| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | atlassian-confluence: 7.1.0 -> 7.2.0•••(cherry picked from commit a53c73d9c8dd78c2e4aab957d5476fc3d07c082e)
release-19.0919.09local/19.09gitlab.intr/19.09github/19.0919.09 | WilliButz | 2019-12-19 | 1 | -4/+4 |
| * | atlassian-confluence: 7.0.3 -> 7.1.0•••(cherry picked from commit 15db4fcd510949aca2df686896e53bfe95173b39)
| Robin Gloster | 2019-12-19 | 1 | -2/+2 |
| * | atlassian-confluence: 7.0.2 -> 7.0.3•••(cherry picked from commit a8b985da997456eaa8a799bb8ac01dc2c7637f1a)
| R. RyanTM | 2019-12-19 | 1 | -2/+2 |
| * | matrix-synapse: 1.7.0 -> 1.7.1•••https://github.com/matrix-org/synapse/releases/tag/v1.7.1
(cherry picked from commit f1acc6e70e20ffcc3354b6055a4d5e6f6f68b718)
| Maximilian Bosch | 2019-12-19 | 1 | -2/+2 |
| * | matrix-synapse: 1.6.1 -> 1.7.0•••https://github.com/matrix-org/synapse/releases/tag/v1.7.0
(cherry picked from commit 73322737a36a6f816ad5a224cf1c87ad92c8d099)
| Maximilian Bosch | 2019-12-19 | 1 | -2/+2 |
| * | matrix-synapse.ldap3: 0.1.3 -> 0.1.4•••https://github.com/matrix-org/matrix-synapse-ldap3/releases/tag/v0.1.4
(cherry picked from commit e533a8c565ef5d52f9d1cec021f0cbdab0cc1d02)
| Maximilian Bosch | 2019-12-19 | 1 | -2/+2 |
| * | Merge pull request #75717 from andir/19.09/apt•••[19.09] apt: 1.4.6 -> 1.4.9 (CVE-2019-3462) | WilliButz | 2019-12-19 | 1 | -3/+3 |
| |\ |
|
| | * | apt: 1.4.6 -> 1.4.9•••Fixes on remote content injection issue (CVE-2019-3462).
Complete changelog:
> apt (1.4.9) stretch-security; urgency=medium
>
> * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
> (LP: #1812353)
>
> -- Julian Andres Klode <jak@debian.org> Fri, 18 Jan 2019 11:42:07 +0100
>
> apt (1.4.8) stretch; urgency=medium
>
> [ Balint Reczey ]
> * Gracefully terminate process when stopping apt-daily-upgrade (LP: #1690980)
>
> [ David Kalnischkies ]
> * don't ask an uninit _system for supported archs, this
> crashes the mirror method (LP: #1613184)
>
> [ Julian Andres Klode ]
> * Do not warn about duplicate "legacy" targets (Closes: #839259)
> (LP: #1697120)
> * apt-daily: Pull in network-online.target in service, not timer
> - this can cause a severe boot performance regression / hang
> (LP: #1716973)
>
> -- Julian Andres Klode <jak@debian.org> Wed, 13 Sep 2017 18:47:33 +0200
>
> apt (1.4.7) stretch; urgency=medium
>
> * New release with important fixes up to 1.5~beta1; also see LP: #1702326
>
> [ Robert Luberda ]
> * fix a "critical" typo in old changelog entry (Closes: 866358)
>
> [ David Kalnischkies ]
> * test suite/travis CI: ignore profiling warning in progress lines
> * use port from SRV record instead of initial port
>
> [ Julian Andres Klode ]
> * Reset failure reason when connection was successful, so later errors are
> reported as such and not as "connection failure" warnings.
> * debian/gbp.conf: Set debian-branch to 1.4.y
> * http: A response with Content-Length: 0 has no content, so don't try to
> read it - it will either timeout or the server closes the connection.
> * travis CI: Migrate to Docker
>
> -- Julian Andres Klode <jak@debian.org> Thu, 13 Jul 2017 23:45:39 +0200
| Andreas Rammhold | 2019-12-15 | 1 | -3/+3 |
| * | | linux_latest-libre: 17117 -> 17119•••(cherry picked from commit 9b5b7220d83d231348b2527b1ed426611fa90528)
| Tim Steinbach | 2019-12-18 | 1 | -1/+1 |
| * | | linux_latest-libre: 17112 -> 17117 | Tim Steinbach | 2019-12-18 | 1 | -2/+2 |
| * | | linux: 4.19.89 -> 4.19.90 | Tim Steinbach | 2019-12-18 | 1 | -2/+2 |
| * | | linux: 4.14.158 -> 4.14.159 | Tim Steinbach | 2019-12-18 | 1 | -2/+2 |
| * | | linux: 5.4.3 -> 5.4.5 | Tim Steinbach | 2019-12-18 | 1 | -2/+2 |
| * | | dovecot_pigeonhole: 0.5.8 -> 0.5.9•••Fixes build with dovecot 2.3.9+.
(cherry picked from commit a77524e2e38a30bdfaf16ba153700b28c2d70d7d)
| Milan Pässler | 2019-12-18 | 1 | -2/+2 |
| * | | Merge pull request #75842 from primeos/signal-desktop-backport•••[19.09] signal-desktop: 1.29.0 -> 1.29.1 (backport) | Michael Weiss | 2019-12-18 | 1 | -2/+2 |
| |\ \ |
|
| | * | | signal-desktop: 1.29.0 -> 1.29.1•••(cherry picked from commit 8d5f5e7e3e73ff185b5cb88952cdafb81042c7f6)
Reason: Avoid an expired (unusable) release in the stable release
(Signal-Desktop releases expire after 90 days).
| Michael Weiss | 2019-12-17 | 1 | -2/+2 |
| |/ / |
|
| * | | [r19.09] dpdk: 17.11.2 -> 17.11.9, addressing CVE-2019-14818 (#75829)•••[r19.09] dpdk: 17.11.2 -> 17.11.9, addressing CVE-2019-14818 | Jörg Thalheim | 2019-12-17 | 1 | -2/+2 |
| |\ \ |
|
| | * | | dpdk: 17.11.2 -> 17.11.9 (security)•••addressing CVE-2019-14818
| Robert Scott | 2019-12-16 | 1 | -2/+2 |
| * | | | python: acoustics: 0.2.2 -> 0.2.3•••(cherry picked from commit 10db10b5d7b70c83fec660fa875c1de1527ec0cf)
| Frederik Rietdijk | 2019-12-17 | 1 | -2/+2 |
| |/ / |
|
| * | | linux-libre_latest: 16794 -> 17112•••The original commit didn't have a comment, causing a conflict. I
removed the comment here so future backports apply cleanly.
(cherry picked from commit 987a59e295e6803dc282a125757e9be6afe723c0)
| Alyssa Ross | 2019-12-16 | 1 | -5/+2 |
| * | | Merge pull request #74498 from WilliButz/grafana-go-backports•••go_1_13, grafana-6.5.1: backport to 19.09 | Andreas Rammhold | 2019-12-16 | 5 | -4/+355 |
| |\ \ |
|
| | * | | grafana: 6.5.0 -> 6.5.1•••(cherry picked from commit b8227da4c9f2da1d2d64f2e266b34c8ed3d4c9b8)
| WilliButz | 2019-12-11 | 1 | -3/+3 |
| | * | | grafana: 6.4.5 -> 6.5.0, build with go 1.13•••(cherry picked from commit ce74c85ce771f70d65bd0e8c986f4de475377578)
| WilliButz | 2019-12-11 | 2 | -4/+6 |
| | * | | go_1_13: add kalbasit to maintainers•••(cherry picked from commit f93ea5abe1d23f6f12661333f510201fb48b533e)
| Roman Volosatovs | 2019-12-11 | 1 | -1/+1 |
| | * | | go: add buildGo113Package and buildGo113Module | WilliButz | 2019-12-11 | 1 | -0/+8 |
| | * | | go_1_13: init at 1.13.1•••(cherry picked from commit bd023200a94d6243a59c040dccb1aebd42f74646)
| Roman Volosatovs | 2019-12-11 | 4 | -0/+341 |
| * | | | Merge pull request #75711 from andir/19.09/spamassassin•••[19.09] spamassassin: 3.4.2 -> 3.4.3 | Andreas Rammhold | 2019-12-16 | 1 | -2/+2 |
| |\ \ \ |
|
| | * | | | spamassassin: 3.4.2 -> 3.4.3•••Two security issues have been fixed in this release:
* CVE-2019-12420 for Multipart Denial of Service Vulnerability
* CVE-2018-11805 for nefarious CF files can be configured to
run system commands without any output or errors.
https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt
(cherry picked from commit 5d3607b2da4ba7bf72420fe92167800f62d0a3be)
| Andreas Rammhold | 2019-12-15 | 1 | -2/+2 |
| | | |/
| |/| |
|
| * | | | herwig: 7.1.5 -> 7.1.6•••thepeg: 2.1.5 -> 2.1.6
(cherry picked from commit 2f79be40d61c93a6a57e5ffb437a0345a219d8cd)
| Dmitry Kalinkin | 2019-12-15 | 2 | -4/+4 |
| * | | | Merge pull request #75699 from scaredmushroom/aircrack-ng_release-19.09•••backport: aircrack-ng: fixed missing dependency for airmon-ng | Franz Pletz | 2019-12-15 | 1 | -2/+2 |
| |\ \ \ |
|
| | * | | | aircrack-ng: fixed missing dependency for airmon-ng•••(cherry picked from commit 2978ca21804e5c400e59d7c47bb25f79433601c7)
| cap | 2019-12-16 | 1 | -2/+2 |
| |/ / / |
|
| * | | | Merge pull request #75685 from scaredmushroom/tor-browser-bundle-bin_release-...•••backport: tor-browser-bundle-bin: 9.0.1 -> 9.0.2 | Franz Pletz | 2019-12-15 | 1 | -3/+3 |
| |\ \ \ |
|
| | * | | | tor-browser-bundle-bin: 9.0.1 -> 9.0.2•••(cherry picked from commit fca98ea5be372f788e51a1973a7a58c79a1cbbb2)
| cap | 2019-12-16 | 1 | -3/+3 |
| |/ / / |
|
| * | | | Merge pull request #75724 from andir/19.09/advancecomp•••[19.09] advancecomp: fix CVE-2019-9210 | Michael Raskin | 2019-12-15 | 1 | -2/+15 |
| |\ \ \ |
|
| | * | | | advancecomp: fix CVE-2019-9210•••(cherry picked from commit f23627cb12cef703ace198544920a90fdea376c4)
| Andreas Rammhold | 2019-12-15 | 1 | -2/+15 |
| * | | | | Merge pull request #75716 from andir/19.09/ansible•••[19.09] ansible fixes for CVE-2019-10156 CVE-2019-10206 CVE-2019-14846 CVE-2019-14856 CVE-2019-14858 CVE-2019-14864 | Franz Pletz | 2019-12-15 | 2 | -6/+6 |
| |\ \ \ \ |
|
| | * | | | | ansible_2_6: 2.6.17 -> 2.6.20•••This addresses the following security issues:
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
* resolves CVE-2019-10206, by avoiding templating passwords from
prompt as it is probable they have special characters.
* Handle improper variable substitution that was happening in
safe_eval, it was always meant to just do 'type enforcement' and have
Jinja2 deal with all variable interpolation. Also see CVE-2019-10156
Changelog: https://github.com/ansible/ansible/blob/9bdb89f740a87bcf760424577ce18a8f68d7a741/changelogs/CHANGELOG-v2.6.rst
(cherry picked from commit b21b92947e931bd40a5144c686510320fba6c88d)
| Andreas Rammhold | 2019-12-15 | 1 | -2/+2 |
| | * | | | | ansible_2_8: 2.8.4 -> 2.8.7•••This addresses the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
Changelog: https://github.com/ansible/ansible/blob/24220a618a6d5cd3b5c99f8c7f7771661ed08d33/changelogs/CHANGELOG-v2.8.rst
(cherry picked from commit 71cde971c7da86123b897d0e96a2e7bd88010df0)
| Andreas Rammhold | 2019-12-15 | 1 | -2/+2 |
| | * | | | | ansible_2_7: 2.7.11 -> 2.7.15•••This fixes the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data
in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when invalid
parameters are passed to the module (CVE-2019-14858)
* resolves CVE-2019-10206, by avoiding templating passwords from
prompt as it is probable they have special characters.
* Handle improper variable substitution that was happening in
safe_eval, it was always meant to just do 'type enforcement' and have
Jinja2 deal with all variable interpolation. Also see CVE-2019-10156
Changelog: https://github.com/ansible/ansible/blob/0623dedf2d9c4afc09e5be30d3ef249f9d1ebece/changelogs/CHANGELOG-v2.7.rst#v2-7-15
(cherry picked from commit 64e2791092add32ba0ed5ab0b990c0f54ac519fb)
| Andreas Rammhold | 2019-12-15 | 1 | -2/+2 |
| | | |/ /
| |/| | |
|
| * | | | | Merge pull request #75709 from andir/19.09/thunderbird-bin•••[19.09] thunderbird-bin: 68.2.2 -> 68.3.0 | Franz Pletz | 2019-12-15 | 1 | -245/+245 |
| |\ \ \ \ |
|
| | * | | | | thunderbird-bin: 68.2.2 -> 68.3.0•••(cherry picked from commit e1699e3c71ef328f38bca46dfcb5fe50e608ef67)
| Andreas Rammhold | 2019-12-15 | 1 | -245/+245 |
| | |/ / / |
|
| * | | | | Merge pull request #75707 from andir/19.09/dovecot•••[19.09] dovecot: 2.3.8 -> 2.3.9.2 | Franz Pletz | 2019-12-15 | 3 | -138/+168 |
| |\ \ \ \
| |_|/ /
|/| | | |
|
| | * | | | dovecot: 2.3.8 -> 2.3.9.2•••Update to latest version & updated the patch file to match with the
lastest verison.
Fixes the following security issue:
* CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
(cherry picked from commit cd394340d8f550e1778682a5ff60116f3bba84bf)
| Andreas Rammhold | 2019-12-15 | 3 | -138/+168 |
| | |/ / |
|
| * / / | wire-desktop: fix desktop icon•••Update the Name attribute in the wire-desktop.desktop applications file
and add StartupWMClass key. This fixes the icons on plasma5 and gnome3
which, in certain places, showed a generic X.org icon instead of the Wire
icon.
(cherry picked from commit 4a73fbc367f06134b300a0fa9ac9dc787d6f4f4b)
| Robert Djubek | 2019-12-15 | 1 | -1/+4 |
| |/ / |
|
| * | | linux: Add CRYPTO_AEGIS128_SIMD for aarch64•••See comments: https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
(cherry picked from commit 0e670a2e678ae8d23694d20848c558a3f17251f9)
Fixes #75650.
| Tim Steinbach | 2019-12-15 | 1 | -0/+3 |
| * | | fixup! virtualbox: 6.0.12 -> 6.0.14•••use fetchpatch in guest additions
(cherry picked from commit 837dbc809ecfe076e153a1e19b475ace6406b5df)
| Fabian Möller | 2019-12-15 | 2 | -156/+58 |
| * | | fixup! virtualbox: 6.0.12 -> 6.0.14•••(cherry picked from commit 63969f5821c2453123bad3bf9b6817e71ec11c97)
| Fabian Möller | 2019-12-15 | 2 | -296/+19 |
| * | | virtualbox: 6.0.12 -> 6.0.14•••(cherry picked from commit 041680d93620036dc71a27c660856ae12987325d)
| Fabian Möller | 2019-12-15 | 7 | -134/+458 |
| * | | exa: apply patch to not panic on broken symlinks•••Currently, exa fails when being executed in a git repository with
symlinks pointing to a non-existing location.
This can happen quite often with garbage-collected result links, or in
bazel repositories.
A fix was PR'ed in September at https://github.com/ogham/exa/pull/584,
but upstream seems to be not responding.
Let's apply this patch until there's a release containing the fixes.
(cherry picked from commit d41dca2f5f6a49868a9ba449a090881ee82f909e)
| Florian Klink | 2019-12-15 | 1 | -1/+10 |
| * | | Merge pull request #75654 from c0bw3b/sec/stable/chicken•••[19.09] update chickenPackages_4 | Renaud | 2019-12-14 | 5 | -187/+28 |
| |\ \ |
|
