summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fri Dec 2 20:58:24 UTC 202220221202205824_15.0 Patrick J Volkerding2022-12-0317-109/+1074
| | | | | | | | | | | | patches/packages/krusader-2.8.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/mozilla-thunderbird-102.5.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.5.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/ https://www.cve.org/CVERecord?id=CVE-2022-45414 (* Security fix *)
* Tue Nov 29 20:56:03 UTC 202220221129205603_15.0 Patrick J Volkerding2022-11-3034-92/+292
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/kernel-firmware-20221123_cdf9499-noarch-1.txz: Upgraded. patches/packages/linux-5.15.80/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.63: https://www.cve.org/CVERecord?id=CVE-2022-3629 https://www.cve.org/CVERecord?id=CVE-2022-3635 https://www.cve.org/CVERecord?id=CVE-2022-3633 https://www.cve.org/CVERecord?id=CVE-2022-3625 Fixed in 5.15.64: https://www.cve.org/CVERecord?id=CVE-2022-39190 https://www.cve.org/CVERecord?id=CVE-2022-3028 https://www.cve.org/CVERecord?id=CVE-2022-2905 Fixed in 5.15.65: https://www.cve.org/CVERecord?id=CVE-2022-42703 https://www.cve.org/CVERecord?id=CVE-2022-3176 Fixed in 5.15.66: https://www.cve.org/CVERecord?id=CVE-2022-4095 https://www.cve.org/CVERecord?id=CVE-2022-20421 Fixed in 5.15.68: https://www.cve.org/CVERecord?id=CVE-2022-3303 https://www.cve.org/CVERecord?id=CVE-2022-2663 https://www.cve.org/CVERecord?id=CVE-2022-40307 https://www.cve.org/CVERecord?id=CVE-2022-3586 Fixed in 5.15.70: https://www.cve.org/CVERecord?id=CVE-2022-0171 https://www.cve.org/CVERecord?id=CVE-2022-39842 https://www.cve.org/CVERecord?id=CVE-2022-3061 Fixed in 5.15.72: https://www.cve.org/CVERecord?id=CVE-2022-2308 Fixed in 5.15.73: https://www.cve.org/CVERecord?id=CVE-2022-2978 https://www.cve.org/CVERecord?id=CVE-2022-43750 Fixed in 5.15.74: https://www.cve.org/CVERecord?id=CVE-2022-40768 https://www.cve.org/CVERecord?id=CVE-2022-42721 https://www.cve.org/CVERecord?id=CVE-2022-3621 https://www.cve.org/CVERecord?id=CVE-2022-42722 https://www.cve.org/CVERecord?id=CVE-2022-42719 https://www.cve.org/CVERecord?id=CVE-2022-41674 https://www.cve.org/CVERecord?id=CVE-2022-3649 https://www.cve.org/CVERecord?id=CVE-2022-3646 https://www.cve.org/CVERecord?id=CVE-2022-42720 Fixed in 5.15.75: https://www.cve.org/CVERecord?id=CVE-2022-43945 https://www.cve.org/CVERecord?id=CVE-2022-41849 https://www.cve.org/CVERecord?id=CVE-2022-3535 https://www.cve.org/CVERecord?id=CVE-2022-3594 https://www.cve.org/CVERecord?id=CVE-2022-2602 https://www.cve.org/CVERecord?id=CVE-2022-41850 https://www.cve.org/CVERecord?id=CVE-2022-3565 https://www.cve.org/CVERecord?id=CVE-2022-3542 Fixed in 5.15.77: https://www.cve.org/CVERecord?id=CVE-2022-3524 Fixed in 5.15.78: https://www.cve.org/CVERecord?id=CVE-2022-3628 https://www.cve.org/CVERecord?id=CVE-2022-3623 https://www.cve.org/CVERecord?id=CVE-2022-42896 https://www.cve.org/CVERecord?id=CVE-2022-42895 https://www.cve.org/CVERecord?id=CVE-2022-3543 https://www.cve.org/CVERecord?id=CVE-2022-3564 https://www.cve.org/CVERecord?id=CVE-2022-3619 Fixed in 5.15.80: https://www.cve.org/CVERecord?id=CVE-2022-3521 https://www.cve.org/CVERecord?id=CVE-2022-3169 (* Security fix *) patches/packages/openssl-1.1.1s-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/openssl-solibs-1.1.1s-x86_64-1_slack15.0.txz: Upgraded.
* Thu Nov 24 20:55:37 UTC 202220221124205537_15.0 Patrick J Volkerding2022-11-254-21/+45
| | | | | | | | | patches/packages/ruby-3.0.5-x86_64-1_slack15.0.txz: Upgraded. This release includes a security fix: HTTP response splitting in CGI. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-33621 (* Security fix *)
* Thu Nov 17 20:02:33 UTC 202220221117200233_15.0 Patrick J Volkerding2022-11-185-23/+57
| | | | | | | | | | | | | | patches/packages/freerdp-2.9.0-x86_64-1_slack15.0.txz: Upgraded. Fixed multiple client side input validation issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-39316 https://www.cve.org/CVERecord?id=CVE-2022-39317 https://www.cve.org/CVERecord?id=CVE-2022-39318 https://www.cve.org/CVERecord?id=CVE-2022-39319 https://www.cve.org/CVERecord?id=CVE-2022-39320 https://www.cve.org/CVERecord?id=CVE-2022-41877 https://www.cve.org/CVERecord?id=CVE-2022-39347 (* Security fix *)
* Thu Nov 17 01:49:28 UTC 202220221117014928_15.0 Patrick J Volkerding2022-11-1725-102/+962
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed integer overflows in PAC parsing. Fixed memory leak in OTP kdcpreauth module. Fixed PKCS11 module path search. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-42898 (* Security fix *) patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 (* Security fix *) patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 (* Security fix *) patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded. Fixed a security issue where Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. For more information, see: https://www.samba.org/samba/security/CVE-2022-42898.html https://www.cve.org/CVERecord?id=CVE-2022-42898 (* Security fix *) patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded. This update fixes regressions in the previous security fix: mime-settings: Properly quote command parameters. Revert "Escape characters which do not belong into an URI/URL (Issue #390)."
* Thu Nov 10 19:47:59 UTC 202220221110194759_15.0 Patrick J Volkerding2022-11-115-25/+53
| | | | | | | | | | | patches/packages/php-7.4.33-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 (* Security fix *)
* Wed Nov 9 22:16:30 UTC 202220221109221630_15.0 Patrick J Volkerding2022-11-1015-73/+593
| | | | | | | | | | | | | | | | | | patches/packages/sysstat-12.7.1-x86_64-1_slack15.0.txz: Upgraded. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-39377 (* Security fix *) patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txz: Upgraded. Fixed an argument injection vulnerability in xfce4-mime-helper. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45062 (* Security fix *)
* Tue Nov 8 22:21:43 UTC 202220221108222143_15.0 Patrick J Volkerding2022-11-096-32/+56
| | | | | | | | | patches/packages/glibc-zoneinfo-2022f-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://mariadb.com/kb/en/mariadb-10-5-18-release-notes
* Sat Nov 5 19:18:19 UTC 202220221105191819_15.0 Patrick J Volkerding2022-11-069-37/+270
| | | | | | | | | | | patches/packages/sudo-1.9.12p1-x86_64-1_slack15.0.txz: Upgraded. Fixed a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-43995 (* Security fix *)
* Fri Nov 4 19:29:28 UTC 202220221104192928_15.0 Patrick J Volkerding2022-11-0514-61/+2183
| | | | | | | patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.4.2/releasenotes/
* Mon Oct 31 23:31:36 UTC 202220221031233136_15.0 Patrick J Volkerding2022-11-018-57/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 (* Security fix *) extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 (* Security fix *) patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/ patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded. A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-3705 (* Security fix *) patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded.
* Thu Oct 27 02:30:15 UTC 202220221027023015_15.0 Patrick J Volkerding2022-10-284-22/+66
| | | | | | | | | | | | | | | | | | | patches/packages/curl-7.86.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via IDN. HTTP proxy double-free. .netrc parser out-of-bounds access. POST following PUT confusion. For more information, see: https://curl.se/docs/CVE-2022-42916.html https://curl.se/docs/CVE-2022-42915.html https://curl.se/docs/CVE-2022-35260.html https://curl.se/docs/CVE-2022-32221.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42916 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42915 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35260 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221 (* Security fix *)
* Tue Oct 25 18:38:58 UTC 202220221025183858_15.0 Patrick J Volkerding2022-10-266-31/+77
| | | | | | | | | | | | | | | | | | | | patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 (* Security fix *) patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issue: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). For more information, see: https://www.samba.org/samba/security/CVE-2022-3437.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 (* Security fix *)
* Fri Oct 21 18:19:00 UTC 202220221021181900_15.0 Patrick J Volkerding2022-10-224-21/+43
| | | | | | | | patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. Notably, this addresses some regressions caused by the file-list validation fix in rsync-3.2.5. Thanks to llgar.
* Thu Oct 20 18:39:03 UTC 202220221020183903_15.0 Patrick J Volkerding2022-10-215-34/+67
| | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-102.4.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.4.0/releasenotes/ patches/packages/whois-5.5.14-x86_64-1_slack15.0.txz: Upgraded. This update adds the .bf and .sd TLD servers, removes the .gu TLD server, updates the .dm, .fj, .mt and .pk TLD servers, updates the charset for whois.nic.tr, updates the list of new gTLDs, removes whois.nic.fr from the list of RIPE-like servers (because it is not one anymore), renames whois.arnes.si to whois.register.si in the list of RIPE-like servers, and adds the hiding string for whois.auda.org.au.
* Wed Oct 19 20:06:33 UTC 202220221019200633_15.0 Patrick J Volkerding2022-10-205-25/+45
| | | | | | | patches/packages/samba-4.15.10-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.10.html
* Tue Oct 18 20:29:54 UTC 202220221018202954_15.0 Patrick J Volkerding2022-10-195-30/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/git-2.35.5-x86_64-1_slack15.0.txz: Upgraded. This release fixes two security issues: * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260 (* Security fix *) patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.4.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-45/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932 (* Security fix *)
* Mon Oct 17 19:31:45 UTC 202220221017193145_15.0 Patrick J Volkerding2022-10-1817-60/+360
| | | | | | | | | | | | | | | | | | | | | | | patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. xquartz: Fix a possible crash when editing the Application menu due to mutating immutable arrays. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 (* Security fix *)
* Mon Oct 17 00:42:43 UTC 202220221017004243_15.0 Patrick J Volkerding2022-10-174-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022e-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Sat Oct 15 20:28:34 UTC 202220221015202834_15.0 Patrick J Volkerding2022-10-166-80/+48
| | | | | | | | patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug when getting a gzip header extra field with inflateGetHeader(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 (* Security fix *)
* Fri Oct 14 01:39:37 UTC 202220221014013937_15.0 Patrick J Volkerding2022-10-145-29/+71
| | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-102.3.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.3/releasenotes/ patches/packages/python3-3.9.15-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap use-after-free vulnerability in function doContent. gh-97616: a fix for a possible buffer overflow in list *= int. gh-97612: a fix for possible shell injection in the example script get-remote-certificate.py. gh-96577: a fix for a potential buffer overrun in msilib. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix *)
* Sat Oct 8 19:23:31 UTC 202220221008192331_15.0 Patrick J Volkerding2022-10-097-35/+224
| | | | | | | | | patches/packages/libksba-1.6.2-x86_64-1_slack15.0.txz: Upgraded. Detect a possible overflow directly in the TLV parser. This patch detects possible integer overflows immmediately when creating the TI object. Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929 (* Security fix *)
* Fri Oct 7 20:32:18 UTC 202220221007203218_15.0 Patrick J Volkerding2022-10-084-22/+42
| | | | | | | patches/packages/mozilla-thunderbird-102.3.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.2/releasenotes/
* Wed Oct 5 18:55:36 UTC 202220221005185536_15.0 Patrick J Volkerding2022-10-0611-56/+409
| | | | | | | | | | | | | | patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz: Upgraded. This update fixes two security issues: Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting these issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929 (* Security fix *)
* Sat Oct 1 18:38:27 UTC 202220221001183827_15.0 Patrick J Volkerding2022-10-024-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022d-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Fri Sep 30 17:52:21 UTC 202220220930175221_15.0 Patrick J Volkerding2022-10-0111-73/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 (* Security fix *) extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 (* Security fix *) patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236 (* Security fix *) patches/packages/php-7.4.32-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 (* Security fix *) patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.14 (* Security fix *) patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free and stack-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324 (* Security fix *) patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded.
* Wed Sep 28 18:59:51 UTC 202220220928185951_15.0 Patrick J Volkerding2022-09-2910-65/+737
| | | | | | | | | | | | | patches/packages/xorg-server-xwayland-21.1.4-x86_64-2_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. I hadn't realized that the xorg-server patches were needed (or applied cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *)
* Mon Sep 26 19:43:54 UTC 202220220926194354_15.0 Patrick J Volkerding2022-09-2715-74/+407
| | | | | | | | | | | | | | | | | | | | | | patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz: Upgraded. Fix write-after-free error in DHCPv6 server code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 (* Security fix *) patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21 pointed out an issue where the defaults.vim file might need to be edited for some purposes as its contents will override the settings in the system-wide vimrc. Usually this file is replaced whenever vim is upgraded, which in those situations would be inconvenient for the admin. So, I've added support for a file named defaults.vim.custom which (if it exists) will be used instead of the defaults.vim file shipped in the package and will persist through upgrades. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296 (* Security fix *) patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.
* Fri Sep 23 23:51:02 UTC 202220220923235102_15.0 Patrick J Volkerding2022-09-245-24/+50
| | | | | | | | | | patches/packages/vim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256 (* Security fix *) patches/packages/vim-gvim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 22 19:50:20 UTC 202220220922195020_15.0 Patrick J Volkerding2022-09-235-185/+620
| | | | | | patches/packages/ca-certificates-20220922-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Wed Sep 21 19:19:07 UTC 202220220921191907_15.0 Patrick J Volkerding2022-09-229-40/+203
| | | | | | | | | | | | patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed crash when using the CUPS web setup interface: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing it (Issue #409). Thanks to MisterL, bryjen, and kjhambrick. Fixed an OpenSSL certificate loading issue: [PATCH] The OpenSSL code path wasn't loading the full certificate chain (Issue #465). Thanks to tmmukunn.
* Tue Sep 20 22:50:28 UTC 202220220920225028_15.0 Patrick J Volkerding2022-09-2128-147/+62460
| | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix *) patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-41/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962 (* Security fix *) patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/
* Sun Sep 18 19:02:14 UTC 202220220918190214_15.0 Patrick J Volkerding2022-09-195-24/+50
| | | | | | | | | | patches/packages/vim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded. Fixed heap-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234 (* Security fix *) patches/packages/vim-gvim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded.
* Sat Sep 10 01:51:43 UTC 202220220910015143_15.0 Patrick J Volkerding2022-09-116-41/+56
| | | | | | | | | | patches/packages/vim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded. Fixed null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153 (* Security fix *) patches/packages/vim-gvim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 8 01:33:19 UTC 202220220908013319_15.0 Patrick J Volkerding2022-09-085-23/+86
| | | | | | | patches/packages/mozilla-thunderbird-102.2.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
* Tue Sep 6 20:21:24 UTC 202220220906202124_15.0 Patrick J Volkerding2022-09-0715-82/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1. patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *) patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. Some accounts may need to be reconfigured after moving from Thunderbird 91.13.0 to Thunderbird 102.2.1. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059 (* Security fix *) patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 (* Security fix *) patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 1 20:01:13 UTC 202220220901200113_15.0 Patrick J Volkerding2022-09-029-49/+312
| | | | | | | | patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt. [PATCH] JBIG2Stream: Fix crash on broken file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860 (* Security fix *)
* Tue Aug 30 19:39:30 UTC 202220220830193930_15.0 Patrick J Volkerding2022-08-3110-48/+130
| | | | | | | | | | | | | | | | | | | | | | | | | extra/sendmail/sendmail-8.17.1-x86_64-4_slack15.0.txz: Rebuilt. Patched sendmail.h to fix SASL auth. Thanks to af7567. Build without -DUSE_EAI (which is evidently considered experimental) since the option breaks the vacation binary. Thanks to bitfuzzy and HQuest. It is possible that this could work but requires additional options. I found this in the ChangeLog for the SUSE rpm: Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Any assistance with getting -DUSE_EAI working properly would be appreciated. extra/sendmail/sendmail-cf-8.17.1-noarch-4_slack15.0.txz: Rebuilt. patches/packages/vim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016 (* Security fix *) patches/packages/vim-gvim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded.
* Fri Aug 26 04:02:20 UTC 202220220826040220_15.0 Patrick J Volkerding2022-08-2717-448/+235
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/linux-5.15.63/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.39: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734 Fixed in 5.15.40: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943 Fixed in 5.15.41: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012 Fixed in 5.15.42: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 Fixed in 5.15.44: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789 Fixed in 5.15.45: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503 Fixed in 5.15.46: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973 Fixed in 5.15.47: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981 Fixed in 5.15.48: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123 Fixed in 5.15.53: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744 Fixed in 5.15.54: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918 Fixed in 5.15.56: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123 Fixed in 5.15.57: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901 Fixed in 5.15.58: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879 Fixed in 5.15.59: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946 Fixed in 5.15.60: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373 Fixed in 5.15.61: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 (* Security fix *) patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded. We're just going to move to vim-9 instead of continuing to backport patches to the vim-8 branch. Most users will be better served by this. Fixed use after free and null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923 (* Security fix *) patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
* Tue Aug 23 19:27:56 UTC 202220220823192756_15.0 Patrick J Volkerding2022-08-2414-84/+339
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt. In recent versions of glibc, USE_INET6 has been removed which caused sendmail to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the site.config.m4 allows the reverse lookups to work again fixing this issue. Thanks to talo. extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt. patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded. Fixed invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 (* Security fix *) patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *) patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *)
* Sat Aug 20 20:04:15 UTC 202220220820200415_15.0 Patrick J Volkerding2022-08-219-29/+295
| | | | | | | | | | patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt. Fix use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
* Thu Aug 18 23:19:52 UTC 202220220818231952_15.0 Patrick J Volkerding2022-08-194-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Wed Aug 17 20:41:53 UTC 202220220817204153_15.0 Patrick J Volkerding2022-08-1811-37/+218
| | | | | | | | | | | | patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
* Tue Aug 16 18:51:34 UTC 202220220816185134_15.0 Patrick J Volkerding2022-08-174-21/+53
| | | | | | | | | | | | | patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 (* Security fix *)
* Mon Aug 15 20:23:47 UTC 202220220815202347_15.0 Patrick J Volkerding2022-08-166-33/+226
| | | | | | | | | | | | | | | patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 (* Security fix *)
* Sat Aug 13 19:12:40 UTC 202220220813191240_15.0 Patrick J Volkerding2022-08-144-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Tue Aug 9 19:25:22 UTC 202220220809192522_15.0 Patrick J Volkerding2022-08-106-27/+103
| | | | | | | | patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix update. Applied an upstream patch to restore the handling of CRC inputs to be the same as in previous releases of zlib. This fixes an issue with OpenJDK. Thanks to alienBOB.
* Fri Jul 29 19:59:03 UTC 202220220729195903_15.0 Patrick J Volkerding2022-07-306-44/+274
| | | | | | | | | patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 (* Security fix *)
* Thu Jul 28 23:48:36 UTC 202220220728234836_15.0 Patrick J Volkerding2022-07-294-22/+46
| | | | | | | | | patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12 (* Security fix *)
* Wed Jul 27 19:17:38 UTC 202220220727191738_15.0 Patrick J Volkerding2022-07-285-25/+81
| | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 (* Security fix *)
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-05-27 22:49:03 +0000