diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 86 |
1 files changed, 84 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index eb45f351f..9189c21d5 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,92 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Mon, 29 Jan 2024 19:17:30 GMT</pubDate> - <lastBuildDate>Mon, 29 Jan 2024 20:03:22 GMT</lastBuildDate> + <pubDate>Tue, 30 Jan 2024 22:01:28 GMT</pubDate> + <lastBuildDate>Tue, 30 Jan 2024 22:34:28 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Tue, 30 Jan 2024 22:01:28 GMT</title> + <pubDate>Tue, 30 Jan 2024 22:01:28 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20240130220128</link> + <guid isPermaLink="false">20240130220128</guid> + <description> + <![CDATA[<pre> +a/lzip-1.24-x86_64-1.txz: Upgraded. +a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded. +ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded. +ap/sqlite-3.45.1-x86_64-1.txz: Upgraded. +d/binutils-2.42-x86_64-1.txz: Upgraded. + Shared library .so-version bump. +d/cmake-3.28.2-x86_64-1.txz: Upgraded. +d/oprofile-1.4.0-x86_64-13.txz: Rebuilt. + Recompiled against binutils-2.42. +d/strace-6.7-x86_64-1.txz: Upgraded. +kde/digikam-8.2.0-x86_64-5.txz: Rebuilt. + Recompiled against libpng-1.6.42. +l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded. +l/libpng-1.6.42-x86_64-1.txz: Upgraded. + Fixed the implementation of the macro function png_check_sig(). + This was an API regression, introduced in libpng-1.6.41. + Reported by Matthieu Darbois. +l/lmdb-0.9.32-x86_64-1.txz: Upgraded. +l/neon-0.33.0-x86_64-1.txz: Upgraded. +l/opencv-4.9.0-x86_64-3.txz: Rebuilt. + Recompiled against libpng-1.6.42. +l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt. + Recompiled against libpng-1.6.42. +l/talloc-2.4.2-x86_64-1.txz: Upgraded. +l/tdb-1.4.10-x86_64-1.txz: Upgraded. +l/tevent-0.16.1-x86_64-1.txz: Upgraded. +n/openldap-2.6.7-x86_64-1.txz: Upgraded. +n/openssl-3.2.1-x86_64-1.txz: Upgraded. + This update fixes possible denial-of-service security issues: + A file in PKCS12 format can contain certificates and keys and may come from + an untrusted source. The PKCS12 specification allows certain fields to be + NULL, but OpenSSL did not correctly check for this case. A fix has been + applied to prevent a NULL pointer dereference that results in OpenSSL + crashing. If an application processes PKCS12 files from an untrusted source + using the OpenSSL APIs then that application will be vulnerable to this + issue prior to this fix. + OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass(). + When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time. + An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack. + The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the "-pubin" and "-check" options on untrusted data. + To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will + now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason. + Fix excessive time spent in DH check / generation with large Q parameter + value. + Applications that use the functions DH_generate_key() to generate an + X9.42 DH key may experience long delays. Likewise, applications that use + DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2024-0727 + https://www.cve.org/CVERecord?id=CVE-2023-6237 + https://www.cve.org/CVERecord?id=CVE-2023-5678 + (* Security fix *) +xap/MPlayer-20240130-x86_64-1.txz: Upgraded. + Fixed build script to exit on errors. + Patched to build against gettext-0.22.4. + Thanks to Matteo Bernardini. +xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt. + Recompiled against libpng-1.6.42. + </pre>]]> + </description> + </item> + <item> <title>Mon, 29 Jan 2024 19:17:30 GMT</title> <pubDate>Mon, 29 Jan 2024 19:17:30 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20240129191730</link> |