diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 5f5508f6c..ebe812777 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,83 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Tue, 1 Aug 2023 19:50:53 GMT</pubDate> - <lastBuildDate>Wed, 2 Aug 2023 11:30:21 GMT</lastBuildDate> + <pubDate>Fri, 4 Aug 2023 20:17:36 GMT</pubDate> + <lastBuildDate>Sat, 5 Aug 2023 11:30:25 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Fri, 4 Aug 2023 20:17:36 GMT</title> + <pubDate>Fri, 4 Aug 2023 20:17:36 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20230804201736</link> + <guid isPermaLink="false">20230804201736</guid> + <description> + <![CDATA[<pre> +extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity + loading in XML without enabling it). + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-3823 + (* Security fix *) +extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. + Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. +pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. + We'll hang onto this just in case. +patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ + https://www.cve.org/CVERecord?id=CVE-2023-4045 + https://www.cve.org/CVERecord?id=CVE-2023-4046 + https://www.cve.org/CVERecord?id=CVE-2023-4047 + https://www.cve.org/CVERecord?id=CVE-2023-4048 + https://www.cve.org/CVERecord?id=CVE-2023-4049 + https://www.cve.org/CVERecord?id=CVE-2023-4050 + https://www.cve.org/CVERecord?id=CVE-2023-4052 + https://www.cve.org/CVERecord?id=CVE-2023-4054 + https://www.cve.org/CVERecord?id=CVE-2023-4055 + https://www.cve.org/CVERecord?id=CVE-2023-4056 + https://www.cve.org/CVERecord?id=CVE-2023-4057 + (* Security fix *) +patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. + This is a bugfix release. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ +patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. + PLEASE NOTE: We are taking the unusual step of moving to the latest Samba + branch because Windows has made changes that break Samba 4.15.x. The last + 4.15.x will be retained in /pasture as a fallback. There may be some + required configuration changes with this, but we've kept using MIT Kerberos + to try to have the behavior change as little as possible. Upgrade carefully. + This update fixes security issues: + When winbind is used for NTLM authentication, a maliciously crafted request + can trigger an out-of-bounds read in winbind and possibly crash it. + SMB2 packet signing is not enforced if an admin configured + "server signing = required" or for SMB2 connections to Domain Controllers + where SMB2 packet signing is mandatory. + An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be + triggered by an unauthenticated attacker by issuing a malformed RPC request. + Missing type validation in Samba's mdssvc RPC service for Spotlight can be + used by an unauthenticated attacker to trigger a process crash in a shared + RPC mdssvc worker process. + As part of the Spotlight protocol Samba discloses the server-side absolute + path of shares and files and directories in search results. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-2127.html + https://www.samba.org/samba/security/CVE-2023-3347.html + https://www.samba.org/samba/security/CVE-2023-34966.html + https://www.samba.org/samba/security/CVE-2023-34967.html + https://www.samba.org/samba/security/CVE-2023-34968.html + https://www.cve.org/CVERecord?id=CVE-2022-2127 + https://www.cve.org/CVERecord?id=CVE-2023-3347 + https://www.cve.org/CVERecord?id=CVE-2023-34966 + https://www.cve.org/CVERecord?id=CVE-2023-34967 + https://www.cve.org/CVERecord?id=CVE-2023-34968 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Tue, 1 Aug 2023 19:50:53 GMT</title> <pubDate>Tue, 1 Aug 2023 19:50:53 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20230801195053</link> |