Fri Mar 24 19:42:46 UTC 202320230324194246_15.0

patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz:  Rebuilt.
  GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
  of uninitialized memory for a conditional jump. Exploitation to change the
  flow of control has not been demonstrated. The issue occurs in from_header
  in list.c via a V7 archive in which mtime has approximately 11 whitespace
  characters.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48303
  (* Security fix *)

2 files changed, 11 insertions, 0 deletions

diff --git a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt
index c6e7a698e..c6e7a698e 100644
--- a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt
+++ b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt
diff --git a/patches/packages/tar-1.34-x86_64-2_slack15.0.txt b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt
new file mode 100644
index 000000000..a2ff0aa53
--- /dev/null
+++ b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt
@@ -0,0 +1,11 @@
+tar: tar (archiving utility)
+tar:
+tar: This is the GNU version of tar, an archiving program designed to store
+tar: and extract files from an archive file known as a tarfile. A tarfile
+tar: may be made on a tape drive, however, it is also common to write a
+tar: tarfile to a normal file.
+tar:
+tar: Slackware's package system uses tarfiles compressed with bzip2, gzip,
+tar: lzip, or xz.
+tar:
+tar: