current - Tracking development of slackware-current

	Commit message (Collapse)	Author	Age	Files	Lines
*	Wed Mar 29 20:56:21 UTC 202320230329205621_15.0	Patrick J Volkerding	2023-03-30	1	-0/+42
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ https://www.cve.org/CVERecord?id=CVE-2023-28427 (* Security fix ) patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 ( Security fix *)
*	Tue Feb 7 20:48:57 UTC 202320230207204857_15.0	Patrick J Volkerding	2023-02-08	2	-0/+77
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/openssl-1.1.1t-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: X.400 address type confusion in X.509 GeneralName. Timing Oracle in RSA Decryption. Use-after-free following BIO_new_NDEF. Double free after calling PEM_read_bio_ex. For more information, see: https://www.openssl.org/news/secadv/20230207.txt https://www.cve.org/CVERecord?id=CVE-2023-0286 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://www.cve.org/CVERecord?id=CVE-2022-4450 (* Security fix ) patches/packages/openssl-solibs-1.1.1t-x86_64-1_slack15.0.txz: Upgraded. patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses. Also merged another patch to prevent crashes when using a compositor with the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0494 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txz: Rebuilt. [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses. Also merged another patch to prevent crashes when using a compositor with the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0494 ( Security fix *)
*	Mon Dec 19 21:18:22 UTC 202220221219211822_15.0	Patrick J Volkerding	2022-12-20	1	-0/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/xorg-server-1.20.14-x86_64-6_slack15.0.txz: Rebuilt. This release fixes an invalid event type mask in XTestSwapFakeInput which was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix for CVE-2022-46340. patches/packages/xorg-server-xephyr-1.20.14-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-5_slack15.0.txz: Rebuilt. This release fixes an invalid event type mask in XTestSwapFakeInput which was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix for CVE-2022-46340.
*	Wed Dec 14 21:19:34 UTC 202220221214211934_15.0	Patrick J Volkerding	2022-12-15	6	-0/+360
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/mozilla-firefox-102.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/ https://www.cve.org/CVERecord?id=CVE-2022-46880 https://www.cve.org/CVERecord?id=CVE-2022-46872 https://www.cve.org/CVERecord?id=CVE-2022-46881 https://www.cve.org/CVERecord?id=CVE-2022-46874 https://www.cve.org/CVERecord?id=CVE-2022-46875 https://www.cve.org/CVERecord?id=CVE-2022-46882 https://www.cve.org/CVERecord?id=CVE-2022-46878 (* Security fix ) patches/packages/mozilla-thunderbird-102.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ https://www.cve.org/CVERecord?id=CVE-2022-46880 https://www.cve.org/CVERecord?id=CVE-2022-46872 https://www.cve.org/CVERecord?id=CVE-2022-46881 https://www.cve.org/CVERecord?id=CVE-2022-46874 https://www.cve.org/CVERecord?id=CVE-2022-46875 https://www.cve.org/CVERecord?id=CVE-2022-46882 https://www.cve.org/CVERecord?id=CVE-2022-46878 ( Security fix ) patches/packages/xorg-server-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-5_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-4_slack15.0.txz: Rebuilt. This release fixes 6 recently reported security vulnerabilities in various extensions. For more information, see: https://lists.x.org/archives/xorg-announce/2022-December/003302.html https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2022-4283 ( Security fix *)
*	Mon Oct 17 19:31:45 UTC 202220221017193145_15.0	Patrick J Volkerding	2022-10-18	3	-0/+136
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. xquartz: Fix a possible crash when editing the Application menu due to mutating immutable arrays. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553 (* Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 ( Security fix *)
*	Wed Jul 13 19:56:59 UTC 202220220713195659_15.0	Patrick J Volkerding	2022-07-14	11	-0/+928
	patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.