diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-02-15 19:48:10 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-02-16 13:30:35 +0100 |
commit | 9b5b70af5be71074990c96cde8c7b0ac38318721 (patch) | |
tree | 2021f08dec1ef919c38406d49477958c15112680 /extra | |
parent | ad9ea8bf781935db257f79f0efd1e0744c8e02c2 (diff) | |
download | current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.gz current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.xz |
Wed Feb 15 19:48:10 UTC 202320230215194810_15.0
patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP multi-header compression denial of service.
HSTS amnesia with --parallel.
HSTS ignored on multiple requests.
For more information, see:
https://curl.se/docs/CVE-2023-23916.html
https://curl.se/docs/CVE-2023-23915.html
https://curl.se/docs/CVE-2023-23914.html
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
(* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22490
https://www.cve.org/CVERecord?id=CVE-2023-23946
(* Security fix *)
Diffstat (limited to 'extra')
-rwxr-xr-x | extra/source/php80/fetch-php.sh | 4 | ||||
-rwxr-xr-x | extra/source/php81/fetch-php.sh | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/extra/source/php80/fetch-php.sh b/extra/source/php80/fetch-php.sh index 180ebf3dd..5e16b0399 100755 --- a/extra/source/php80/fetch-php.sh +++ b/extra/source/php80/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-8.0.27.tar.xz.asc -lftpget http://us.php.net/distributions/php-8.0.27.tar.xz +lftpget http://us.php.net/distributions/php-8.0.28.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.0.28.tar.xz diff --git a/extra/source/php81/fetch-php.sh b/extra/source/php81/fetch-php.sh index 85ab582c3..7c534a3c4 100755 --- a/extra/source/php81/fetch-php.sh +++ b/extra/source/php81/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-8.1.14.tar.xz.asc -lftpget http://us.php.net/distributions/php-8.1.14.tar.xz +lftpget http://us.php.net/distributions/php-8.1.16.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.1.16.tar.xz |