| Commit message (Expand) | Author | Files | Lines |
2023-09-12 | Mon Sep 11 20:19:30 UTC 2023...patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue that does not affect Linux:
Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4807
patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded.
Fixed three use-after-free security issues.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4733
https://www.cve.org/CVERecord?id=CVE-2023-4752
https://www.cve.org/CVERecord?id=CVE-2023-4750
(* Security fix *)
patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded.
Fixed three use-after-free security issues.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4733
https://www.cve.org/CVERecord?id=CVE-2023-4752
https://www.cve.org/CVERecord?id=CVE-2023-4750
(* Security fix *)
20230911201930_15.0 | Patrick J Volkerding | 8 | -35/+96 |
2023-09-04 | Sun Sep 3 19:37:21 UTC 2023...patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz: Rebuilt.
Fix crash on startup. Thanks to Lockywolf and ponce.
20230903193721_15.0 | Patrick J Volkerding | 17 | -120/+1132 |
2023-09-02 | Fri Sep 1 20:16:14 UTC 2023...extra/php81/php81-8.1.23-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.23
20230901201614_15.0 | Patrick J Volkerding | 4 | -25/+45 |
2023-08-31 | Wed Aug 30 21:58:04 UTC 2023...patches/packages/mozilla-firefox-115.2.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-36/
https://www.cve.org/CVERecord?id=CVE-2023-4573
https://www.cve.org/CVERecord?id=CVE-2023-4574
https://www.cve.org/CVERecord?id=CVE-2023-4575
https://www.cve.org/CVERecord?id=CVE-2023-4576
https://www.cve.org/CVERecord?id=CVE-2023-4577
https://www.cve.org/CVERecord?id=CVE-2023-4051
https://www.cve.org/CVERecord?id=CVE-2023-4578
https://www.cve.org/CVERecord?id=CVE-2023-4053
https://www.cve.org/CVERecord?id=CVE-2023-4580
https://www.cve.org/CVERecord?id=CVE-2023-4581
https://www.cve.org/CVERecord?id=CVE-2023-4582
https://www.cve.org/CVERecord?id=CVE-2023-4583
https://www.cve.org/CVERecord?id=CVE-2023-4584
https://www.cve.org/CVERecord?id=CVE-2023-4585
(* Security fix *)
patches/packages/mozilla-thunderbird-115.2.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.0/releasenotes/
(* Security fix *)
20230830215804_15.0 | Patrick J Volkerding | 5 | -30/+92 |
2023-08-17 | Wed Aug 16 20:45:00 UTC 2023...patches/packages/mozilla-thunderbird-115.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
20230816204500_15.0 | Patrick J Volkerding | 4 | -24/+44 |
2023-08-15 | Mon Aug 14 19:04:41 UTC 2023...patches/packages/mariadb-10.5.22-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-22-changelog/
20230814190441_15.0 | Patrick J Volkerding | 4 | -21/+41 |
2023-08-08 | Mon Aug 7 19:22:02 UTC 2023...extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
(* Security fix *)
patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.
Applied the last patches from Bram Moolenaar.
RIP Bram, and thanks for your great work on VIM and your kindness to the
orphan children in Uganda.
If you'd like to honor Bram with a donation to his charity, please visit:
https://iccf-holland.org/
patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.
20230807192202_15.0 | Patrick J Volkerding | 9 | -49/+93 |
2023-08-05 | Fri Aug 4 20:17:36 UTC 2023...extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
loading in XML without enabling it).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3823
(* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded.
Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added.
We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
https://www.cve.org/CVERecord?id=CVE-2023-4045
https://www.cve.org/CVERecord?id=CVE-2023-4046
https://www.cve.org/CVERecord?id=CVE-2023-4047
https://www.cve.org/CVERecord?id=CVE-2023-4048
https://www.cve.org/CVERecord?id=CVE-2023-4049
https://www.cve.org/CVERecord?id=CVE-2023-4050
https://www.cve.org/CVERecord?id=CVE-2023-4052
https://www.cve.org/CVERecord?id=CVE-2023-4054
https://www.cve.org/CVERecord?id=CVE-2023-4055
https://www.cve.org/CVERecord?id=CVE-2023-4056
https://www.cve.org/CVERecord?id=CVE-2023-4057
(* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded.
PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
branch because Windows has made changes that break Samba 4.15.x. The last
4.15.x will be retained in /pasture as a fallback. There may be some
required configuration changes with this, but we've kept using MIT Kerberos
to try to have the behavior change as little as possible. Upgrade carefully.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
20230804201736_15.0 | Patrick J Volkerding | 16 | -301/+353 |
2023-08-02 | Tue Aug 1 19:50:53 UTC 2023...patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Fix excessive time spent checking DH q parameter value.
Fix DH_check() excessive time with over sized modulus.
For more information, see:
https://www.openssl.org/news/secadv/20230731.txt
https://www.openssl.org/news/secadv/20230719.txt
https://www.cve.org/CVERecord?id=CVE-2023-3817
https://www.cve.org/CVERecord?id=CVE-2023-3446
(* Security fix *)
patches/packages/openssl-solibs-1.1.1v-x86_64-1_slack15.0.txz: Upgraded.
20230801195053_15.0 | Patrick J Volkerding | 5 | -25/+59 |
2023-08-01 | Mon Jul 31 21:52:46 UTC 2023...patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/
https://www.cve.org/CVERecord?id=CVE-2023-3417
(* Security fix *)
patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.17
(* Security fix *)
20230731215246_15.0 | Patrick J Volkerding | 9 | -51/+111 |
2023-07-27 | Wed Jul 26 19:26:39 UTC 2023...patches/packages/curl-8.2.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/mozilla-firefox-115.0.3esr-x86_64-1_slack15.0.txz: Added.
This seems good to go, but a little testing won't hurt.
testing/packages/mozilla-thunderbird-115.0.1-x86_64-1_slack15.0.txz: Added.
Here, like in -current, we're going to wait until upstream deems this ready
to trigger the automatic update from earlier versions.
testing/packages/rust-1.70.0-x86_64-1_slack15.0.txz: Added.
This will replace the package in /extra/rust-for-mozilla/ when the 115.x
versions of Firefox and Thunderbird become the main ones in Slackware 15.0.
20230726192639_15.0 | Patrick J Volkerding | 4 | -30/+132 |
2023-07-26 | Tue Jul 25 19:45:27 UTC 2023...patches/packages/kernel-firmware-20230725_b6ea35f-noarch-1.txz: Upgraded.
Restored license files and other documentation. Thanks to drumz.
20230725194527_15.0 | Patrick J Volkerding | 6 | -30/+167 |
2023-07-25 | Mon Jul 24 22:07:56 UTC 2023...patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59
https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
20230724220756_15.0 | Patrick J Volkerding | 4 | -18/+54 |
2023-07-24 | Mon Jul 24 00:17:18 UTC 2023...patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz: Upgraded.
Updated the .ga TLD server.
Added new recovered IPv4 allocations.
Removed the delegation of 43.0.0.0/8 to JPNIC.
Removed 12 new gTLDs which are no longer active.
Improved the man page source, courtesy of Bjarni Ingi Gislason.
Added the .edu.za SLD server.
Updated the .alt.za SLD server.
Added the -ru and -su NIC handles servers.
20230724001718_15.0 | Patrick J Volkerding | 4 | -21/+51 |
2023-07-22 | Fri Jul 21 19:35:45 UTC 2023...patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
20230721193545_15.0 | Patrick J Volkerding | 5 | -829/+1896 |
2023-07-21 | Wed Jul 19 20:36:46 UTC 2023...patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
20230719203646_15.0 | Patrick J Volkerding | 5 | -28/+100 |
2023-07-18 | Mon Jul 17 19:17:19 UTC 2023...patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230717191719_15.0 | Patrick J Volkerding | 4 | -21/+37 |
2023-07-13 | Wed Jul 12 20:41:16 UTC 2023...patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz: Rebuilt.
Fix potential uninitialized pointer free in kadm5 XDR parsing.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-36054
(* Security fix *)
patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230712204116_15.0 | Patrick J Volkerding | 7 | -33/+123 |
2023-07-08 | Fri Jul 7 23:06:07 UTC 2023...patches/packages/mozilla-thunderbird-102.13.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.13.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/
https://www.cve.org/CVERecord?id=CVE-2023-37201
https://www.cve.org/CVERecord?id=CVE-2023-37202
https://www.cve.org/CVERecord?id=CVE-2023-37207
https://www.cve.org/CVERecord?id=CVE-2023-37208
https://www.cve.org/CVERecord?id=CVE-2023-37211
(* Security fix *)
20230707230607_15.0 | Patrick J Volkerding | 4 | -24/+58 |
2023-07-05 | Tue Jul 4 20:26:12 UTC 2023...patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.13.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-23/
https://www.cve.org/CVERecord?id=CVE-2023-37201
https://www.cve.org/CVERecord?id=CVE-2023-37202
https://www.cve.org/CVERecord?id=CVE-2023-37207
https://www.cve.org/CVERecord?id=CVE-2023-37208
https://www.cve.org/CVERecord?id=CVE-2023-37211
(* Security fix *)
20230704202612_15.0 | Patrick J Volkerding | 4 | -32/+66 |
2023-06-27 | Mon Jun 26 19:44:44 UTC 2023...patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz: Rebuilt.
This update fixes a bug and adds a new feature:
Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
Expand the help text for DHCP_IPADDR in rc.inet1.conf.
Add support for a DHCP_OPTS parameter.
Thanks to ljb643 and Darren 'Tadgy' Austin.
patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded.
This fixes a rare divide-by-zero bug that could cause vim to crash. In an
interactive program such as vim, I can't really see this qualifying as a
security issue, but since it was brought up as such on LQ we'll just go
along with it this time. :)
Thanks to marav for the heads-up.
(* Security fix *)
patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz: Upgraded.
20230626194444_15.0 | Patrick J Volkerding | 40 | -2925/+7342 |
2023-06-24 | Sat Jun 24 00:16:22 UTC 2023...patches/packages/linux-5.15.117/*: Upgraded.
We're going to back up one version to avoid an amdgpu regression in 5.15.118.
If you're already using 5.15.118 without issues, feel free to stick with it.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
20230624001622_15.0 | Patrick J Volkerding | 30 | -63/+145 |
2023-06-23 | Thu Jun 22 19:07:50 UTC 2023...patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz: Upgraded.
Fixed use-after-free when logging warnings in case of failures
in cupsdAcceptClient().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-34241
(* Security fix *)
20230622190750_15.0 | Patrick J Volkerding | 33 | -176/+326 |
2023-06-16 | Thu Jun 15 18:59:33 UTC 2023...patches/packages/libX11-1.8.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes buffer overflows in InitExt.c that could at least cause
the client to crash due to memory corruption.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3138
(* Security fix *)
20230615185933_15.0 | Patrick J Volkerding | 14 | -92/+1015 |
2023-06-15 | Wed Jun 14 21:43:32 UTC 2023...patches/packages/cups-2.4.5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/ksh93-1.0.6-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230614214332_15.0 | Patrick J Volkerding | 5 | -30/+50 |
2023-06-09 | Fri Jun 9 01:06:21 UTC 2023...extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.20
(* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
(* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24329
(* Security fix *)
20230609010621_15.0 | Patrick J Volkerding | 7 | -52/+98 |
2023-06-08 | Wed Jun 7 21:12:41 UTC 2023...patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz: Upgraded.
This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
tries to find the default destination and the default destination is not set
on the machine.
patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix and robustness enhancement release.
Thanks to McDutchie for the great work!
Thanks to pghvlaans for improvements to the build script.
20230607211241_15.0 | Patrick J Volkerding | 11 | -59/+429 |
2023-06-07 | Tue Jun 6 20:26:59 UTC 2023...extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz: Rebuilt.
Recompiled without -DUSE_EAI or ICU libraries as this experimental option
is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz: Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.cve.org/CVERecord?id=CVE-2023-34414
https://www.cve.org/CVERecord?id=CVE-2023-34416
(* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230606202659_15.0 | Patrick J Volkerding | 8 | -50/+90 |
2023-06-05 | Sun Jun 4 19:16:13 UTC 2023...extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz: Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230604191613_15.0 | Patrick J Volkerding | 12 | -97/+236 |
2023-06-03 | Fri Jun 2 20:56:35 UTC 2023...patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
20230602205635_15.0 | Patrick J Volkerding | 19 | -143/+683 |
2023-05-31 | Wed May 31 01:29:12 UTC 2023...patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Possible DoS translating ASN.1 object identifiers.
For more information, see:
https://www.openssl.org/news/secadv/20230530.txt
https://www.cve.org/CVERecord?id=CVE-2023-2650
(* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz: Upgraded.
20230531012912_15.0 | Patrick J Volkerding | 6 | -31/+63 |
2023-05-28 | Sat May 27 20:42:29 UTC 2023...patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/
20230527204229_15.0 | Patrick J Volkerding | 4 | -22/+42 |
2023-05-26 | Thu May 25 19:04:56 UTC 2023...patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed vulnerabilities that may allow an attacker using a maliciously
crafted NTFS-formatted image file or external storage to potentially
execute arbitrary privileged code or cause a denial of service.
Thanks to opty.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
(* Security fix *)
20230525190456_15.0 | Patrick J Volkerding | 7 | -56/+311 |
2023-05-25 | Thu May 25 00:24:33 UTC 2023...patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
20230525002433_15.0 | Patrick J Volkerding | 19 | -114/+4820 |
2023-05-23 | Mon May 22 19:05:02 UTC 2023...patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
0-byte UDP payload causes Denial of Service.
Insufficient randomness in generation of DNS query IDs.
Buffer Underwrite in ares_inet_net_pton().
AutoTools does not set CARES_RANDOM_FILE during cross compilation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32067
https://www.cve.org/CVERecord?id=CVE-2023-31147
https://www.cve.org/CVERecord?id=CVE-2023-31130
https://www.cve.org/CVERecord?id=CVE-2023-31124
(* Security fix *)
20230522190502_15.0 | Patrick J Volkerding | 6 | -44/+259 |
2023-05-20 | Fri May 19 18:59:24 UTC 2023...patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
20230519185924_15.0 | Patrick J Volkerding | 10 | -65/+481 |
2023-05-18 | Wed May 17 20:59:51 UTC 2023...patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
more POST-after-PUT confusion.
IDN wildcard match.
siglongjmp race condition.
UAF in SSH sha256 fingerprint check.
For more information, see:
https://curl.se/docs/CVE-2023-28322.html
https://curl.se/docs/CVE-2023-28321.html
https://curl.se/docs/CVE-2023-28320.html
https://curl.se/docs/CVE-2023-28319.html
https://www.cve.org/CVERecord?id=CVE-2023-28322
https://www.cve.org/CVERecord?id=CVE-2023-28321
https://www.cve.org/CVERecord?id=CVE-2023-28320
https://www.cve.org/CVERecord?id=CVE-2023-28319
(* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230517205951_15.0 | Patrick J Volkerding | 5 | -42/+94 |
2023-05-15 | Sun May 14 17:03:16 UTC 2023...extra/php80/php80-8.0.28-x86_64-2_slack15.0.txz: Rebuilt.
This update removes extension=xmlrpc from the php.ini files.
extra/php81/php81-8.1.19-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.19
20230514170316_15.0 | Patrick J Volkerding | 6 | -82/+97 |
2023-05-11 | Wed May 10 23:42:53 UTC 2023...patches/packages/mozilla-thunderbird-102.11.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
https://www.cve.org/CVERecord?id=CVE-2023-32206
https://www.cve.org/CVERecord?id=CVE-2023-32207
https://www.cve.org/CVERecord?id=CVE-2023-32211
https://www.cve.org/CVERecord?id=CVE-2023-32212
https://www.cve.org/CVERecord?id=CVE-2023-32213
https://www.cve.org/CVERecord?id=CVE-2023-32214
https://www.cve.org/CVERecord?id=CVE-2023-32215
(* Security fix *)
20230510234253_15.0 | Patrick J Volkerding | 4 | -24/+62 |
2023-05-10 | Tue May 9 20:11:22 UTC 2023...patches/packages/mozilla-firefox-102.11.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.11.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-17/
https://www.cve.org/CVERecord?id=CVE-2023-32205
https://www.cve.org/CVERecord?id=CVE-2023-32206
https://www.cve.org/CVERecord?id=CVE-2023-32207
https://www.cve.org/CVERecord?id=CVE-2023-32211
https://www.cve.org/CVERecord?id=CVE-2023-32212
https://www.cve.org/CVERecord?id=CVE-2023-32213
https://www.cve.org/CVERecord?id=CVE-2023-32214
https://www.cve.org/CVERecord?id=CVE-2023-32215
(* Security fix *)
20230509201122_15.0 | Patrick J Volkerding | 4 | -24/+64 |
2023-05-07 | Sat May 6 19:01:04 UTC 2023...patches/packages/ca-certificates-20230506-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
20230506190104_15.0 | Patrick J Volkerding | 6 | -23/+324 |
2023-05-05 | Thu May 4 19:02:58 UTC 2023...patches/packages/libssh-0.10.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A NULL dereference during rekeying with algorithm guessing.
A possible authorization bypass in pki_verify_data_signature under
low-memory conditions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1667
https://www.cve.org/CVERecord?id=CVE-2023-2283
(* Security fix *)
20230504190258_15.0 | Patrick J Volkerding | 7 | -50/+241 |
2023-05-04 | Wed May 3 19:33:18 UTC 2023...patches/packages/whois-5.5.17-x86_64-1_slack15.0.txz: Upgraded.
Added the .cd TLD server.
Updated the -kg NIC handles server name.
Removed 2 new gTLDs which are no longer active.
20230503193318_15.0 | Patrick J Volkerding | 4 | -21/+41 |
2023-05-02 | Mon May 1 20:22:43 UTC 2023...patches/packages/netatalk-3.1.15-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues, including a critical vulnerability that
allows remote attackers to execute arbitrary code on affected installations
of Netatalk. Authentication is not required to exploit this vulnerability.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-43634
https://www.cve.org/CVERecord?id=CVE-2022-45188
(* Security fix *)
20230501202243_15.0 | Patrick J Volkerding | 4 | -21/+49 |
2023-04-26 | Tue Apr 25 21:20:19 UTC 2023...patches/packages/git-2.35.8-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
By feeding specially crafted input to `git apply --reject`, a
path outside the working tree can be overwritten with partially
controlled contents (corresponding to the rejected hunk(s) from
the given patch).
When Git is compiled with runtime prefix support and runs without
translated messages, it still used the gettext machinery to
display messages, which subsequently potentially looked for
translated messages in unexpected places. This allowed for
malicious placement of crafted messages.
When renaming or deleting a section from a configuration file,
certain malicious configuration values may be misinterpreted as
the beginning of a new configuration section, leading to arbitrary
configuration injection.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-25652
https://www.cve.org/CVERecord?id=CVE-2023-25815
https://www.cve.org/CVERecord?id=CVE-2023-29007
(* Security fix *)
patches/packages/mozilla-thunderbird-102.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.10.1/releasenotes/
20230425212019_15.0 | Patrick J Volkerding | 5 | -30/+90 |
2023-04-20 | Wed Apr 19 19:17:14 UTC 2023...patches/packages/bind-9.16.40-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.14-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
20230419191714_15.0 | Patrick J Volkerding | 4 | -36/+56 |
2023-04-14 | Thu Apr 13 22:25:18 UTC 2023...extra/php81/php81-8.1.17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.17
20230413222518_15.0 | Patrick J Volkerding | 5 | -26/+45 |
2023-04-13 | Thu Apr 13 01:10:27 UTC 2023...patches/packages/mozilla-thunderbird-102.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#MFSA-TMP-2023-0001
https://www.cve.org/CVERecord?id=CVE-2023-29531
https://www.cve.org/CVERecord?id=CVE-2023-29532
https://www.cve.org/CVERecord?id=CVE-2023-29533
https://www.cve.org/CVERecord?id=CVE-2023-29535
https://www.cve.org/CVERecord?id=CVE-2023-29536
https://www.cve.org/CVERecord?id=CVE-2023-0547
https://www.cve.org/CVERecord?id=CVE-2023-29479
https://www.cve.org/CVERecord?id=CVE-2023-29539
https://www.cve.org/CVERecord?id=CVE-2023-29541
https://www.cve.org/CVERecord?id=CVE-2023-29542
https://www.cve.org/CVERecord?id=CVE-2023-29545
https://www.cve.org/CVERecord?id=CVE-2023-1945
https://www.cve.org/CVERecord?id=CVE-2023-29548
https://www.cve.org/CVERecord?id=CVE-2023-29550
(* Security fix *)
20230413011027_15.0 | Patrick J Volkerding | 4 | -24/+78 |
2023-04-12 | Tue Apr 11 18:49:02 UTC 2023...patches/packages/mozilla-firefox-102.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#MFSA-TMP-2023-0001
https://www.cve.org/CVERecord?id=CVE-2023-29531
https://www.cve.org/CVERecord?id=CVE-2023-29532
https://www.cve.org/CVERecord?id=CVE-2023-29533
https://www.cve.org/CVERecord?id=CVE-2023-29535
https://www.cve.org/CVERecord?id=CVE-2023-29536
https://www.cve.org/CVERecord?id=CVE-2023-29539
https://www.cve.org/CVERecord?id=CVE-2023-29541
https://www.cve.org/CVERecord?id=CVE-2023-29545
https://www.cve.org/CVERecord?id=CVE-2023-1945
https://www.cve.org/CVERecord?id=CVE-2023-29548
https://www.cve.org/CVERecord?id=CVE-2023-29550
(* Security fix *)
20230411184902_15.0 | Patrick J Volkerding | 4 | -24/+72 |
2023-04-08 | Fri Apr 7 18:53:33 UTC 2023...patches/packages/httpd-2.4.57-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.57
20230407185333_15.0 | Patrick J Volkerding | 5 | -25/+45 |