| Commit message (Expand) | Author | Age | Files | Lines |
* | Wed Dec 13 22:01:34 UTC 2023...patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz: Upgraded.
This update addresses regressions when building against libxml2 that were
due to header file refactoring.
patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes two security issues:
Out-of-bounds memory write in XKB button actions.
Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty.
For more information, see:
https://lists.x.org/archives/xorg/2023-December/061517.html
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
(* Security fix *)
20231213220134_15.0 | Patrick J Volkerding | 2023-12-14 | 1 | -0/+3 |
* | Thu Oct 26 19:55:16 UTC 2023...patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
https://www.cve.org/CVERecord?id=CVE-2023-5721
https://www.cve.org/CVERecord?id=CVE-2023-5732
https://www.cve.org/CVERecord?id=CVE-2023-5724
https://www.cve.org/CVERecord?id=CVE-2023-5725
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5727
https://www.cve.org/CVERecord?id=CVE-2023-5728
https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
20231026195516_15.0 | Patrick J Volkerding | 2023-10-27 | 1 | -0/+5 |
* | Wed Mar 29 20:56:21 UTC 2023...patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/
https://www.cve.org/CVERecord?id=CVE-2023-28427
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] composite: Fix use-after-free of the COW.
Fix use-after-free that can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-March/003374.html
https://www.cve.org/CVERecord?id=CVE-2023-1393
(* Security fix *)
20230329205621_15.0 | Patrick J Volkerding | 2023-03-30 | 1 | -0/+3 |
* | Tue Feb 7 20:48:57 UTC 2023...patches/packages/openssl-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
X.400 address type confusion in X.509 GeneralName.
Timing Oracle in RSA Decryption.
Use-after-free following BIO_new_NDEF.
Double free after calling PEM_read_bio_ex.
For more information, see:
https://www.openssl.org/news/secadv/20230207.txt
https://www.cve.org/CVERecord?id=CVE-2023-0286
https://www.cve.org/CVERecord?id=CVE-2022-4304
https://www.cve.org/CVERecord?id=CVE-2023-0215
https://www.cve.org/CVERecord?id=CVE-2022-4450
(* Security fix *)
patches/packages/openssl-solibs-1.1.1t-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txz: Rebuilt.
[PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses.
Also merged another patch to prevent crashes when using a compositor with
the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0494
(* Security fix *)
20230207204857_15.0 | Patrick J Volkerding | 2023-02-08 | 1 | -0/+7 |
* | Mon Dec 19 21:18:22 UTC 2022...patches/packages/xorg-server-1.20.14-x86_64-6_slack15.0.txz: Rebuilt.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
patches/packages/xorg-server-xephyr-1.20.14-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-6_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-5_slack15.0.txz: Rebuilt.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
20221219211822_15.0 | Patrick J Volkerding | 2022-12-20 | 1 | -0/+3 |
* | Wed Dec 14 21:19:34 UTC 2022...patches/packages/mozilla-firefox-102.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/
https://www.cve.org/CVERecord?id=CVE-2022-46880
https://www.cve.org/CVERecord?id=CVE-2022-46872
https://www.cve.org/CVERecord?id=CVE-2022-46881
https://www.cve.org/CVERecord?id=CVE-2022-46874
https://www.cve.org/CVERecord?id=CVE-2022-46875
https://www.cve.org/CVERecord?id=CVE-2022-46882
https://www.cve.org/CVERecord?id=CVE-2022-46878
(* Security fix *)
patches/packages/mozilla-thunderbird-102.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/
https://www.cve.org/CVERecord?id=CVE-2022-46880
https://www.cve.org/CVERecord?id=CVE-2022-46872
https://www.cve.org/CVERecord?id=CVE-2022-46881
https://www.cve.org/CVERecord?id=CVE-2022-46874
https://www.cve.org/CVERecord?id=CVE-2022-46875
https://www.cve.org/CVERecord?id=CVE-2022-46882
https://www.cve.org/CVERecord?id=CVE-2022-46878
(* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-5_slack15.0.txz: Rebuilt.
This release fixes 6 recently reported security vulnerabilities in
various extensions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2022-December/003302.html
https://www.cve.org/CVERecord?id=CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2022-4283
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-5_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-5_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-5_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-4_slack15.0.txz: Rebuilt.
This release fixes 6 recently reported security vulnerabilities in
various extensions.
For more information, see:
https://lists.x.org/archives/xorg-announce/2022-December/003302.html
https://www.cve.org/CVERecord?id=CVE-2022-46340
https://www.cve.org/CVERecord?id=CVE-2022-46341
https://www.cve.org/CVERecord?id=CVE-2022-46342
https://www.cve.org/CVERecord?id=CVE-2022-46343
https://www.cve.org/CVERecord?id=CVE-2022-46344
https://www.cve.org/CVERecord?id=CVE-2022-4283
(* Security fix *)
20221214211934_15.0 | Patrick J Volkerding | 2022-12-15 | 1 | -0/+8 |
* | Mon Oct 17 19:31:45 UTC 2022...patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
xquartz: Fix a possible crash when editing the Application menu due
to mutating immutable arrays.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
(* Security fix *)
20221017193145_15.0 | Patrick J Volkerding | 2022-10-18 | 1 | -0/+5 |
* | Wed Jul 13 19:56:59 UTC 2022...patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
xkb: switch to array index loops to moving pointers.
xkb: add request length validation for XkbSetGeometry.
xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
20220713195659_15.0 | Patrick J Volkerding | 2022-07-14 | 1 | -0/+35 |