Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html
Adobe Security Bulletin
Security Bulletin for Adobe Flash Player | APSB20-30
Summary
Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address a critical
vulnerability in Adobe Flash Player. Successful exploitation could
lead to arbitrary code execution in the context of the current user.
0.1.7
Fixed Python 3 compatibility in the examples
Exposed network interface indexes in Adapter.index
Added the license file to distributions on PyPI
Fixed Illumos/Solaris compatibility
Set up universal wheels, ifaddr will have both source and wheel distributions on PyPI from now on
RELEASE 3.5.42
* fix bug in tables.py reported by Kamil Niski https://bitbucket.org/rptlab/reportlab/issues/182 & Adam Kalinsky
RELEASE 3.5.41
* fix python3 bug in DDIndenter.__getattr__
RELEASE 3.5.40
* fix broken (by robin) simple bar lables found by Djan
RELEASE 3.5.39
* allow selection of ttf subfonts by PS name
* revert to old style recursiveGetAttr
* raise error for problematic Canvas.setDash reported by Mike Carter from sitemorse
RELEASE 3.5.38
* bug fix for normalDate monthnames; bump travis; version-->3.5.38
RELEASE 3.5.37
* experimental support for 2d pie/doughnut shading
RELEASE 3.5.36
* update travis version of multibuild contrib by Matthew Brett
* fixes to cope with python 3.9
* imrove Drawing formats handling and ensure asString can do svg
RELEASE 3.5.35
* test fixes
* Label enhancement
* added isSubclassOf validator
* added CrossHair widget
Apache Solr is an open source enterprise search server based on the Apache
Lucene Java search library, with XML/HTTP and JSON APIs, hit highlighting,
faceted search, caching, replication, and a web administration interface.
0.6.12:
Bugfixes:
* Fixed height of about dialog.
Enhancements:
* Only save settings for pages that actually has been changed.
* Replaced use of deprecated Qt functionality as of 5.15.
* Made scrobbler show error dialog for all errors when show error dialog option is on.
* Dont append disc to album titles for Subsonic and Tidal.
* Sort folders added from file view.
* Changed default collection grouping to album - disc.
Qt interface changes:
* Fixed files being moved instead of copied when dragged to a file
manager (#986)
* Added keyboard shortcuts for Open/Add Folder (#989)
* Fixed space being reserved for disabled infobar visualization (#990)
* Fixed playlist rows sometimes changing height at song change
Qt Winamp Classic interface changes:
* Enabled window snapping to screen edges (#985)
* Enabled dragging files from file manager (contributed by GitHub user
iDarkTemplar)
Other changes:
* Fixed warnings when building Audacious with link-time optimizations
* Fixed stuck startup notification under MATE when Audacious was already
running
* Updated translations
This was getting unwieldly and didn't support changing multiple checksums in
the same file (required for illumos support in 1.44.0). It was also hiding
potential bugs, with entries for vendor/rand which do not exist.
It's likely this should be in vendor/rand_os as that's what we're actually
patching, but perhaps that crate is no longer used as it appears we've never
had a checksum fix for it.
Changes:
Security
Fixed: Potential exploit in the OCB2 encryption (#4227)
ICE
Fixed: Added missing UserKDFIterations field to UserInfo => Prevents
getRegistration() from failing with enumerator out of range error (#3835)
GRPC
Fixed: Segmentation fault during murmur shutdown (#3938)
Client
Fixed: Crash when using multiple monitors (#3756)
FIxed: Don't send empty message from clipboard via shortcut, if clipboard
is empty (#3864)
Fixed: Talking indicator being able to freeze to indicate talking when
self-muted (#4006)
Fixed: High CPU usage for update-check if update server not available
(#4019)
Fixed: DBus getCurrentUrl returning empty string when not in root-channel
(#4029)
Fixed: Small parts of whispering leaking out to normal talk (#4051)
Fixed: Last audio frame of normal talking sent to last whisper target
instead when using VoiceActivation (#4050)
Fixed: LAN-icon not found in ConnectDialog (#4058)
Improved: Set maximal vertical size for User Volume Adjustment dialog
(#3801)
Improved: Don't send empty data to PulseAudio (#3316)
Improved: Use the SRV resolved port for UDP connections (#3820)
Improved: Manual Plugin UI (#3919)
Improved: Don't start Jack server by default (#3990)
Improved: Overlay doesn't hook into all other processes by default (#4041)
Improved: Wait longer before disconnecting from a server due to unanswered
Ping-messages (#4123)
Server
Fixed: Possibility to circumvent max user-count in channel (#3880)
Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
Fixed: Wrong database encoding that could lead to server-crash (#4220)
Fixed: DB crash due to primary key violation (now performs "UPSERT" to
avoid this) (#4105)
Improved: The fields in the Version ProtoBuf message are now
size-restricted in order to avoid attacks that can render another client
unresponsive (#4101)
Windows Installer
Improved: Mumble icon (now properly displayed) (#4204)
Tepl is a library that eases the development of GtkSourceView-based text
editors and IDEs. Tepl is the acronym for "Text editor product line". It
serves as an incubator for GtkSourceView.
Tepl was previously named Gtef (GTK+ text editor framework). The project
has been renamed in June 2017 to have a more beautiful name. The end of Tepl
is pronounced like in "apple".
uchardet is an encoding detector library, which takes a sequence of bytes
in an unknown character encoding without any additional information, and
attempts to determine the encoding of the text. Returned encoding names are
iconv-compatible.
uchardet started as a C language binding of the original C++ implementation
of the universal charset detection library by Mozilla. It can now detect
more charsets, and more reliably than the original implementation.
# ZNC 1.8.1 (2020-05-07)
Fixed bug introduced in ZNC 1.8.0:
Authenticated users can trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. CVE-2020-13775
# 2020-05-20 Version 2.1.1
Important notes:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
* Enforce synchronous legacy RDP encryption count (#6156)
* Fixed some leaks and crashes missed in 2.1.0
* Removed dynamic channel listener limits
* Lots of resource cleanup fixes (clang sanitizers)
* A couple of performance improvements
* Various small annoyances eliminated (typos, prefilled username for windows client, ...)