Ike.ninja

Update to Samba 4.9.11 —- Update to Samba 4.9.9 Security fixes for CVE-2019-12435

– fixes security issues CVE-2019-10190 and CVE-2019-10191 – https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html

– fixes security issues CVE-2019-10190 and CVE-2019-10191 – https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html

Upgrade to 1.1.11

This update includes a fix for a security vulnerability, CVE-2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release

#### Update to v1.48 * New API: – `snapd_client_get_connections_async` – `snapd_client_get_connections_finish` – `snapd_client_get_connections_sync` – `snapd_client_get_interfaces2_async` – `snapd_client_get_interfaces2_finish` – `snapd_client_get_interfaces2_sync` – `snapd_client_get_snap_conf_async`

#### Update to v1.48 * New API: – `snapd_client_get_connections_async` – `snapd_client_get_connections_finish` – `snapd_client_get_connections_sync` – `snapd_client_get_interfaces2_async` – `snapd_client_get_interfaces2_finish` – `snapd_client_get_interfaces2_sync` – `snapd_client_get_snap_conf_async`

This update includes a fix for a security vulnerability, CVE_2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release

Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands.

Bugfixes, and a security fix: Fixed vulnerabilities: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands.

This update includes a rebase from 9.0.13 up to 9.0.21 which resolves two CVEs along with various other bugs/features: * rhbz#1673856 tomcat-9.0.21 is available * rhbz#1713279 CVE-2019-0221 tomcat: XSS in SSI printenv * rhbz#1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS

Update to v5.1.15 —- Update to v5.1.14

Includes security fix backported from 9.4.3 * [security] Prevent execution of XSS on rich text, * [security] Prevent xss attack on user picture,

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. 🙁 Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825

– Update to 4.1.10 Release notes: https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10 Security Advisory: https://doc.powerdns.com/authoritative/security- advisories/powerdns-advisory-2019-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-