ALT-BU-2025-14756-1
Branch sisyphus_e2k update bulletin.
Package alterator-l10n updated to version 2.9.174-alt2 for branch sisyphus_e2k.
Closed bugs
Опечатка в тексте справки для модуля "Копидел"
Package obs-studio updated to version 31.1.2-alt2 for branch sisyphus_e2k.
Closed bugs
Не хватает зависимости на pipewire
Package postgresql16 updated to version 16.11-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package templates updated to version 1.3-alt1 for branch sisyphus_e2k.
Closed bugs
В контекстном меню "Создать документ" неверное написание слова "Файл" (со строчной, а не заглавной буквы)
Изменение названий шаблонов
Package haproxy updated to version 3.0.12-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-03
BDU:2025-13169
Уязвимость серверного программного обеспечения HAProxy, связанная с алгоритмической сложностью, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
CVE-2025-11230
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.
Package corectrl updated to version 1.5.2-alt2 for branch sisyphus_e2k.
Closed bugs
control: grep: warning: * at start of expression
Package postgresql15 updated to version 15.15-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package postgresql13 updated to version 13.23-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package postgresql14 updated to version 14.20-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package postgresql17-1C updated to version 17.7-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package postgresql17 updated to version 17.7-alt0.p11.1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2025-12-19
BDU:2025-13962
Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-19
BDU:2025-14083
Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modified: 2025-11-14
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Package swayfx updated to version 0.5.3-alt1 for branch sisyphus_e2k.
Closed bugs
Нет зависимости на swayfx-data
Обновить swayfx до версии 0.5
Package cryptote updated to version 0.6.0-alt4 for branch sisyphus_e2k.
Closed bugs
cryptote: Собрать пакет с wxGTK3.2