diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index bae9e4622..39a186b4f 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,68 @@ +Fri Aug 4 20:17:36 UTC 2023 +extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity + loading in XML without enabling it). + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-3823 + (* Security fix *) +extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. + Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. +pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. + We'll hang onto this just in case. +patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ + https://www.cve.org/CVERecord?id=CVE-2023-4045 + https://www.cve.org/CVERecord?id=CVE-2023-4046 + https://www.cve.org/CVERecord?id=CVE-2023-4047 + https://www.cve.org/CVERecord?id=CVE-2023-4048 + https://www.cve.org/CVERecord?id=CVE-2023-4049 + https://www.cve.org/CVERecord?id=CVE-2023-4050 + https://www.cve.org/CVERecord?id=CVE-2023-4052 + https://www.cve.org/CVERecord?id=CVE-2023-4054 + https://www.cve.org/CVERecord?id=CVE-2023-4055 + https://www.cve.org/CVERecord?id=CVE-2023-4056 + https://www.cve.org/CVERecord?id=CVE-2023-4057 + (* Security fix *) +patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. + This is a bugfix release. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ +patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. + PLEASE NOTE: We are taking the unusual step of moving to the latest Samba + branch because Windows has made changes that break Samba 4.15.x. The last + 4.15.x will be retained in /pasture as a fallback. There may be some + required configuration changes with this, but we've kept using MIT Kerberos + to try to have the behavior change as little as possible. Upgrade carefully. + This update fixes security issues: + When winbind is used for NTLM authentication, a maliciously crafted request + can trigger an out-of-bounds read in winbind and possibly crash it. + SMB2 packet signing is not enforced if an admin configured + "server signing = required" or for SMB2 connections to Domain Controllers + where SMB2 packet signing is mandatory. + An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be + triggered by an unauthenticated attacker by issuing a malformed RPC request. + Missing type validation in Samba's mdssvc RPC service for Spotlight can be + used by an unauthenticated attacker to trigger a process crash in a shared + RPC mdssvc worker process. + As part of the Spotlight protocol Samba discloses the server-side absolute + path of shares and files and directories in search results. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-2127.html + https://www.samba.org/samba/security/CVE-2023-3347.html + https://www.samba.org/samba/security/CVE-2023-34966.html + https://www.samba.org/samba/security/CVE-2023-34967.html + https://www.samba.org/samba/security/CVE-2023-34968.html + https://www.cve.org/CVERecord?id=CVE-2022-2127 + https://www.cve.org/CVERecord?id=CVE-2023-3347 + https://www.cve.org/CVERecord?id=CVE-2023-34966 + https://www.cve.org/CVERecord?id=CVE-2023-34967 + https://www.cve.org/CVERecord?id=CVE-2023-34968 + (* Security fix *) ++--------------------------+ Tue Aug 1 19:50:53 UTC 2023 patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: |