current - Tracking development of slackware-current

	Commit message (Collapse)	Author	Age	Files	Lines
*	Thu Aug 18 23:19:52 UTC 202220220818231952_15.0	Patrick J Volkerding	2022-08-19	4	-24/+40
\| \| \| \| \|	patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
*	Wed Aug 17 20:41:53 UTC 202220220817204153_15.0	Patrick J Volkerding	2022-08-18	11	-37/+218
\| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
*	Tue Aug 16 18:51:34 UTC 202220220816185134_15.0	Patrick J Volkerding	2022-08-17	4	-21/+53
\| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 (* Security fix *)
*	Mon Aug 15 20:23:47 UTC 202220220815202347_15.0	Patrick J Volkerding	2022-08-16	6	-33/+226
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 (* Security fix *)
*	Sat Aug 13 19:12:40 UTC 202220220813191240_15.0	Patrick J Volkerding	2022-08-14	4	-24/+40
\| \| \| \| \|	patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
*	Tue Aug 9 19:25:22 UTC 202220220809192522_15.0	Patrick J Volkerding	2022-08-10	6	-27/+103
\| \| \| \| \| \| \| \|	patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix update. Applied an upstream patch to restore the handling of CRC inputs to be the same as in previous releases of zlib. This fixes an issue with OpenJDK. Thanks to alienBOB.
*	Fri Jul 29 19:59:03 UTC 202220220729195903_15.0	Patrick J Volkerding	2022-07-30	6	-44/+274
\| \| \| \| \| \| \| \| \|	patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 (* Security fix *)
*	Thu Jul 28 23:48:36 UTC 202220220728234836_15.0	Patrick J Volkerding	2022-07-29	4	-22/+46
\| \| \| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12 (* Security fix *)
*	Wed Jul 27 19:17:38 UTC 202220220727191738_15.0	Patrick J Volkerding	2022-07-28	5	-25/+81
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 (* Security fix *)
*	Mon Jul 25 20:53:49 UTC 202220220725205349_15.0	Patrick J Volkerding	2022-07-26	11	-107/+826
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/ (* Security fix *) patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release. Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14. Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and possibly other programs) might have trouble linking with it since it's not in the LD_LIBRARY_PATH. Thanks to oneforall.
*	Thu Jul 21 18:13:18 UTC 202220220721181318_15.0	Patrick J Volkerding	2022-07-22	17	-66/+1106
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810 (* Security fix *)
*	Wed Jul 13 19:56:59 UTC 202220220713195659_15.0	Patrick J Volkerding	2022-07-14	34	-223/+2460
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
*	Mon Jul 11 19:22:52 UTC 202220220711192252_15.0	Patrick J Volkerding	2022-07-12	4	-21/+43
\| \| \| \| \| \| \| \|	patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.13 (* Security fix *)
*	Sun Jul 10 18:49:34 UTC 202220220710184934_15.0	Patrick J Volkerding	2022-07-11	7	-43/+245
\| \| \| \| \| \| \| \| \|	patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded. WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially crafted DSD file causes an out-of-bounds read exception. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269 (* Security fix *)
*	Thu Jul 7 23:03:01 UTC 202220220707230301_15.0	Patrick J Volkerding	2022-07-08	7	-52/+266
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded. g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903 (* Security fix ) extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627 ( Security fix *)
*	Tue Jul 5 20:17:00 UTC 202220220705201700_15.0	Patrick J Volkerding	2022-07-06	5	-25/+57
\| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Heap memory corruption with RSA private key operation. AES OCB fails to encrypt some bytes. For more information, see: https://www.openssl.org/news/secadv/20220705.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097 (* Security fix *) patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
*	Fri Jul 1 01:23:50 UTC 202220220701012350_15.0	Patrick J Volkerding	2022-07-01	5	-28/+75
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *)
*	Tue Jun 28 19:16:08 UTC 202220220628191608_15.0	Patrick J Volkerding	2022-06-29	6	-34/+109
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix ) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 ( Security fix *)
*	Thu Jun 23 05:30:51 UTC 202220220623053051_15.0	Patrick J Volkerding	2022-06-24	7	-188/+1212
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
*	Mon Jun 13 21:02:58 UTC 202220220613210258_15.0	Patrick J Volkerding	2022-06-14	7	-52/+112
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix ) extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix ) extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix *)
*	Wed Jun 8 19:15:34 UTC 202220220608191534_15.0	Patrick J Volkerding	2022-06-09	4	-22/+76
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. Information Disclosure in mod_lua with websockets. mod_sed denial of service. Denial of service in mod_lua r:parsebody. Read beyond bounds in ap_strcmp_match(). Read beyond bounds via ap_rwrite(). Read beyond bounds in mod_isapi. mod_proxy_ajp: Possible request smuggling. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.54 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 (* Security fix *)
*	Sat Jun 4 18:43:17 UTC 202220220604184317_15.0	Patrick J Volkerding	2022-06-05	4	-24/+46
\| \| \| \| \| \| \| \|	patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://www.pidgin.im/posts/2022-06-2.14.10-released/ (* Security fix *)
*	Thu Jun 2 19:42:06 UTC 202220220602194206_15.0	Patrick J Volkerding	2022-06-03	4	-22/+64
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)
*	Wed Jun 1 00:49:45 UTC 202220220601004945_15.0	Patrick J Volkerding	2022-06-01	4	-22/+62
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-21/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)
*	Thu May 26 18:27:32 UTC 202220220526182732_15.0	Patrick J Volkerding	2022-05-27	9	-47/+353
\| \| \| \| \| \| \| \|	patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691 (* Security fix *)
*	Sat May 21 19:30:02 UTC 202220220521193002_15.0	Patrick J Volkerding	2022-05-22	5	-23/+89
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458 (* Security fix *)
*	Sat May 21 01:35:40 UTC 202220220521013540_15.0	Patrick J Volkerding	2022-05-21	5	-28/+72
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix ) patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 ( Security fix *)
*	Thu May 19 23:07:59 UTC 202220220519230759_15.0	Patrick J Volkerding	2022-05-20	4	-42/+70
\| \| \| \| \| \| \| \| \| \| \|	patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183 (* Security fix *)
*	Wed May 11 19:01:59 UTC 202220220511190159_15.0	Patrick J Volkerding	2022-05-12	4	-22/+78
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778 (* Security fix *)
*	Mon May 9 21:33:25 UTC 202220220509213325_15.0	Patrick J Volkerding	2022-05-10	22	-37/+825
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/linux-5.15.38/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.27: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494 Fixed in 5.15.28: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042 Fixed in 5.15.29: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854 Fixed in 5.15.32: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356 Fixed in 5.15.33: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516 Fixed in 5.15.34: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582 Fixed in 5.15.35: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205 Fixed in 5.15.37: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222 ( Security fix *)
*	Wed May 4 21:24:57 UTC 202220220504212457_15.0	Patrick J Volkerding	2022-05-05	7	-36/+82
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/ (* Security fix ) patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292 ( Security fix ) patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.12 ( Security fix *)
*	Mon May 2 20:02:49 UTC 202220220502200249_15.0	Patrick J Volkerding	2022-05-03	16	-72/+990
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html
*	Sat Apr 30 21:18:47 UTC 202220220430211847_15.0	Patrick J Volkerding	2022-05-01	9	-48/+385
\| \| \| \| \| \| \| \| \| \|	patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491 (* Security fix *)
*	Wed Apr 27 21:43:51 UTC 202220220427214351_15.0	Patrick J Volkerding	2022-04-28	7	-35/+277
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection re-use. Credential leak on redirect. Bad local IPv6 connection reuse. Auth/cookie leak on redirect. For more information, see: https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776 (* Security fix *)
*	Mon Apr 25 20:55:17 UTC 202220220425205517_15.0	Patrick J Volkerding	2022-04-26	7	-35/+249
\| \| \| \| \| \| \| \|	patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded. This update is a security and maintenance release. For more information, see: https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog (* Security fix *)
*	Thu Apr 21 19:11:10 UTC 202220220421191110_15.0	Patrick J Volkerding	2022-04-22	4	-22/+42
\| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.8.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/
*	Thu Apr 14 21:14:21 UTC 202220220414211421_15.0	Patrick J Volkerding	2022-04-15	14	-79/+873
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue where a Git worktree created by another user might be able to execute arbitrary code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 (* Security fix ) patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 ( Security fix ) patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt. This update fixes a security issue: xzgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 ( Security fix *)
*	Wed Apr 13 20:51:01 UTC 202220220413205101_15.0	Patrick J Volkerding	2022-04-14	6	-31/+242
\| \| \| \| \| \| \| \| \| \| \|	patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Double free in Regexp compilation. Buffer overrun in String-to-Float conversion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739 (* Security fix *)
*	Tue Apr 12 21:56:14 UTC 202220220412215614_15.0	Patrick J Volkerding	2022-04-13	4	-23/+42
\| \| \| \| \| \|	patches/packages/whois-5.5.13-x86_64-1_slack15.0.txz: Upgraded. This update adds the .sd TLD server, updates the list of new gTLDs, and adds a Turkish translation.
*	Fri Apr 8 20:03:36 UTC 202220220408200336_15.0	Patrick J Volkerding	2022-04-09	7	-39/+231
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix and security release. Security fixes: 7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in read_children(). RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0). Fix heap use after free in archive_read_format_rar_read_data(). Fix null dereference in read_data_compressed(). Fix heap user after free in run_filters(). (* Security fix *)
*	Wed Apr 6 20:23:46 UTC 202220220406202346_15.0	Patrick J Volkerding	2022-04-07	4	-22/+64
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-thunderbird-91.8.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
*	Tue Apr 5 19:16:30 UTC 202220220405191630_15.0	Patrick J Volkerding	2022-04-06	4	-22/+60
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-firefox-91.8.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *)
*	Sun Apr 3 19:57:16 UTC 202220220403195716_15.0	Patrick J Volkerding	2022-04-04	5	-332/+450
\| \| \| \| \| \|	patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
*	Wed Mar 30 22:37:05 UTC 202220220330223705_15.0	Patrick J Volkerding	2022-03-31	13	-64/+941
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/vim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded. Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646. This vulnerability is capable of crashing software, bypassing protection mechanisms, modifying memory, and possibly execution of arbitrary code. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded.
*	Mon Mar 28 19:33:46 UTC 202220220328193346_15.0	Patrick J Volkerding	2022-03-29	10	-56/+380
\| \| \| \| \| \| \| \| \| \| \|	patches/packages/whois-5.5.12-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. Thanks to Nobby6. patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Thanks to marav. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 (* Security fix *)
*	Fri Mar 25 19:18:41 UTC 202220220325191841_15.0	Patrick J Volkerding	2022-03-26	4	-25/+47
\| \| \| \| \| \| \| \|	patches/packages/seamonkey-2.53.11.1-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.11.1 (* Security fix *)
*	Thu Mar 24 20:59:09 UTC 202220220324205909_15.0	Patrick J Volkerding	2022-03-25	4	-24/+50
\| \| \| \| \| \| \| \| \| \|	patches/packages/python3-3.9.12-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://pythoninsider.blogspot.com/2022/03/python-3104-and-3912-are-now-available.html usb-and-pxe-installers/usbimg2disk.sh: Upgraded. Calculate the space requirement by checking the size of the packages in the Slackware directory tree.
*	Mon Mar 21 20:24:16 UTC 202220220321202416_15.0	Patrick J Volkerding	2022-03-22	6	-42/+124
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz: Upgraded. Sorry folks, I had not meant to bump BIND to the newer branch. I've moved the other packages into /testing. Thanks to Nobby6 for pointing this out. This update fixes bugs and the following security issues: A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer() to be called recursively, which in turn left TCP connections hanging in the CLOSE_WAIT state blocking indefinitely when out-of-order processing was disabled. The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220 (* Security fix *) testing/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Moved.
*	Sat Mar 19 20:28:16 UTC 202220220319202816_15.0	Patrick J Volkerding	2022-03-20	18	-482/+3592
\| \| \| \| \|	patches/packages/glibc-zoneinfo-2022a-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
*	Fri Mar 18 20:16:12 UTC 202220220318201612_15.0	Patrick J Volkerding	2022-03-19	14	-69/+504
\| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/python3-3.9.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: libexpat upgraded from 2.4.1 to 2.4.7 bundled pip upgraded from 21.2.4 to 22.0.4 authorization bypass fixed in urllib.request REDoS avoided in importlib.metadata For more information, see: https://pythoninsider.blogspot.com/2022/03/python-3103-3911-3813-and-3713-are-now.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363 (* Security fix *)