diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2024-09-26 18:28:55 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2024-09-26 21:02:37 +0200 |
commit | 70006cfdf03759f914379ec17fd0fdf0e1716aca (patch) | |
tree | d93dc7c87a80877a716af046585d5ef784e091a2 /source/n/epic5 | |
parent | 62dc7f31a97b5e6fe647e4583e92594d4837c7de (diff) | |
download | current-master.tar.gz current-master.tar.xz |
Thu Sep 26 18:28:55 UTC 2024HEAD20240926182855master
ap/ispell-3.4.06-x86_64-3.txz: Rebuilt.
Get rid of hardcoded temporary path in munchlist.
l/boost-1.86.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary paths in the cmake files.
Since these paths point to a location that an unprivileged user could
create and populate with files that could be picked up during a build,
it's possible this bug could be used for malicious purposes.
Thanks to jmacloue.
(* Security fix *)
l/fribidi-1.0.16-x86_64-1.txz: Upgraded.
n/php-8.3.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter
Injection Vulnerability).
CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
bypassable due to the environment variable collision).
FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from children may be altered).
SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form
data).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-8926
https://www.cve.org/CVERecord?id=CVE-2024-8927
https://www.cve.org/CVERecord?id=CVE-2024-9026
https://www.cve.org/CVERecord?id=CVE-2024-8925
(* Security fix *)
x/vulkan-sdk-1.3.290.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary path in volkTargets.cmake.
(* Security fix *)
Diffstat (limited to 'source/n/epic5')
0 files changed, 0 insertions, 0 deletions