Branch sisyphus update bulletin.

Package node updated to version 6.9.1-alt1 for branch sisyphus in task 173829.

Published: 2016-09-25
Modified: 2024-11-21

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2018-05-08
Modified: 2024-11-21

CVE-2018-1000168

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package repocop-unittest-distribution-tag updated to version 0.5-alt1 for branch sisyphus in task 173832.

Надо привести в соответствие с новым значением %distribution

Package thunderbird updated to version 45.5.1-alt1 for branch sisyphus in task 173831.

No data currently available.

Package firefox-esr updated to version 45.5.1-alt1 for branch sisyphus in task 173822.

No data currently available.

Version: 2.1.0

Branch sisyphus update on 2016-12-02

ALT-BU-2016-3179-1

ALT-PU-2016-2380-1

Closed vulnerabilities

CVE-2016-5172

CVE-2018-1000168

ALT-PU-2016-2381-1

Closed bugs

Bug #32834

ALT-PU-2016-2384-1

Closed vulnerabilities

MFSA 2016-92

ALT-PU-2016-2385-1

Closed vulnerabilities

MFSA 2016-92