ALT-BU-2019-3468-2

Branch sisyphus update bulletin.

Package qt5ct updated to version 0.37-alt1 for branch sisyphus in task 220362.

The QT_QPA_PLATFORMTHEME environment variable is not set correctly

Package kodi updated to version 18.0-alt1 for branch sisyphus in task 220363.

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: MEDIUM (6.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Package python-module-pexpect updated to version 4.6-alt2 for branch sisyphus in task 220382.

Сломалась сборка пакета python-module-pexpect

Package gitea updated to version 1.7.1-alt1 for branch sisyphus in task 220390.

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.

Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: MEDIUM (6.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Gitea XSS Vulnerability

Severity: MEDIUM (6.1)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Package remmina updated to version 1.3.2-alt1 for branch sisyphus in task 220379.

hangs when asking SPICE password

Version: 2.1.2

Branch sisyphus update on 2019-02-02

ALT-BU-2019-3468-2

ALT-PU-2019-1165-1

Closed bugs

Bug #35769

ALT-PU-2019-1166-1

Closed vulnerabilities

CVE-2018-8831

ALT-PU-2019-1167-1

Closed bugs

Bug #36015

ALT-PU-2019-1168-2

Closed vulnerabilities

CVE-2019-1010261

GHSA-5rh7-6gfj-mc87

ALT-PU-2019-1169-1

Closed bugs

Bug #35993