Version 1.1.26 (released 24-Jan-2017)
* security fix: escape nav_data name to avoid XSS attack
Version 1.1.25 (released 15-Sep-2016)
* fix _rev2optrev assertion on long input
Category Archives: Fedora
Fedora – Security Updates
viewvc-1.1.26-1.fc25
Version 1.1.26 (released 24-Jan-2017)
* security fix: escape nav_data name to avoid XSS attack
Version 1.1.25 (released 15-Sep-2016)
* fix _rev2optrev assertion on long input
java-1.8.0-openjdk-aarch32-1.8.0.112-3.161109.fc25
January 2017 security fixes – http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
java-1.8.0-openjdk-aarch32-1.8.0.112-3.161109.fc24
January 2017 security fixes – http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
bitlbee-3.2.2-5.el5
– Added upstream patch to fix null pointer dereference on ft attempts from non-existing users
bitlbee-3.5.1-1.el6
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.el7
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.fc24
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.fc25
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6 viewvc-1.1.26-1.el6
Version 1.1.26 (released 24-Jan-2017)
* security fix: escape nav_data name to avoid XSS attack
Version 1.1.25 (released 15-Sep-2016)
* fix _rev2optrev assertion on long input