Comparing changes
Open a pull request
- 15 commits
- 9 files changed
- 8 contributors
Commits on Jul 21, 2018
-
Merge pull request #43811 from taku0/oraclejdk-8u181
oraclejdk: 10.0.1 -> 10.0.2 [Critical security fixes] (cherry picked from commit defa760)
Commits on Oct 5, 2018
-
-
Merge pull request #47926 from edef1c/git-2.16.5
git: 2.16.4 -> 2.16.5 (CVE-2018-17456)
Commits on Oct 6, 2018
-
ghostscript: 9.24 -> 9.25 (#47948)
Highlights in this release include: This release fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. CVE-2018-16802 CVE-2018-17183 Note: The ps2epsi utility does not, and cannot call Ghostscript with the -dSAFER command line option. It should never be called with input from untrusted sources. Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits. PLEASE NOTE: We strongly urge users to upgrade to this latest release to avoid these issues. As well as Ghostscript itself, jbig2dec has had a significant amount of work improving its robustness in the face of out specification files. IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread safe, and cannot be made thread safe without breaking the ABI. Our fork will be thread safe, and include performance enhancements (these changes have all be been offered and rejected upstream). We will maintain compatibility between Ghostscript and LCMS2 for a time, but not in perpetuity. Our fork will be available as its own package separately from Ghostscript (and MuPDF). The usual round of bug fixes, compatibility changes, and incremental improvements. (cherry picked from commit 5b77b0d2f1eda9a42fe188eafb499230741e7925) (cherry picked from commit dbcbf7c)
-
Merge pull request #43842 from srhb/jdk-backport
Backport of #43811 jdk updates (help needed)
-
oraclejdk8psu: mark as insecure
This is a sort port of 4d6f880 (#43811). The mentioned issues are not being fixed in the release. The CPU release should be used instead. Since someone might still need the PSU version it will just be marked as insecure allowing the user to whitelist it, if required.
-
Merge pull request #47959 from andir/18.03/oraclejdk
[18.03] oraclejdk8psu: mark as insecure
Commits on Oct 8, 2018
-
tinc: 1.0.34 -> 1.0.35, 1.1pre16 -> 1.1pre17
Critical security update (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758) (cherry picked from commit 15a190e)
-
debian vm tools: use snapshot.debian.org
snapshot.debian.org actually keeps track of all of the updates as they come in rather than doing arbitrary (?) snapshots. (cherry picked from commit 9cc18fa)
-
tor-browser-bundle-bin: 7.5.6 -> 8.0
(cherry picked from commit ed5283f)
-
tor-browser-bundle-bin: add gsettings-schemas
See NixOS/nixpkgs#46587 (cherry picked from commit 5710ee3)
-
tor-browser-bundle-bin: parameterize icon theme
(cherry picked from commit 546e511)
-
tor-browser-bundle-bin: 8.0 -> 8.0.1
(cherry picked from commit f2ba1a4)
-
tor-browser-bundle-bin: 8.0.1 -> 8.0.2
Update to latest version due to security updates and 8.0.1 not being available on the mirrors anymore. Release notes: https://blog.torproject.org/new-release-tor-browser-802 (cherry picked from commit 248ed35)
-
Merge pull request #48063 from Mic92/torbrowser-bundle-bin
tor-browser-bundle-bin: 7.5.6 -> 8.0.2 [18.03 backport]
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 862fb5215f07...c56ede78a08a