ALT-BU-2022-3638-1
Branch sisyphus_riscv64 update bulletin.
Package SDL2_mixer updated to version 2.0.4-alt3 for branch sisyphus_riscv64.
Closed bugs
SDL2_mixer собран без поддержки opus
Package gear updated to version 2.5.1-alt1 for branch sisyphus_riscv64.
Closed bugs
добавить в man gear-rules для exclude отсылку к glob в git
gear-update-tag: убрать варнинг про нераспозанную директиву specsubst
gear-edit-spec запускает редактор даже если не может найти spec
gear: сборка из git worktree
Package ansible updated to version 2.9.27-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767
- https://bugzilla.redhat.com/show_bug.cgi?id=1975767
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
- https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
- https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
- https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
- https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
Package systemd updated to version 249.9-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3997
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
- https://access.redhat.com/security/cve/CVE-2021-3997
- https://access.redhat.com/security/cve/CVE-2021-3997
- https://bugzilla.redhat.com/show_bug.cgi?id=2024639
- https://bugzilla.redhat.com/show_bug.cgi?id=2024639
- https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
- https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
- GLSA-202305-15
- GLSA-202305-15
- https://www.openwall.com/lists/oss-security/2022/01/10/2
- https://www.openwall.com/lists/oss-security/2022/01/10/2
Package assimp updated to version 5.1.5-alt1_1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-45948
Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
- GLSA-202210-01
- GLSA-202210-01