advancecomp-2.4-1.fc37
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
libbsd-0.11.7-1.el7
Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license
Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()
Build system and test suite regression fixes
Documentation on how to build the project
Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes
Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes
Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0
Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes
Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes
Add __arraycount() macro
Add flopenat() function
Add strtoi() and strtou() functions
Add several new vis and unvis functions
Add pidfile_fileno() function, and struct pidfh is now opaque
The humanize_number() now understands HN_IEC_PREFIXES
The fmtcheck() function supports all standard printf(3) conversions
The getentropy(), and thus arc4random() functions will not block anymore on Linux on boot when there’s not enough entropy available
The arc4random() function handles direct clone() calls better
Fixes the nlist() unit test on IA64, handles glibc now providing some of the functions, restores support for old gcc, and documents the availability of arcrandom(3) on other BSDs
libbsd-0.11.7-1.el8
Portability fixes for the Hurd
Fix ELF support for big endian SH
Sync the arc4random(3) implementation from OpenBSD
Adjust declaration shadowing to match new glibc additions
Manual pages and documentation cleanups
Manual page rewrite to get rid of a BSD-4-Clause license
Build system and test suite fixes for musl
Removal of unused OpenBSD support for arc4random()
LoongArch support for nlist()
Build system and test suite regression fixes
Documentation on how to build the project
Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions
Fix builds with LTO
Various build system fixes
Various portability fixes
Various documentation fixes
Rework of the libmd wrapping code to not require users to explicitly link against libmd
Various build system fixes
Various portability fixes
Update <sys/queue.h> from FreeBSD
Import some closefrom() changes from sudo
Make closefrom() use close_range() syscall on Linux when available
Update libbsd(7) man page with updates in 0.11.0
Export strnvisx() function
New recallocarray() and freezero() from OpenBSD
New pwcache module from OpenBSD
New timespec(3bsd) man page alias to timeval(3bsd)
New progname implementation for Windows
New LIBBSD_VIS_OPENBSD selection macro
Switch from embedded hashing function implementations to use libmd
Various man pages cleanups
Various portability fixes
Various memory leak fixes
Several security related fixes for nlist()
Preliminary and partial Windows porting
Fix for a leak in the vis family of functions
Fix for a configure check to not unnecessarily link against librt
General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD
New architectures support for nlist()
Switch the <err.h> *c() functions to be standalone and add err(), warn(), errx() and warnx() familiy of functions in case the system lacks them
Several man page fixes
grub2-2.06-57.fc36
put the font back in /boot for now
Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
grub2-2.06-14.fc35
put the font back in /boot for now
Yes, this bloats size by a couple meg. Hopefully this won’t cause problems for anyone and everyone can be okay with this CVE fix update.
Adjust the way we provide unicode.pf2 for post-CVE lockdown policy
Two font-related CVE updates (CVE-2022-2601 and CVE-2022-3775). For more information, see upstream’s disclosure or the patches themselves.
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
It was discovered that X.Org X Server incorrectly handled certain inputs.
An attacker could use these issues to cause the server to crash, resulting
in a denial of service, or possibly execute arbitrary code.
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
