summaryrefslogtreecommitdiffstats
path: root/FILELIST.TXT (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Tue Feb 20 21:08:27 UTC 202420240220210827_15.0 Patrick J Volkerding2024-02-211-60/+68
| | | | | | | | | patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-24806 (* Security fix *)
* Sun Feb 18 21:03:57 UTC 202420240218210357_15.0 Patrick J Volkerding2024-02-191-221/+268
| | | | | | | extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added. In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added. In case anyone needs to run binaries linked to the old compiler.
* Fri Feb 16 20:18:59 UTC 202420240216201859_15.0 Patrick J Volkerding2024-02-171-19/+19
| | | | | | patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Wed Feb 14 04:18:12 UTC 202420240214041812_15.0 Patrick J Volkerding2024-02-151-21/+21
| | | | | | | | | patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded. Add limits on the resources used to do DNSSEC validation. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50868 (* Security fix *)
* Tue Feb 13 19:19:24 UTC 202420240213191924_15.0 Patrick J Volkerding2024-02-141-34/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Query patterns that continuously triggered cache database maintenance could exhaust all available memory on the host running named. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-6516 https://www.cve.org/CVERecord?id=CVE-2023-6516 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 (* Security fix *) testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 (* Security fix *)
* Sun Feb 11 22:11:59 UTC 202420240211221159_15.0 Patrick J Volkerding2024-02-121-19/+19
| | | | | | | patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/
* Fri Feb 9 21:48:09 UTC 202420240209214809_15.0 Patrick J Volkerding2024-02-101-173/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Added checks for PDF object loops in AcroForm::scanField(), Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). The zero-width character problem can also happen if the page size is very large -- that needs to be limited too, the same way as character position coordinates. Thanks to jlinliu for the bug report. Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for the bug report. Fix a deadlock when an object stream's length field is contained in another object stream. Thanks to Jiahao Liu for the bug report. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2018-7453 https://www.cve.org/CVERecord?id=CVE-2018-16369 https://www.cve.org/CVERecord?id=CVE-2022-36561 https://www.cve.org/CVERecord?id=CVE-2022-41844 https://www.cve.org/CVERecord?id=CVE-2023-2663 https://www.cve.org/CVERecord?id=CVE-2023-2664 https://www.cve.org/CVERecord?id=CVE-2023-3044 https://www.cve.org/CVERecord?id=CVE-2023-3436 (* Security fix *)
* Thu Feb 8 22:17:18 UTC 202420240208221718_15.0 Patrick J Volkerding2024-02-091-54/+64
| | | | | | | patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded. This is a bugfix release that addresses (among other things) an "unbound variable" error if the signing server is not available. Thanks to metaed for the heads-up.
* Wed Feb 7 20:07:29 UTC 202420240207200729_15.0 Patrick J Volkerding2024-02-081-20/+20
| | | | | | | | | | | | | patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Fix quadratic runtime issues with big tokens that can cause denial of service. Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2023-52426 (* Security fix *)
* Sun Feb 4 19:37:40 UTC 202420240204193740_15.0 Patrick J Volkerding2024-02-051-19/+19
| | | | | | | | | patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded. Fix the following security issue: xmlreader: Don't expand XIncludes when backtracking. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-25062 (* Security fix *)
* Sat Feb 3 20:54:00 UTC 202420240203205400_15.0 Patrick J Volkerding2024-02-041-27/+27
| | | | | | | | patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Wed Jan 31 21:19:19 UTC 202420240131211919_15.0 Patrick J Volkerding2024-02-011-45/+45
| | | | | | | | | | | | | | | | | | extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-51765 (* Security fix *) extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Fri Jan 26 20:59:27 UTC 202420240126205927_15.0 Patrick J Volkerding2024-01-271-90/+109
| | | | | | | | | patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded. pam_namespace.so: fixed a possible local denial-of-service vulnerability. For more information, see: https://seclists.org/oss-sec/2024/q1/31 https://www.cve.org/CVERecord?id=CVE-2024-22365 (* Security fix *)
* Wed Jan 24 04:53:38 UTC 202420240124045338_15.0 Patrick J Volkerding2024-01-251-22/+22
| | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *)
* Tue Jan 23 20:08:07 UTC 202420240123200807_15.0 Patrick J Volkerding2024-01-241-22/+22
| | | | | | | | | | | | | | | | | | patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-02/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix *)
* Mon Jan 22 20:57:12 UTC 202420240122205712_15.0 Patrick J Volkerding2024-01-231-19/+19
| | | | | | | | | | | | | | | | | | | | patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded. Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline = normalize" (default "no" for Postfix < 3.9), the Postfix SMTP server requires the standard End-of-DATA sequence <CR><LF>.<CR><LF>, and otherwise allows command or message content lines ending in the non-standard <LF>, processing them as if the client sent the standard <CR><LF>. The alternative setting, "smtpd_forbid_bare_newline = reject" will reject any command or message that contains a bare <LF>, and is more likely to cause problems with legitimate clients. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix *)
* Sun Jan 21 20:50:08 UTC 202420240121205008_15.0 Patrick J Volkerding2024-01-221-80/+91
| | | | | | | | | | | | | | | | | extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-21886 (* Security fix *)
* Wed Jan 17 21:13:27 UTC 202420240117211327_15.0 Patrick J Volkerding2024-01-181-26/+26
| | | | | | | patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.18.1
* Tue Jan 16 20:49:28 UTC 202420240116204928_15.0 Patrick J Volkerding2024-01-171-160/+178
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: Fix more timing side-channel inside RSA-PSK key exchange. Fix assertion failure when verifying a certificate chain with a cycle of cross signatures. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0553 https://www.cve.org/CVERecord?id=CVE-2024-0567 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux context corruption. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 (* Security fix *)
* Wed Jan 10 20:25:54 UTC 202420240110202554_15.0 Patrick J Volkerding2024-01-111-51/+58
| | | | | patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Tue Jan 9 20:49:08 UTC 202420240109204908_15.0 Patrick J Volkerding2024-01-101-20/+20
| | | | | | | patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/
* Sat Dec 30 19:53:07 UTC 202320231230195307_15.0 Patrick J Volkerding2023-12-311-19/+19
| | | | | patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Tue Dec 26 00:20:26 UTC 202320231226002026_15.0 Patrick J Volkerding2023-12-261-2951/+2992
| | | | | | | | | | | | | | | | | | | patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.145/*: Upgraded. These updates fix various bugs and security issues. Thanks to jwoithe for the PCI fix! Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.140: https://www.cve.org/CVERecord?id=CVE-2023-46862 Fixed in 5.15.141: https://www.cve.org/CVERecord?id=CVE-2023-6121 (* Security fix *)
* Sat Dec 23 02:48:56 UTC 202320231223024856_15.0 Patrick J Volkerding2023-12-231-87/+100
| | | | | | | | | | | | | | | | | | | | | | | patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded. Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Optionally disconnect remote SMTP clients that send bare newlines, # but allow local clients with non-standard SMTP implementations # such as netcat, fax machines, or load balancer health checks. # smtpd_forbid_bare_newline = yes smtpd_forbid_bare_newline_exclusions = $mynetworks The smtpd_forbid_bare_newline feature is disabled by default. For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix *)
* Thu Dec 21 20:46:11 UTC 202320231221204611_15.0 Patrick J Volkerding2023-12-221-36/+36
| | | | | | | extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.27
* Wed Dec 20 21:10:47 UTC 202320231220211047_15.0 Patrick J Volkerding2023-12-211-94/+107
| | | | | | | | | | | | | patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: mod_sftp: implemented mitigations for "Terrapin" SSH attack. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48795 (* Security fix *) testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Tue Dec 19 21:24:05 UTC 202320231219212405_15.0 Patrick J Volkerding2023-12-201-53/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt. Fix a regression in bluez-5.71: [PATCH] adapter: Fix link key address type for old kernels. Thanks to marav. patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection using proxycommand. Potential downgrade attack using strict kex. Missing checks for return values of MD functions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6004 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.cve.org/CVERecord?id=CVE-2023-6918 (* Security fix *) patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-54/ https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6865 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6867 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix *) patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ https://www.cve.org/CVERecord?id=CVE-2023-50762 https://www.cve.org/CVERecord?id=CVE-2023-50761 https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix *)
* Sat Dec 16 20:33:34 UTC 202320231216203334_15.0 Patrick J Volkerding2023-12-171-19/+19
| | | | | patches/packages/sudo-1.9.15p4-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Thu Dec 14 20:09:31 UTC 202320231214200931_15.0 Patrick J Volkerding2023-12-151-31/+31
| | | | | | | | | | | | | | patches/packages/bluez-5.71-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: It may have been possible for an attacker within Bluetooth range to inject keystrokes (and possibly execute commands) while devices were discoverable. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-45866 (* Security fix *) patches/packages/libxml2-2.11.6-x86_64-1_slack15.0.txz: Upgraded. We're going to drop back to the 2.11 branch here on the stable releases since it has all of the relevant security fixes and better compatibility.
* Wed Dec 13 22:01:34 UTC 202320231213220134_15.0 Patrick J Volkerding2023-12-141-62/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz: Upgraded. This update addresses regressions when building against libxml2 that were due to header file refactoring. patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 (* Security fix *)
* Tue Dec 12 19:54:42 UTC 202320231212195442_15.0 Patrick J Volkerding2023-12-131-20/+20
| | | | | | | patches/packages/mozilla-thunderbird-115.5.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.2/releasenotes/
* Sun Dec 10 01:12:17 UTC 202320231210011217_15.0 Patrick J Volkerding2023-12-101-29/+29
| | | | | | | | | | | | | | | | | patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz: Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *)
* Wed Dec 6 20:29:23 UTC 202320231206202923_15.0 Patrick J Volkerding2023-12-071-49/+57
| | | | | patches/packages/rdfind-1.6.0-x86_64-1_slack15.0.txz: Upgraded. Redundant data finder utility, needed to build the kernel-firmware package.
* Thu Nov 30 21:21:55 UTC 202320231130212155_15.0 Patrick J Volkerding2023-12-011-21/+21
| | | | | | | | | | | | | | | | patches/packages/samba-4.18.9-x86_64-1_slack15.0.txz: Upgraded. This is a security release in order to address the following defect: An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Upgrading to this package will not prevent this information leak - if you are using Samba as an Active Directory Domain Controller, you will need to follow the instructions in the samba.org link given below. For more information, see: https://www.samba.org/samba/security/CVE-2018-14628.html https://www.cve.org/CVERecord?id=CVE-2018-14628 (* Security fix *)
* Tue Nov 28 22:13:48 UTC 202320231128221348_15.0 Patrick J Volkerding2023-11-291-24/+24
| | | | | | | patches/packages/mozilla-thunderbird-115.5.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.1/releasenotes/
* Fri Nov 24 20:52:02 UTC 202320231124205202_15.0 Patrick J Volkerding2023-11-251-22/+22
| | | | | | | | | | | | | | | | patches/packages/vim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded. Fixed security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48231 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://www.cve.org/CVERecord?id=CVE-2023-48237 (* Security fix *) patches/packages/vim-gvim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded.
* Wed Nov 22 19:26:09 UTC 202320231122192609_15.0 Patrick J Volkerding2023-11-231-74/+74
| | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 (* Security fix *)
* Tue Nov 21 21:15:30 UTC 202320231121211530_15.0 Patrick J Volkerding2023-11-221-294/+337
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.139/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.116: https://www.cve.org/CVERecord?id=CVE-2023-35788 https://www.cve.org/CVERecord?id=CVE-2022-45887 https://www.cve.org/CVERecord?id=CVE-2022-45886 https://www.cve.org/CVERecord?id=CVE-2023-3212 https://www.cve.org/CVERecord?id=CVE-2022-45919 Fixed in 5.15.117: https://www.cve.org/CVERecord?id=CVE-2023-2124 https://www.cve.org/CVERecord?id=CVE-2023-34255 Fixed in 5.15.118: https://www.cve.org/CVERecord?id=CVE-2023-3609 https://www.cve.org/CVERecord?id=CVE-2023-3117 https://www.cve.org/CVERecord?id=CVE-2023-3390 https://www.cve.org/CVERecord?id=CVE-2023-3338 Fixed in 5.15.119: https://www.cve.org/CVERecord?id=CVE-2023-3610 Fixed in 5.15.121: https://www.cve.org/CVERecord?id=CVE-2023-31248 https://www.cve.org/CVERecord?id=CVE-2023-38432 https://www.cve.org/CVERecord?id=CVE-2023-3866 https://www.cve.org/CVERecord?id=CVE-2023-2898 https://www.cve.org/CVERecord?id=CVE-2023-44466 https://www.cve.org/CVERecord?id=CVE-2023-4132 https://www.cve.org/CVERecord?id=CVE-2023-3611 https://www.cve.org/CVERecord?id=CVE-2022-48502 https://www.cve.org/CVERecord?id=CVE-2023-3865 https://www.cve.org/CVERecord?id=CVE-2023-35001 https://www.cve.org/CVERecord?id=CVE-2023-3776 https://www.cve.org/CVERecord?id=CVE-2023-3863 Fixed in 5.15.122: https://www.cve.org/CVERecord?id=CVE-2023-20593 Fixed in 5.15.123: https://www.cve.org/CVERecord?id=CVE-2023-3777 https://www.cve.org/CVERecord?id=CVE-2023-4004 Fixed in 5.15.124: https://www.cve.org/CVERecord?id=CVE-2023-4015 https://www.cve.org/CVERecord?id=CVE-2023-4147 https://www.cve.org/CVERecord?id=CVE-2023-1206 Fixed in 5.15.125: https://www.cve.org/CVERecord?id=CVE-2022-40982 https://www.cve.org/CVERecord?id=CVE-2023-20569 Fixed in 5.15.126: https://www.cve.org/CVERecord?id=CVE-2023-20588 https://www.cve.org/CVERecord?id=CVE-2023-4128 https://www.cve.org/CVERecord?id=CVE-2023-4208 https://www.cve.org/CVERecord?id=CVE-2023-4206 https://www.cve.org/CVERecord?id=CVE-2023-4207 https://www.cve.org/CVERecord?id=CVE-2023-40283 Fixed in 5.15.128: https://www.cve.org/CVERecord?id=CVE-2023-4569 https://www.cve.org/CVERecord?id=CVE-2023-39194 https://www.cve.org/CVERecord?id=CVE-2023-4273 https://www.cve.org/CVERecord?id=CVE-2023-3772 Fixed in 5.15.132: https://www.cve.org/CVERecord?id=CVE-2023-4921 https://www.cve.org/CVERecord?id=CVE-2023-4623 https://www.cve.org/CVERecord?id=CVE-2023-42753 https://www.cve.org/CVERecord?id=CVE-2023-42752 https://www.cve.org/CVERecord?id=CVE-2023-39189 https://www.cve.org/CVERecord?id=CVE-2023-4881 https://www.cve.org/CVERecord?id=CVE-2023-45871 https://www.cve.org/CVERecord?id=CVE-2023-39193 https://www.cve.org/CVERecord?id=CVE-2023-39192 Fixed in 5.15.133: https://www.cve.org/CVERecord?id=CVE-2023-42755 Fixed in 5.15.134: https://www.cve.org/CVERecord?id=CVE-2023-42754 https://www.cve.org/CVERecord?id=CVE-2023-4563 https://www.cve.org/CVERecord?id=CVE-2023-4244 https://www.cve.org/CVERecord?id=CVE-2023-5197 Fixed in 5.15.135: https://www.cve.org/CVERecord?id=CVE-2023-34324 https://www.cve.org/CVERecord?id=CVE-2023-31085 https://www.cve.org/CVERecord?id=CVE-2023-5158 Fixed in 5.15.136: https://www.cve.org/CVERecord?id=CVE-2023-35827 Fixed in 5.15.137: https://www.cve.org/CVERecord?id=CVE-2023-46813 https://www.cve.org/CVERecord?id=CVE-2023-5717 https://www.cve.org/CVERecord?id=CVE-2023-5178 (* Security fix *) patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. Thanks to zuriel for the taskbar icon fix on Wayland. :-) For more information, see: https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-50/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 (* Security fix *)
* Sat Nov 18 19:26:33 UTC 202320231118192633_15.0 Patrick J Volkerding2023-11-191-19/+19
| | | | | | patches/packages/ca-certificates-20231117-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Thu Nov 16 20:51:47 UTC 202320231116205147_15.0 Patrick J Volkerding2023-11-171-88/+104
| | | | | | | | | | | | | | | | | | | | | | patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release, needed by the GIMP upgrade. patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz: Upgraded. This release fixes security issues: If a user loads a malicious DDS, PSD, or PSP file, this could result in a program crash or possibly the execution of arbitrary code. Please note that this package also requires the updated gegl package. Thanks to henca for the heads-up. For more information, see: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/ https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ https://www.zerodayinitiative.com/advisories/ZDI-23-1592/ https://www.zerodayinitiative.com/advisories/ZDI-23-1593/ https://www.zerodayinitiative.com/advisories/ZDI-23-1594/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444 (* Security fix *)
* Wed Nov 15 22:01:26 UTC 202320231115220126_15.0 Patrick J Volkerding2023-11-161-20/+20
| | | | | | | patches/packages/mozilla-thunderbird-115.4.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.3/releasenotes/
* Tue Nov 14 21:22:47 UTC 202320231114212247_15.0 Patrick J Volkerding2023-11-151-19/+19
| | | | | | | | | | | | patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084 (* Security fix *)
* Mon Nov 13 19:20:40 UTC 202320231113192040_15.0 Patrick J Volkerding2023-11-141-149/+167
| | | | | | | | | | | | | | | | | | | | | extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-3550 https://www.cve.org/CVERecord?id=CVE-2022-3551 https://www.cve.org/CVERecord?id=CVE-2022-3553 https://www.cve.org/CVERecord?id=CVE-2022-4283 https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2023-0494 https://www.cve.org/CVERecord?id=CVE-2023-1393 https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *)
* Fri Nov 10 18:46:44 UTC 202320231110184644_15.0 Patrick J Volkerding2023-11-111-19/+19
| | | | | | patches/packages/whois-5.5.20-x86_64-1_slack15.0.txz: Upgraded. Added the .gn TLD server. Removed 6 new gTLDs which are no longer active.
* Wed Nov 8 22:04:25 UTC 202320231108220425_15.0 Patrick J Volkerding2023-11-091-25/+25
| | | | | | | | | | | patches/packages/mozilla-thunderbird-115.4.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/ patches/packages/sudo-1.9.15p1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release: Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers from being able to read the ldap.conf file.
* Tue Nov 7 19:57:12 UTC 202320231107195712_15.0 Patrick J Volkerding2023-11-081-19/+19
| | | | | | | | | | | | | | patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *)
* Tue Oct 31 18:49:18 UTC 202320231031184918_15.0 Patrick J Volkerding2023-11-011-20/+20
| | | | | | | extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.25
* Thu Oct 26 19:55:16 UTC 202320231026195516_15.0 Patrick J Volkerding2023-10-271-58/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. This update fixes security issues: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. Use-after-free bug in DestroyWindow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt. This update fixes a security issue: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 (* Security fix *)
* Tue Oct 24 22:26:20 UTC 202320231024222620_15.0 Patrick J Volkerding2023-10-251-38/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-46/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix *) patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.0/releasenotes/ patches/packages/vim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free security issue. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-5535 (* Security fix *) patches/packages/vim-gvim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded.
* Sun Oct 22 19:30:42 UTC 202320231022193042_15.0 Patrick J Volkerding2023-10-231-65/+75
| | | | | | | | | | | | | | patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz: Rebuilt. This update fixes security issues: A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream:: gets(char*, int), which could lead to privilege escalation or application crash. A heap-buffer-overflow was found in raw2image_ex(int), which may lead to application crash by maliciously crafted input file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-32142 https://www.cve.org/CVERecord?id=CVE-2023-1729 (* Security fix *)
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-06-30 01:23:39 +0000