Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
[Backport release-23.11] mysql80: 8.0.36 -> 8.0.37
|
|
[23.11] doxygen: apply patch removing the usage of polyfill.io
|
|
If you output HTML with MathJax content Pandoc might uses a JS library
provided by cdn.polyfill.io which is now considered to be a bad actor.
https://sansec.io/research/polyfill-supply-chain-attack
`haskellPackages.pandoc` is not impacted, the concerned domain is not used
To reproduce the issue:
1. Create a file `math.tex` with the following content `$a^2 + b^2 = c^2$`
2. Call `pandoc` with `pandoc math.tex -s --mathjax -o ex.html`
3. Look at the injected scripts in `ex.html`
|
|
[Backport release-23.11] apptainer: 1.2.5 -> 1.3.2
|
|
[23.11] freeipa: 4.11.1 -> 4.11.2
|
|
[23.11] grafana: 10.2.7 -> 10.2.8
|
|
Changes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-37.html
Fixes:
* CVE-2024-21047
* CVE-2024-21069
* CVE-2024-21060
* CVE-2024-21087
* CVE-2024-20998
* CVE-2024-21009
* CVE-2024-21054
* CVE-2024-21062
* CVE-2024-21102
* CVE-2024-21096
* CVE-2024-21008
* CVE-2024-21013
* CVE-2024-21000
https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL
(cherry picked from commit 9b648599eaff67fd4d7045e22fa85f7656777eff)
|
|
[Backport release-23.11] netbird: 0.27.10 -> 0.28.3
|
|
(cherry picked from commit 7dfa379b930f604e6c5da312124f6ec12e3a943c)
|
|
ChangeLog: https://github.com/grafana/grafana/releases/tag/v10.2.8
|
|
(cherry picked from commit e546e8ff516328a6500b68a7ebb72882f8ff4df7)
|
|
|
|
The template used by doxygen when MathJax is needed uses a
JS script provided by polyfill.io which is now considered
to be a bad actor.
https://sansec.io/research/polyfill-supply-chain-attack
|
|
(23.11) openssl_3: 3.0.13 -> 3.0.14; openssl_3_1: 3.1.5 -> 3.1.6
|
|
discord: 0.0.56 -> 0.0.58
discord-ptb: 0.0.90 -> 0.0.92
discord-canary: 0.0.431 -> 0.0.438
discord-development: 0.0.19 -> 0.0.21
pkgsCross.aarch64-darwin.discord: 0.0.307 -> 0.0.309
pkgsCross.aarch64-darwin.discord-ptb: 0.0.119 -> 0.0.121
pkgsCross.aarch64-darwin.discord-canary: 0.0.531 -> 0.0.547
pkgsCross.aarch64-darwin.discord-development: 0.0.41 -> 0.0.43
(cherry picked from commit 76551701c130bd08fb6722cdd9b95d75bd021634)
|
|
(cherry picked from commit b8877d07e8a2068b2f8718550b39ba2cc41eef1c)
|
|
|
|
(cherry picked from commit 27fdb4ca2cacfddff59147701295168193e1b862)
|
|
(cherry picked from commit 144ac0d7fc16609847d957d53a715d393caaeef2)
|
|
[Backport release-23.11] knot-dns: 3.3.6 -> 3.3.7
|
|
https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.5-ee/CHANGELOG.md
Fixes CVE-2024-1493
Fixes CVE-2024-1816
Fixes CVE-2024-2177
Fixes CVE-2024-2191
Fixes CVE-2024-3115
Fixes CVE-2024-3959
Fixes CVE-2024-4011
Fixes CVE-2024-4025
Fixes CVE-2024-4557
Fixes CVE-2024-4901
Fixes CVE-2024-4994
Fixes CVE-2024-5430
Fixes CVE-2024-5655
Fixes CVE-2024-6323
(cherry picked from commit aff7eed4e7a1eddce866312da4f131b4b8af4066)
|
|
nixVersions.nix_2_18: 2.18.1 -> 2.18.3
|
|
(cherry picked from commit f6c43dab739c8bcce80577c80cefeaea031c7a4f)
|
|
(cherry picked from commit 660b0f4554497f7fc79b3a25a694327cd8800a8b)
|
|
(cherry picked from commit afcbbf9e95f9b91f77a6dd5eb999e68bdea4f089)
|
|
(cherry picked from commit 5f53abdb3f1f043371786891d0d54c1577cce07f)
|
|
(cherry picked from commit acca00bf2c0eccf9a7153cf9140eb972a3bc9054)
|
|
(cherry picked from commit 07f6b665d1be6192f776fd878fce758544a77976)
|
|
(cherry picked from commit a36965d8f041679216a0b188c7418e3e78797c74)
|
|
(cherry picked from commit cf524d2185bdbb71fa99730092455ff7423caaa8)
|
|
(cherry picked from commit c0079b0d8a3362e175515253a4aae05a9a66f9b2)
|
|
(cherry picked from commit 3655cb233f8982001c8bf0f78960a60321e7636b)
|
|
[23.11] nextcloud: 27.1.10 -> 27.1.11, 28.0.6 -> 28.0.7, 29.0.2 -> 29.0.3
|
|
|
|
https://gitlab.nic.cz/knot/knot-dns/-/releases/v3.3.7
(cherry picked from commit 1622a46318041a0cce995a1eea6976396af0556c)
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
(cherry picked from commit f424ca5c4fa297ba784f41ec8bd3ba63c3e61076)
|
|
|
|
[Backport release-23.11] chromedriver: 126.0.6478.61 -> 126.0.6478.126, chromium: 126.0.6478.61 -> 126.0.6478.126
|
|
https://www.mozilla.org/en-US/firefox/127.0.2/releasenotes/
(cherry picked from commit 8934e6d34f6f748155d0616980439fc71a4acf70)
|
|
https://www.mozilla.org/en-US/firefox/127.0.2/releasenotes/
(cherry picked from commit 783f56274fca369c1455393d58690f9d2f106628)
|
|
The hkp protocol keeps erroring out with "server indicated failure".
(cherry picked from commit 29224f6778817f6dd9cb03fd04f02e37bbd8dbe1)
|
|
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html
This update includes 5 security fixes.
CVEs:
CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293
(cherry picked from commit 010fac78763b8b92bad3e298767b24421f694e0c)
|
|
(cherry picked from commit 46ca3de28a91ea4a74f9a62af55f7bff49443c07)
|
|
[Backport release-23.11] ungoogled-chromium: 126.0.6478.61-1 -> 126.0.6478.114-1
|
|
(cherry picked from commit 2fc78cf1461382cee8dc3f16d73ce56d5752a8c6)
|
|
ChangeLog: https://github.com/nextcloud/server/releases/tag/v27.1.11
Will be EOL by the end of the month, hence marking it as such.
(cherry picked from commit 01fb487f76773614254381d8bc0576c8051b4044)
|
|
(cherry picked from commit 70d8f4cf1e9fc6eded6eeffd2ad9796ae7c657f4)
|
|
(cherry picked from commit 04b0d035f8ec778e7d9b9e663d80255958c91239)
|
|
ChangeLog: https://github.com/nextcloud/server/releases/tag/v29.0.3
(cherry picked from commit 9b1cfa27a00a9d200facc2dd2e791c14366664f9)
|