summaryrefslogtreecommitdiffstats
path: root/patches/source (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Thu Oct 26 19:55:16 UTC 202320231026195516_15.0 Patrick J Volkerding2023-10-276-3/+272
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. This update fixes security issues: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. Use-after-free bug in DestroyWindow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt. This update fixes a security issue: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 (* Security fix *)
* Sun Oct 22 19:30:42 UTC 202320231022193042_15.0 Patrick J Volkerding2023-10-235-0/+217
| | | | | | | | | | | | | | patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz: Rebuilt. This update fixes security issues: A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream:: gets(char*, int), which could lead to privilege escalation or application crash. A heap-buffer-overflow was found in raw2image_ex(int), which may lead to application crash by maliciously crafted input file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-32142 https://www.cve.org/CVERecord?id=CVE-2023-1729 (* Security fix *)
* Thu Oct 19 19:14:05 UTC 202320231019191405_15.0 Patrick J Volkerding2023-10-202-13/+16
| | | | | | | | | | | | | | | | | | | patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST. low: mod_macro buffer over-read. low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.58 https://www.cve.org/CVERecord?id=CVE-2023-45802 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://www.cve.org/CVERecord?id=CVE-2023-43622 (* Security fix *) patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
* Tue Oct 17 19:34:56 UTC 202320231017193456_15.0 Patrick J Volkerding2023-10-182-3/+9
| | | | | | | | | | | | patches/packages/util-linux-2.37.4-x86_64-2_slack15.0.txz: Rebuilt. Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's '-h' option, used (for example) by telnetd. If -h is used without /etc/pam.d/remote, pam will not be configured properly, and /etc/securetty will be ignored, possibly allowing root to login from a tty that is not considered secure. Of course, the usual disclaimers about the security of telnet/telnetd apply. Thanks to HytronBG and Petri Kaukasoina. (* Security fix *)
* Wed Oct 11 22:22:40 UTC 202320231011222240_15.0 Patrick J Volkerding2023-10-1211-2/+678
| | | | | | | | | | | patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash bug (a crafted file defining width of zero leads to divide by zero and a crash). Seems to be merely a bug rather than a security issue, but I'd been meaning to get beta20 building so this was a good excuse. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-0856 (* Security fix *)
* Tue Oct 10 19:27:56 UTC 202320231010192756_15.0 Patrick J Volkerding2023-10-116-0/+315
| | | | | | | | | | | | | | | patches/packages/libcue-2.2.1-x86_64-4_slack15.0.txz: Rebuilt. Fixed a bug which could allow memory corruption resulting in arbitrary code execution. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-43641 (* Security fix *) patches/packages/libnotify-0.8.3-x86_64-1_slack15.0.txz: Upgraded. This release contains a critical stability/minor security update which affects Electron applications that utilize Portal notifications (eg, through Flatpak). It is highly recommended that all users of libnotify 0.8.x update to this release. (* Security fix *)
* Mon Oct 9 18:10:01 UTC 202320231009181001_15.0 Patrick J Volkerding2023-10-103-0/+152
| | | | | | | | | | | | | | | | patches/packages/wayland-1.22.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/whois-5.5.19-x86_64-1_slack15.0.txz: Upgraded. Fixed english support for Japanese queries to not add again the /e argument if it had already been provided by the user. (Closes: #1050171) Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers. Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy, .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao) TLD servers. Upgraded the TLD URLs to HTTPS whenever possible. Updated the charset for whois.jprs.jp. Removed 3 new gTLDs which are no longer active. Removed support for the obsolete as32 dot notation.
* Sat Sep 30 21:33:49 UTC 202320230930213349_15.0 Patrick J Volkerding2023-10-016-0/+332
| | | | | | | | | | | | | | | | | patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains two security related fixes -- one each for VP8 and VP9. For more information, see: https://crbug.com/1486441 https://www.cve.org/CVERecord?id=CVE-2023-5217 (* Security fix *) patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz: Upgraded. This release contains a security fix for a critical heap buffer overflow in the libvpx VP8 encoder. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ https://www.cve.org/CVERecord?id=CVE-2023-5217 (* Security fix *)
* Tue Sep 26 19:30:21 UTC 202320230926193021_15.0 Patrick J Volkerding2023-09-273-0/+109
| | | | | | | | | | | | | | | | patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/mozilla-firefox-115.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/ https://www.cve.org/CVERecord?id=CVE-2023-5168 https://www.cve.org/CVERecord?id=CVE-2023-5169 https://www.cve.org/CVERecord?id=CVE-2023-5171 https://www.cve.org/CVERecord?id=CVE-2023-5174 https://www.cve.org/CVERecord?id=CVE-2023-5176 (* Security fix *)
* Thu Sep 21 19:32:42 UTC 202320230921193242_15.0 Patrick J Volkerding2023-09-222-15/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/bind-9.16.44-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Limit the amount of recursion that can be performed by isccc_cc_fromwire. For more information, see: https://kb.isc.org/docs/cve-2023-3341 https://www.cve.org/CVERecord?id=CVE-2023-3341 (* Security fix *) patches/packages/cups-2.4.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fixed Heap-based buffer overflow when reading Postscript in PPD files. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4504 (* Security fix *) patches/packages/mozilla-thunderbird-115.2.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/ patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.17.1 https://www.cve.org/CVERecord?id=CVE-2023-4863 (* Security fix *) testing/packages/bind-9.18.19-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Limit the amount of recursion that can be performed by isccc_cc_fromwire. Fix use-after-free error in TLS DNS code when sending data. For more information, see: https://kb.isc.org/docs/cve-2023-3341 https://www.cve.org/CVERecord?id=CVE-2023-3341 https://kb.isc.org/docs/cve-2023-4236 https://www.cve.org/CVERecord?id=CVE-2023-4236 (* Security fix *)
* Thu Sep 14 21:10:50 UTC 202320230914211050_15.0 Patrick J Volkerding2023-09-154-1/+194
| | | | | | | | patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz: Upgraded. Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4863 (* Security fix *)
* Mon Sep 11 20:19:30 UTC 202320230911201930_15.0 Patrick J Volkerding2023-09-121-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue that does not affect Linux: Fix POLY1305 MAC implementation corrupting XMM registers on Windows. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4807 patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz: Upgraded. patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded. Fixed three use-after-free security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4733 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://www.cve.org/CVERecord?id=CVE-2023-4750 (* Security fix *) patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded. Fixed three use-after-free security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4733 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://www.cve.org/CVERecord?id=CVE-2023-4750 (* Security fix *)
* Sun Sep 3 19:37:21 UTC 202320230903193721_15.0 Patrick J Volkerding2023-09-0413-0/+957
| | | | | patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz: Rebuilt. Fix crash on startup. Thanks to Lockywolf and ponce.
* Mon Aug 7 19:22:02 UTC 202320230807192202_15.0 Patrick J Volkerding2023-08-082-2/+2
| | | | | | | | | | | | | | | | | | | extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Security issue with external entity loading in XML without enabling it. Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247 (* Security fix *) patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded. Applied the last patches from Bram Moolenaar. RIP Bram, and thanks for your great work on VIM and your kindness to the orphan children in Uganda. If you'd like to honor Bram with a donation to his charity, please visit: https://iccf-holland.org/ patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.
* Fri Aug 4 20:17:36 UTC 202320230804201736_15.0 Patrick J Volkerding2023-08-056-79/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3823 (* Security fix *) extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. We'll hang onto this just in case. patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ https://www.cve.org/CVERecord?id=CVE-2023-4045 https://www.cve.org/CVERecord?id=CVE-2023-4046 https://www.cve.org/CVERecord?id=CVE-2023-4047 https://www.cve.org/CVERecord?id=CVE-2023-4048 https://www.cve.org/CVERecord?id=CVE-2023-4049 https://www.cve.org/CVERecord?id=CVE-2023-4050 https://www.cve.org/CVERecord?id=CVE-2023-4052 https://www.cve.org/CVERecord?id=CVE-2023-4054 https://www.cve.org/CVERecord?id=CVE-2023-4055 https://www.cve.org/CVERecord?id=CVE-2023-4056 https://www.cve.org/CVERecord?id=CVE-2023-4057 (* Security fix *) patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because Windows has made changes that break Samba 4.15.x. The last 4.15.x will be retained in /pasture as a fallback. There may be some required configuration changes with this, but we've kept using MIT Kerberos to try to have the behavior change as little as possible. Upgrade carefully. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 (* Security fix *)
* Mon Jul 31 21:52:46 UTC 202320230731215246_15.0 Patrick J Volkerding2023-08-013-4/+26
| | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ https://www.cve.org/CVERecord?id=CVE-2023-3417 (* Security fix *) patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.17 (* Security fix *)
* Tue Jul 25 19:45:27 UTC 202320230725194527_15.0 Patrick J Volkerding2023-07-262-0/+118
| | | | | patches/packages/kernel-firmware-20230725_b6ea35f-noarch-1.txz: Upgraded. Restored license files and other documentation. Thanks to drumz.
* Fri Jul 21 19:35:45 UTC 202320230721193545_15.0 Patrick J Volkerding2023-07-221-808/+1857
| | | | | | patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Wed Jul 12 20:41:16 UTC 202320230712204116_15.0 Patrick J Volkerding2023-07-132-1/+64
| | | | | | | | | | patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz: Rebuilt. Fix potential uninitialized pointer free in kadm5 XDR parsing. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-36054 (* Security fix *) patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Mon Jun 26 19:44:44 UTC 202320230626194444_15.0 Patrick J Volkerding2023-06-2733-0/+4325
| | | | | | | | | | | | | | | | | patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz: Rebuilt. This update fixes a bug and adds a new feature: Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf. Expand the help text for DHCP_IPADDR in rc.inet1.conf. Add support for a DHCP_OPTS parameter. Thanks to ljb643 and Darren 'Tadgy' Austin. patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded. This fixes a rare divide-by-zero bug that could cause vim to crash. In an interactive program such as vim, I can't really see this qualifying as a security issue, but since it was brought up as such on LQ we'll just go along with it this time. :) Thanks to marav for the heads-up. (* Security fix *) patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded.
* Sat Jun 24 00:16:22 UTC 202320230624001622_15.0 Patrick J Volkerding2023-06-2422-6/+60
| | | | | | | | | | | patches/packages/linux-5.15.117/*: Upgraded. We're going to back up one version to avoid an amdgpu regression in 5.15.118. If you're already using 5.15.118 without issues, feel free to stick with it. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition.
* Thu Jun 22 19:07:50 UTC 202320230622190750_15.0 Patrick J Volkerding2023-06-2322-84/+30
| | | | | | | | | patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free when logging warnings in case of failures in cupsdAcceptClient(). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-34241 (* Security fix *)
* Thu Jun 15 18:59:33 UTC 202320230615185933_15.0 Patrick J Volkerding2023-06-1610-0/+864
| | | | | | | | | patches/packages/libX11-1.8.6-x86_64-1_slack15.0.txz: Upgraded. This update fixes buffer overflows in InitExt.c that could at least cause the client to crash due to memory corruption. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3138 (* Security fix *)
* Fri Jun 9 01:06:21 UTC 202320230609010621_15.0 Patrick J Volkerding2023-06-091-1/+1
| | | | | | | | | | | | | | | | | | | | extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.20 (* Security fix *) patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/ (* Security fix *) patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-24329 (* Security fix *)
* Wed Jun 7 21:12:41 UTC 202320230607211241_15.0 Patrick J Volkerding2023-06-085-0/+322
| | | | | | | | | | | patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz: Upgraded. This update is a hotfix for a segfault in cupsGetNamedDest(), when caller tries to find the default destination and the default destination is not set on the machine. patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix and robustness enhancement release. Thanks to McDutchie for the great work! Thanks to pghvlaans for improvements to the build script.
* Sun Jun 4 19:16:13 UTC 202320230604191613_15.0 Patrick J Volkerding2023-06-053-0/+124
| | | | | | | | extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz: Upgraded. patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.
* Fri Jun 2 20:56:35 UTC 202320230602205635_15.0 Patrick J Volkerding2023-06-0313-79/+548
| | | | | | | | | | | | | | | | | | | | patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded. Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote attacker to launch a denial of service (DoS) attack, or possibly execute arbirary code. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-32324 (* Security fix *) patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-26551 https://www.cve.org/CVERecord?id=CVE-2023-26552 https://www.cve.org/CVERecord?id=CVE-2023-26553 https://www.cve.org/CVERecord?id=CVE-2023-26554 https://www.cve.org/CVERecord?id=CVE-2023-26555 (* Security fix *)
* Thu May 25 19:04:56 UTC 202320230525190456_15.0 Patrick J Volkerding2023-05-262-0/+185
| | | | | | | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/ patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz: Upgraded. Fixed vulnerabilities that may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code or cause a denial of service. Thanks to opty. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790 (* Security fix *)
* Thu May 25 00:24:33 UTC 202320230525002433_15.0 Patrick J Volkerding2023-05-2513-0/+4636
| | | | | | | | | | | | | | | patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded. This update patches a security issue: LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Thanks to Johannes Schoepfer. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-32700 (* Security fix *)
* Mon May 22 19:05:02 UTC 202320230522190502_15.0 Patrick J Volkerding2023-05-232-0/+161
| | | | | | | | | | | | | | | patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: 0-byte UDP payload causes Denial of Service. Insufficient randomness in generation of DNS query IDs. Buffer Underwrite in ares_inet_net_pton(). AutoTools does not set CARES_RANDOM_FILE during cross compilation. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-32067 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://www.cve.org/CVERecord?id=CVE-2023-31124 (* Security fix *)
* Fri May 19 18:59:24 UTC 202320230519185924_15.0 Patrick J Volkerding2023-05-205-0/+361
| | | | | | | | | | | | | patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. With execv() command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-24805 (* Security fix *)
* Sat May 6 19:01:04 UTC 202320230506190104_15.0 Patrick J Volkerding2023-05-072-1/+284
| | | | | | patches/packages/ca-certificates-20230506-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Thu May 4 19:02:58 UTC 202320230504190258_15.0 Patrick J Volkerding2023-05-053-0/+141
| | | | | | | | | | | | patches/packages/libssh-0.10.5-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: A NULL dereference during rekeying with algorithm guessing. A possible authorization bypass in pki_verify_data_signature under low-memory conditions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-1667 https://www.cve.org/CVERecord?id=CVE-2023-2283 (* Security fix *)
* Fri Apr 7 18:53:33 UTC 202320230407185333_15.0 Patrick J Volkerding2023-04-081-2/+2
| | | | | | | patches/packages/httpd-2.4.57-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.57
* Wed Apr 5 18:31:03 UTC 202320230405183103_15.0 Patrick J Volkerding2023-04-064-0/+192
| | | | | | | | | patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. The primary focus is to correct a rare corruption bug in high compression mode. While the probability might be very small, corruption issues are nonetheless very serious, so an update to this version is highly recommended, especially if you employ high compression modes (levels 16+).
* Sun Apr 2 18:33:01 UTC 202320230402183301_15.0 Patrick J Volkerding2023-04-033-0/+183
| | | | | | | | patches/packages/irssi-1.4.4-x86_64-1_slack15.0.txz: Upgraded. Do not crash Irssi when one line is printed as the result of another line being printed. Also solve a memory leak while printing unformatted lines. (* Security fix *)
* Fri Mar 31 18:01:09 UTC 202320230331180109_15.0 Patrick J Volkerding2023-04-012-0/+15
| | | | | | | | | | | | | | | | | | patches/packages/ruby-3.0.6-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: ReDoS vulnerability in URI. ReDoS vulnerability in Time. For more information, see: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ https://www.cve.org/CVERecord?id=CVE-2023-28755 https://www.cve.org/CVERecord?id=CVE-2023-28756 (* Security fix *) patches/packages/seamonkey-2.53.16-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.16 (* Security fix *)
* Wed Mar 29 20:56:21 UTC 202320230329205621_15.0 Patrick J Volkerding2023-03-305-2/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/glibc-zoneinfo-2023c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/mozilla-thunderbird-102.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.9.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ https://www.cve.org/CVERecord?id=CVE-2023-28427 (* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz: Rebuilt. [PATCH] composite: Fix use-after-free of the COW. Fix use-after-free that can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. For more information, see: https://lists.x.org/archives/xorg-announce/2023-March/003374.html https://www.cve.org/CVERecord?id=CVE-2023-1393 (* Security fix *)
* Fri Mar 24 19:42:46 UTC 202320230324194246_15.0 Patrick J Volkerding2023-03-255-0/+314
| | | | | | | | | | | | | | | patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-48303 (* Security fix *)
* Wed Mar 8 20:26:54 UTC 202320230308202654_15.0 Patrick J Volkerding2023-03-091-2/+2
| | | | | | | | | | | | patches/packages/httpd-2.4.56-x86_64-1_slack15.0.txz: Upgraded. This update fixes two security issues: HTTP Response Smuggling vulnerability via mod_proxy_uwsgi. HTTP Request Smuggling attack via mod_rewrite and mod_proxy. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.56 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://www.cve.org/CVERecord?id=CVE-2023-25690 (* Security fix *)
* Mon Mar 6 02:21:57 UTC 202320230306022157_15.0 Patrick J Volkerding2023-03-0610-0/+1284
| | | | | patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz: Upgraded. Here's an upgrade to the latest xscreensaver.
* Tue Feb 28 21:33:32 UTC 202320230228213332_15.0 Patrick J Volkerding2023-03-011-1/+4
| | | | | | | patches/packages/whois-5.5.16-x86_64-1_slack15.0.txz: Upgraded. Add bash completion support, courtesy of Ville Skytta. Updated the .tr TLD server. Removed support for -metu NIC handles.
* Sat Feb 18 02:04:34 UTC 202320230218020434_15.0 Patrick J Volkerding2023-02-1822-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded. patches/packages/linux-5.15.80/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.81: https://www.cve.org/CVERecord?id=CVE-2022-47519 https://www.cve.org/CVERecord?id=CVE-2022-47518 https://www.cve.org/CVERecord?id=CVE-2022-47520 https://www.cve.org/CVERecord?id=CVE-2022-47521 https://www.cve.org/CVERecord?id=CVE-2022-3344 Fixed in 5.15.82: https://www.cve.org/CVERecord?id=CVE-2022-45869 https://www.cve.org/CVERecord?id=CVE-2022-4378 Fixed in 5.15.83: https://www.cve.org/CVERecord?id=CVE-2022-3643 Fixed in 5.15.84: https://www.cve.org/CVERecord?id=CVE-2022-3545 Fixed in 5.15.85: https://www.cve.org/CVERecord?id=CVE-2022-45934 Fixed in 5.15.86: https://www.cve.org/CVERecord?id=CVE-2022-3534 https://www.cve.org/CVERecord?id=CVE-2022-3424 Fixed in 5.15.87: https://www.cve.org/CVERecord?id=CVE-2022-41218 https://www.cve.org/CVERecord?id=CVE-2023-23455 https://www.cve.org/CVERecord?id=CVE-2023-23454 https://www.cve.org/CVERecord?id=CVE-2023-0045 https://www.cve.org/CVERecord?id=CVE-2023-0210 https://www.cve.org/CVERecord?id=CVE-2022-36280 Fixed in 5.15.88: https://www.cve.org/CVERecord?id=CVE-2023-0266 https://www.cve.org/CVERecord?id=CVE-2022-47929 Fixed in 5.15.89: https://www.cve.org/CVERecord?id=CVE-2023-0179 https://www.cve.org/CVERecord?id=CVE-2023-0394 Fixed in 5.15.90: https://www.cve.org/CVERecord?id=CVE-2022-4382 https://www.cve.org/CVERecord?id=CVE-2022-4842 Fixed in 5.15.91: https://www.cve.org/CVERecord?id=CVE-2022-4129 https://www.cve.org/CVERecord?id=CVE-2023-23559 (* Security fix *)
* Wed Feb 15 03:05:40 UTC 202320230215030540_15.0 Patrick J Volkerding2023-02-166-1/+760
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) patches/packages/hwdata-0.367-noarch-1_slack15.0.txz: Upgraded. Upgraded to get information for newer hardware. Requested by kingbeowulf on LQ. patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/ https://www.cve.org/CVERecord?id=CVE-2023-25728 https://www.cve.org/CVERecord?id=CVE-2023-25730 https://www.cve.org/CVERecord?id=CVE-2023-25743 https://www.cve.org/CVERecord?id=CVE-2023-0767 https://www.cve.org/CVERecord?id=CVE-2023-25735 https://www.cve.org/CVERecord?id=CVE-2023-25737 https://www.cve.org/CVERecord?id=CVE-2023-25738 https://www.cve.org/CVERecord?id=CVE-2023-25739 https://www.cve.org/CVERecord?id=CVE-2023-25729 https://www.cve.org/CVERecord?id=CVE-2023-25732 https://www.cve.org/CVERecord?id=CVE-2023-25734 https://www.cve.org/CVERecord?id=CVE-2023-25742 https://www.cve.org/CVERecord?id=CVE-2023-25746 (* Security fix *) patches/packages/php-7.4.33-x86_64-3_slack15.0.txz: Rebuilt. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *)
* Tue Feb 7 20:48:57 UTC 202320230207204857_15.0 Patrick J Volkerding2023-02-087-2/+170
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/openssl-1.1.1t-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: X.400 address type confusion in X.509 GeneralName. Timing Oracle in RSA Decryption. Use-after-free following BIO_new_NDEF. Double free after calling PEM_read_bio_ex. For more information, see: https://www.openssl.org/news/secadv/20230207.txt https://www.cve.org/CVERecord?id=CVE-2023-0286 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://www.cve.org/CVERecord?id=CVE-2022-4450 (* Security fix *) patches/packages/openssl-solibs-1.1.1t-x86_64-1_slack15.0.txz: Upgraded. patches/packages/xorg-server-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses. Also merged another patch to prevent crashes when using a compositor with the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0494 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-7_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-6_slack15.0.txz: Rebuilt. [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses. Also merged another patch to prevent crashes when using a compositor with the NVIDIA blob. Thanks to mdinslage, willysr, and Daedra. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0494 (* Security fix *)
* Thu Feb 2 22:52:48 UTC 202320230202225248_15.0 Patrick J Volkerding2023-02-039-0/+526
| | | | | | | | | | | | | patches/packages/openssh-9.2p1-x86_64-1_slack15.0.txz: Upgraded. This release contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable, but upstream reports most network-reachable memory faults as security bugs. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 For more information, see: https://www.openssh.com/releasenotes.html#9.2 (* Security fix *)
* Wed Feb 1 22:27:31 UTC 202320230201222731_15.0 Patrick J Volkerding2023-02-026-0/+289
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. (CVE-2022-24963) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940) For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-24963 https://www.cve.org/CVERecord?id=CVE-2021-35940 https://www.cve.org/CVERecord?id=CVE-2017-12613 (* Security fix *) patches/packages/apr-util-1.6.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. (CVE-2022-25147) For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-25147 (* Security fix *) patches/packages/mozilla-thunderbird-102.7.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ https://www.cve.org/CVERecord?id=CVE-2023-0430 (* Security fix *)
* Thu Jan 19 00:40:12 UTC 202320230119004012_15.0 Patrick J Volkerding2023-01-1911-2/+887
| | | | | | | | | patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz: Upgraded. This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-22809 (* Security fix *)
* Fri Jan 13 20:29:55 UTC 202320230113202955_15.0 Patrick J Volkerding2023-01-145-0/+264
| | | | | | | | | patches/packages/netatalk-3.1.14-x86_64-1_slack15.0.txz: Upgraded. Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45188 (* Security fix *)
* Tue Jan 10 21:32:00 UTC 202320230110213200_15.0 Patrick J Volkerding2023-01-112-3/+7
| | | | | | | patches/packages/ca-certificates-20221205-noarch-2_slack15.0.txz: Rebuilt. Make sure that if we're installing this package on another partition (such as when using installpkg with a --root parameter) that the updates are done on that partition. Thanks to fulalas.
generated by cgit v1.2.3-79-gdb01 (git 2.46.1) at 2024-09-22 11:33:55 +0000