| Commit message (Expand) | Author | Age | Files | Lines |
* | Tue Feb 15 20:00:48 UTC 2022...patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt.
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded.
This release fixes a security issue in chsh(1) and chfn(8):
By default, these utilities had been linked with libreadline, which allows
the INPUTRC environment variable to be abused to produce an error message
containing data from an arbitrary file. So, don't link these utilities with
libreadline as it does not use secure_getenv() (or a similar concept), or
sanitize the config file path to avoid vulnerabilities that could occur in
set-user-ID or set-group-ID programs.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
(* Security fix *)
20220215200048_15.0 | Patrick J Volkerding | 2022-02-16 | 2 | -0/+22 |
* | Mon Feb 14 00:10:38 UTC 2022...patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
(* Security fix *)
20220214001038_15.0 | Patrick J Volkerding | 2022-02-14 | 1 | -0/+11 |
* | Thu Feb 10 01:46:55 UTC 2022...patches/packages/at-3.2.3-x86_64-1_slack15.0.txz: Upgraded.
Switched to at-3.2.3 since version 3.2.4 has a regression that causes
queued jobs to not always run on time when atd is run as a standalone
daemon. Thanks to Cesare.
patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-05/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
(* Security fix *)
patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6
(* Security fix *)
20220210014655_15.0 | Patrick J Volkerding | 2022-02-10 | 3 | -0/+33 |