| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Mon Aug 7 19:22:02 UTC 2023...extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
(* Security fix *)
patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.
Applied the last patches from Bram Moolenaar.
RIP Bram, and thanks for your great work on VIM and your kindness to the
orphan children in Uganda.
If you'd like to honor Bram with a donation to his charity, please visit:
https://iccf-holland.org/
patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.
20230807192202_15.0 |   Patrick J Volkerding | 2023-08-08 | 2 | -2/+2 |
| * | Mon Sep 26 19:43:54 UTC 2022...patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz: Upgraded.
Fix write-after-free error in DHCPv6 server code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934
(* Security fix *)
patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.
Fixed stack-based buffer overflow.
Thanks to marav for the heads-up.
In addition, Mig21 pointed out an issue where the defaults.vim file might
need to be edited for some purposes as its contents will override the
settings in the system-wide vimrc. Usually this file is replaced whenever
vim is upgraded, which in those situations would be inconvenient for the
admin. So, I've added support for a file named defaults.vim.custom which
(if it exists) will be used instead of the defaults.vim file shipped in
the package and will persist through upgrades.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
(* Security fix *)
patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.
20220926194354_15.0 | Patrick J Volkerding | 2022-09-27 | 2 | -16/+27 |
| * | Fri Aug 26 04:02:20 UTC 2022...patches/packages/linux-5.15.63/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.39:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
Fixed in 5.15.40:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943
Fixed in 5.15.41:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
Fixed in 5.15.42:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
Fixed in 5.15.44:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
Fixed in 5.15.45:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
Fixed in 5.15.46:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973
Fixed in 5.15.47:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981
Fixed in 5.15.48:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
Fixed in 5.15.53:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744
Fixed in 5.15.54:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
Fixed in 5.15.56:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123
Fixed in 5.15.57:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
Fixed in 5.15.58:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
Fixed in 5.15.59:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
Fixed in 5.15.60:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
Fixed in 5.15.61:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
(* Security fix *)
patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
We're just going to move to vim-9 instead of continuing to backport patches
to the vim-8 branch. Most users will be better served by this.
Fixed use after free and null pointer dereference.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
(* Security fix *)
patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
20220826040220_15.0 | Patrick J Volkerding | 2022-08-27 | 6 | -387/+4 |
| * | Sat Aug 20 20:04:15 UTC 2022...patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
Fix use after free.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
20220820200415_15.0 | Patrick J Volkerding | 2022-08-21 | 3 | -2/+240 |
| * | Wed Aug 17 20:41:53 UTC 2022...patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
20220817204153_15.0 | Patrick J Volkerding | 2022-08-18 | 5 | -2/+147 |
| * | Wed Mar 30 22:37:05 UTC 2022...patches/packages/vim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded.
Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646.
This vulnerability is capable of crashing software, bypassing protection
mechanisms, modifying memory, and possibly execution of arbitrary code.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded.
20220330223705_15.0 | Patrick J Volkerding | 2022-03-31 | 7 | -0/+803 |
Patrick J Volkerding