diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-03-24 19:42:46 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-03-25 13:30:35 +0100 |
commit | 694953a02401ef2e4b4ee493a3ad3a1cc50e32bb (patch) | |
tree | a421ea19056d5286278c14af4f50e81e6873f3c6 /patches/packages | |
parent | 8ea2d785646a6912efbd3bdce75cbff0adafe60b (diff) | |
download | current-694953a02401ef2e4b4ee493a3ad3a1cc50e32bb.tar.gz current-694953a02401ef2e4b4ee493a3ad3a1cc50e32bb.tar.xz |
Fri Mar 24 19:42:46 UTC 202320230324194246_15.0
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
Diffstat (limited to 'patches/packages')
-rw-r--r-- | patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt (renamed from patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt) | 0 | ||||
-rw-r--r-- | patches/packages/tar-1.34-x86_64-2_slack15.0.txt | 11 |
2 files changed, 11 insertions, 0 deletions
diff --git a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt index c6e7a698e..c6e7a698e 100644 --- a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt +++ b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt diff --git a/patches/packages/tar-1.34-x86_64-2_slack15.0.txt b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt new file mode 100644 index 000000000..a2ff0aa53 --- /dev/null +++ b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt @@ -0,0 +1,11 @@ +tar: tar (archiving utility) +tar: +tar: This is the GNU version of tar, an archiving program designed to store +tar: and extract files from an archive file known as a tarfile. A tarfile +tar: may be made on a tape drive, however, it is also common to write a +tar: tarfile to a normal file. +tar: +tar: Slackware's package system uses tarfiles compressed with bzip2, gzip, +tar: lzip, or xz. +tar: +tar: |