diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-02-01 22:27:31 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-02-02 13:30:30 +0100 |
commit | 7453cf8b304eae3ce386c64fe1739e21b2559edb (patch) | |
tree | 1296e6548aadd9c18bf1d6d17065b49580c57130 /ChangeLog.rss | |
parent | 139b76eee421713ee3f6c9054c40d326bacb20a6 (diff) | |
download | current-7453cf8b304eae3ce386c64fe1739e21b2559edb.tar.gz current-7453cf8b304eae3ce386c64fe1739e21b2559edb.tar.xz |
Wed Feb 1 22:27:31 UTC 202320230201222731_15.0
patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer. (CVE-2022-24963)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-24963
https://www.cve.org/CVERecord?id=CVE-2021-35940
https://www.cve.org/CVERecord?id=CVE-2017-12613
(* Security fix *)
patches/packages/apr-util-1.6.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer. (CVE-2022-25147)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-25147
(* Security fix *)
patches/packages/mozilla-thunderbird-102.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/
https://www.cve.org/CVERecord?id=CVE-2023-0430
(* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 2f6e66739..308613206 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,48 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Thu, 26 Jan 2023 00:34:41 GMT</pubDate> - <lastBuildDate>Thu, 26 Jan 2023 12:30:16 GMT</lastBuildDate> + <pubDate>Wed, 1 Feb 2023 22:27:31 GMT</pubDate> + <lastBuildDate>Thu, 2 Feb 2023 12:30:17 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Wed, 1 Feb 2023 22:27:31 GMT</title> + <pubDate>Wed, 1 Feb 2023 22:27:31 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20230201222731</link> + <guid isPermaLink="false">20230201222731</guid> + <description> + <![CDATA[<pre> +patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Integer Overflow or Wraparound vulnerability in apr_encode functions of + Apache Portable Runtime (APR) allows an attacker to write beyond bounds + of a buffer. (CVE-2022-24963) + Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. + (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and + later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940) + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-24963 + https://www.cve.org/CVERecord?id=CVE-2021-35940 + https://www.cve.org/CVERecord?id=CVE-2017-12613 + (* Security fix *) +patches/packages/apr-util-1.6.3-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + Integer Overflow or Wraparound vulnerability in apr_base64 functions + of Apache Portable Runtime Utility (APR-util) allows an attacker to + write beyond bounds of a buffer. (CVE-2022-25147) + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-25147 + (* Security fix *) +patches/packages/mozilla-thunderbird-102.7.1-x86_64-1_slack15.0.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ + https://www.cve.org/CVERecord?id=CVE-2023-0430 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Thu, 26 Jan 2023 00:34:41 GMT</title> <pubDate>Thu, 26 Jan 2023 00:34:41 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20230126003441</link> |