10.0. – Update jackson-core to version 2.10.0. – Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
– Update jackson-parent to version 2.10. – Update jackson-bom to version 2.10.0. – Update jackson-annotations to version 2.10.0. – Update jackson-core to version 2.10.0. – Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.
60 queries. 8.75 mb Memory usage. 1.308 seconds.