ALT-BU-2019-3911-2

Branch p9 update bulletin.

Package recoll updated to version 1.25.22-alt1 for branch p9 in task 236889.

Поправить зависимости

Package packagekit updated to version 1.1.12-alt8 for branch p9 in task 236906.

разные с apt-get алгоритмы обновления системы (disttag)

Package arduino updated to version 1.8.5-alt2_8jpp8 for branch p9 in task 236946.

avrdude: can't open config file "/etc/avrdude/avrdude.conf": No such file or directory

Package python-module-werkzeug updated to version 0.15.5-alt1 for branch p9 in task 236927.

Уязвимость функции generate (src/werkzeug/debug/__init__.py) библиотеки веб-приложений Werkzeug, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Package icewm updated to version 1.6.1-alt1 for branch p9 in task 236964.

[FR] 1.6

Version: 2.1.2

Branch p9 update on 2019-09-01

ALT-BU-2019-3911-2

ALT-PU-2019-2592-1

Closed bugs

Bug #37146

ALT-PU-2019-2593-1

Closed bugs

Bug #36342

ALT-PU-2019-2594-1

Closed bugs

Bug #37154

ALT-PU-2019-2595-1

Closed vulnerabilities

BDU:2020-01804

CVE-2019-14806

ALT-PU-2019-2596-1

Closed bugs

Bug #37127