GitLab

fixes commit ac7d137d (main/sqlite: security fixes (CVE-2019-19242,
CVE-2019-19244)), which apparently had a typo.

fix commit 0aa5cea8 (main/sqlite: fix CVE-2019-16168) which did not
fix CVE-2018-20346  but CVE-2019-16168.

also remove duplicate CVE-2019-19242

ref #11914

CVE-2018-14629 was fixed in 4.8.11 according
https://www.samba.org/samba/history/samba-4.8.11.html

ref #11914

CVE-2018-6789 was fixed in 4.90.1.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789
#8505

ref #11914

ref #11914

ref #11914

CVE-2017-9410, CVE-2017-9411, CVE-2017-9412, CVE-2015-9099 were all
fixed in 3.99.5-r6.

ref #11914

ref #11914

remove duplicate entry in secfixes comment and unused patch for
CVE-2019-6116.

The compressed .tgz patch that was added in 9.26-r1 was never applied.
The issue was fixed in 9.26-r2.

ref #11914

The fix for CVE-2018-5712 in 5.6.33 was incomplete and got finally fixed
in 5.6.36 together with a new CVE id (CVE-2018-10547).

Update secfixes comment and remove duplicate entry for CVE-2018-5712.

ref #11914
upstream ref: https://bugs.php.net/bug.php?id=76129

CVE-2017-3738 was fixed in commit 69941fbb (main/openssl: security
upgrade to 1.0.2n)

ref #11820

ref #11627

ref #11607

(cherry picked from commit f430aef7)

backport fix that adds newline to each cert in the bundle. The reason is
that trailing newline is no requirement so self generated certs may not
have it.

fixes #8379

(cherry picked from commit 0b87f832)

CVE-2020-10957, CVE-2020-10958, CVE-2020-10967,
CVE-2020-7046, CVE-2020-7957

Upgrade pigeonhole plugin to 0.5.10

fixes #11557

fixes #11539

CVE-2020-2752
CVE-2020-2812
CVE-2020-2814
CVE-2020-2760

fixes #11508

See #11509

- Switch to https
- Clarify license
- Patch CVE-2019-9755

For #11400

Fixed CVEs:

- CVE-2020-11739
- CVE-2020-11740
- CVE-2020-11741
- CVE-2020-11742
- CVE-2020-11743

Patch taken from Debian.

New certificate distrusts have been added, so this should be backported

See #11389

fixes #11155