Closed
Milestone
expired on Feb 15, 2019
3.9.1
Bugfix release 3.9.1
(from redmine: created on 2019-01-23)
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
35
- [3.9] py-django: memory exhaustion in django.utils.numberformat.format() (CVE-2019-6975)
- [3.9] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)
- [3.9] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
- [3.9] go: crypto/elliptic implementations of P-521 and P-384 elliptic curves allow for denial of service (CVE-2019-6486)
- [3.9] subversion: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)
- [3.9] wavpack: Multiple vulnerabilities (CVE-2018-19840, CVE-2018-19841)
- [3.9] libraw: Multiple vulnerabilities (CVE-2018-20363, CVE-2018-20364, CVE-2018-20365)
- [3.9] soundtouch: Multiple vulnerabilities (CVE-2018-17096, CVE-2018-17097, CVE-2018-17098)
- [3.9] zeromq: Integer overflow in zmq::v2_decoder_t::size_ready (CVE-2019-6250)
- [3.9] py-django: Content spoofing via URL path in default 404 page (CVE-2019-3498)
- [3.9] netatalk: Unauthenticated remote code execution (CVE-2018-1160)
- [3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498)
- [3.9] cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
- [3.9] polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)
- [3.9] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)
- [3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397)
- [3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12385, CVE-2018-12386, CVE-2018-12387)
- [3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379)
- [3.9] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)
- [3.9] xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)
- libxml2: null pointer dereference introduced in version 2.9.9
- /usr/sbin/httpd -DFOREGROUND not working in docker container
- tinyproxy do not start
- Filezilla Fatal Error
- Replace libressl with openssl in initramfs
- libressl and openssl pkgconf have the same provides
- apk doesn't warn if package already installed as a dependency
- borgbackup depends on very specific version of msgpack-python
- edge: chromium 71.0.3578 is a mess!
- [3.9] cairo: Invalid free in cairo_ft_apply_variations (CVE-2018-19876)
- dnssec-root package too old
- [3.9] libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393)
- [3.9] chromium: Multiple vulnerabilities (CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068, CVE…CVE-2018-16088)
- [3.9] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-14007, CVE-2018-14678, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-15471)
- [3.9] xen: Multiple vulnerabilities (CVE-2018-3639, CVE-2018-3665, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893)