ALT-BU-2019-3727-2
Branch sisyphus update bulletin.
Closed bugs
rpm's %_install_langs is broken
Роняет apt-get с SIGSEGV
Package telegram-desktop updated to version 1.7.3-alt1 for branch sisyphus in task 231329.
Closed bugs
[FR] Обновить версию
Closed vulnerabilities
Modified: 2025-03-19
BDU:2019-03251
Уязвимость библиотеки getchar.c текстового редактора Vim, связанная с отсутствием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2023-11-21
BDU:2022-05913
Уязвимость команды OS текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2025-11-11
CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html
- http://www.securityfocus.com/bid/108724
- https://access.redhat.com/errata/RHSA-2019:1619
- https://access.redhat.com/errata/RHSA-2019:1774
- https://access.redhat.com/errata/RHSA-2019:1793
- https://access.redhat.com/errata/RHSA-2019:1947
- https://bugs.debian.org/930020
- https://bugs.debian.org/930024
- https://github.com/neovim/neovim/pull/10082
- https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
- https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
- https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/
- https://seclists.org/bugtraq/2019/Jul/39
- https://seclists.org/bugtraq/2019/Jun/33
- https://security.gentoo.org/glsa/202003-04
- https://support.f5.com/csp/article/K93144355
- https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4016-2/
- https://www.debian.org/security/2019/dsa-4467
- https://www.debian.org/security/2019/dsa-4487
- https://www.exploit-db.com/exploits/46973
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html
- http://www.securityfocus.com/bid/108724
- https://access.redhat.com/errata/RHSA-2019:1619
- https://access.redhat.com/errata/RHSA-2019:1774
- https://access.redhat.com/errata/RHSA-2019:1793
- https://access.redhat.com/errata/RHSA-2019:1947
- https://bugs.debian.org/930020
- https://bugs.debian.org/930024
- https://github.com/neovim/neovim/pull/10082
- https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
- https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
- https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/
- https://seclists.org/bugtraq/2019/Jul/39
- https://seclists.org/bugtraq/2019/Jun/33
- https://security.gentoo.org/glsa/202003-04
- https://support.f5.com/csp/article/K93144355
- https://support.f5.com/csp/article/K93144355?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4016-2/
- https://www.debian.org/security/2019/dsa-4467
- https://www.debian.org/security/2019/dsa-4487
Modified: 2024-11-21
CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html
- http://seclists.org/fulldisclosure/2020/Jul/24
- https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
- https://github.com/vim/vim/releases/tag/v8.1.0881
- https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
- https://support.apple.com/kb/HT211289
- https://usn.ubuntu.com/4582-1/
- https://www.starwindsoftware.com/security/sw-20220812-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html
- http://seclists.org/fulldisclosure/2020/Jul/24
- https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
- https://github.com/vim/vim/releases/tag/v8.1.0881
- https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
- https://support.apple.com/kb/HT211289
- https://usn.ubuntu.com/4582-1/
- https://www.starwindsoftware.com/security/sw-20220812-0003/
Closed bugs
CVE-2019-12735: Modelines allow arbitrary code execution
Package phpMyAdmin updated to version 4.9.0.1-alt1 for branch sisyphus in task 231932.
Closed vulnerabilities
BDU:2020-03949
Уязвимость функции конструктора (designer/move.js file) веб-приложения для администрирования систем управления базами данных phpMyAdmin, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
- http://www.securityfocus.com/bid/108617
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
- https://www.phpmyadmin.net/security/PMASA-2019-3/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
- http://www.securityfocus.com/bid/108617
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
- https://www.phpmyadmin.net/security/PMASA-2019-3/
Modified: 2024-11-21
CVE-2019-12616
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
- http://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html
- http://www.securityfocus.com/bid/108619
- https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
- https://www.phpmyadmin.net/security/
- https://www.phpmyadmin.net/security/PMASA-2019-4/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
- http://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html
- http://www.securityfocus.com/bid/108619
- https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
- https://www.phpmyadmin.net/security/
- https://www.phpmyadmin.net/security/PMASA-2019-4/
Modified: 2023-08-02
GHSA-mfr9-pcm3-6mwc
phpMyAdmin CSRF Vulnerability
Modified: 2024-04-24
GHSA-x37v-98f9-mj32
phpMyAdmin SQL injection in Designer feature
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-20804
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
Modified: 2026-02-23
CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts.