ALT-BU-2015-2757-1
Branch sisyphus update bulletin.
Package smplayer-skins updated to version 15.2.0-alt2 for branch sisyphus in task 153864.
Closed bugs
Зависит от smplayer
Package python-module-django updated to version 1.8.7-alt1 for branch sisyphus in task 153866.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
- FEDORA-2015-a8c8f60fbd
- FEDORA-2015-a8c8f60fbd
- FEDORA-2015-323274d412
- FEDORA-2015-323274d412
- openSUSE-SU-2015:2199
- openSUSE-SU-2015:2199
- openSUSE-SU-2015:2202
- openSUSE-SU-2015:2202
- RHSA-2016:0129
- RHSA-2016:0129
- RHSA-2016:0156
- RHSA-2016:0156
- RHSA-2016:0157
- RHSA-2016:0157
- RHSA-2016:0158
- RHSA-2016:0158
- DSA-3404
- DSA-3404
- 77750
- 77750
- 1034237
- 1034237
- USN-2816-1
- USN-2816-1
- https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
- https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
- https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
- https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
Package xorg-server updated to version 1.18.0-alt1 for branch sisyphus in task 153823.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.