Branch sisyphus update bulletin.

Package purple-telegram updated to version 1.4.3-alt1 for branch sisyphus in task 248573.

Please update

Package python3 updated to version 3.8.2-alt1 for branch sisyphus in task 244999.

Published: 2020-09-11

BDU:2021-03740

Уязвимость интерпретатора языка программирования Python, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2020-8492

Published: 2020-01-28
Modified: 2024-11-21

CVE-2020-8315

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2020-01-30
Modified: 2024-11-21

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package 1c-preinstall updated to version 8.3-alt12 for branch sisyphus in task 248608.

Серверу 1С нужна утилита file для загрузки libWand.so

не хватает зависимости на libnsl1

Добавить зависимость на libwebkitgtk3

Добавить зависимость на libgperftools

Version: 2.1.0

Branch sisyphus update on 2020-03-27

ALT-BU-2020-3727-1

ALT-PU-2020-1596-1

Closed bugs

Bug #33384

ALT-PU-2020-1597-1

Closed vulnerabilities

BDU:2021-03740

CVE-2020-8315

CVE-2020-8492

ALT-PU-2020-1601-1

Closed bugs

Bug #31214

Bug #37176

Bug #37905

Bug #37912