| Commit message (Expand) | Author | Files | Lines |
|---|
| 2022-08-17 | Tue Aug 16 18:51:34 UTC 2022...patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
(* Security fix *)
20220816185134_15.0 |   Patrick J Volkerding | 4 | -21/+53 |
| 2022-08-16 | Mon Aug 15 20:23:47 UTC 2022...patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded.
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
(* Security fix *)
20220815202347_15.0 | Patrick J Volkerding | 6 | -33/+226 |
| 2022-08-14 | Sat Aug 13 19:12:40 UTC 2022...patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
20220813191240_15.0 | Patrick J Volkerding | 4 | -24/+40 |
| 2022-08-10 | Tue Aug 9 19:25:22 UTC 2022...patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix update.
Applied an upstream patch to restore the handling of CRC inputs to be the
same as in previous releases of zlib. This fixes an issue with OpenJDK.
Thanks to alienBOB.
20220809192522_15.0 | Patrick J Volkerding | 6 | -27/+103 |
| 2022-07-30 | Fri Jul 29 19:59:03 UTC 2022...patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded.
libgnutls: Fixed double free during verification of pkcs7 signatures.
Reported by Jaak Ristioja.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
(* Security fix *)
20220729195903_15.0 | Patrick J Volkerding | 6 | -44/+274 |
| 2022-07-29 | Thu Jul 28 23:48:36 UTC 2022...patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12
(* Security fix *)
20220728234836_15.0 | Patrick J Volkerding | 4 | -22/+46 |
| 2022-07-28 | Wed Jul 27 19:17:38 UTC 2022...patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded.
This update fixes the following security issues:
Samba AD users can bypass certain restrictions associated with changing
passwords.
Samba AD users can forge password change requests for any user.
Samba AD users can crash the server process with an LDAP add or modify
request.
Samba AD users can induce a use-after-free in the server process with an
LDAP add or modify request.
Server memory information leak via SMB1.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
(* Security fix *)
20220727191738_15.0 | Patrick J Volkerding | 5 | -25/+81 |
| 2022-07-26 | Mon Jul 25 20:53:49 UTC 2022...patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
(* Security fix *)
patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt.
This is a bugfix release.
Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92,
Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14.
Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
possibly other programs) might have trouble linking with it since it's not
in the LD_LIBRARY_PATH. Thanks to oneforall.
20220725205349_15.0 | Patrick J Volkerding | 11 | -107/+826 |
| 2022-07-22 | Thu Jul 21 18:13:18 UTC 2022...patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
an out-of-bounds memory access.
A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
pointer dereference.
Improper Input Validation when SETing malformed OIDs in master agent and
subagent simultaneously.
A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
can cause an out-of-bounds memory access.
A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
NULL pointer dereference.
A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
dereference.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
(* Security fix *)
20220721181318_15.0 | Patrick J Volkerding | 17 | -66/+1106 |
| 2022-07-14 | Wed Jul 13 19:56:59 UTC 2022...patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
xkb: switch to array index loops to moving pointers.
xkb: add request length validation for XkbSetGeometry.
xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
20220713195659_15.0 | Patrick J Volkerding | 34 | -223/+2460 |
| 2022-07-12 | Mon Jul 11 19:22:52 UTC 2022...patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.13
(* Security fix *)
20220711192252_15.0 | Patrick J Volkerding | 4 | -21/+43 |
| 2022-07-11 | Sun Jul 10 18:49:34 UTC 2022...patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded.
WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially
crafted DSD file causes an out-of-bounds read exception.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
(* Security fix *)
20220710184934_15.0 | Patrick J Volkerding | 7 | -43/+245 |
| 2022-07-08 | Thu Jul 7 23:03:01 UTC 2022...patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded.
g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could
trick GPGME and other parsers to accept faked status lines.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
(* Security fix *)
extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627
(* Security fix *)
20220707230301_15.0 | Patrick J Volkerding | 7 | -52/+266 |
| 2022-07-06 | Tue Jul 5 20:17:00 UTC 2022...patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Heap memory corruption with RSA private key operation.
AES OCB fails to encrypt some bytes.
For more information, see:
https://www.openssl.org/news/secadv/20220705.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
(* Security fix *)
patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
20220705201700_15.0 | Patrick J Volkerding | 5 | -25/+57 |
| 2022-07-01 | Fri Jul 1 01:23:50 UTC 2022...patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
(* Security fix *)
20220701012350_15.0 | Patrick J Volkerding | 5 | -28/+75 |
| 2022-06-29 | Tue Jun 28 19:16:08 UTC 2022...patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Set-Cookie denial of service.
HTTP compression denial of service.
Unpreserved file permissions.
FTP-KRB bad message verification.
For more information, see:
https://curl.se/docs/CVE-2022-32205.html
https://curl.se/docs/CVE-2022-32206.html
https://curl.se/docs/CVE-2022-32207.html
https://curl.se/docs/CVE-2022-32208.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
(* Security fix *)
patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-25/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
(* Security fix *)
20220628191608_15.0 | Patrick J Volkerding | 6 | -34/+109 |
| 2022-06-24 | Thu Jun 23 05:30:51 UTC 2022...patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
For more information, see:
https://www.openssl.org/news/secadv/20220621.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
(* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
20220623053051_15.0 | Patrick J Volkerding | 7 | -188/+1212 |
| 2022-06-14 | Mon Jun 13 21:02:58 UTC 2022...patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
20220613210258_15.0 | Patrick J Volkerding | 7 | -52/+112 |
| 2022-06-09 | Wed Jun 8 19:15:34 UTC 2022...patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Information Disclosure in mod_lua with websockets.
mod_sed denial of service.
Denial of service in mod_lua r:parsebody.
Read beyond bounds in ap_strcmp_match().
Read beyond bounds via ap_rwrite().
Read beyond bounds in mod_isapi.
mod_proxy_ajp: Possible request smuggling.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.54
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
(* Security fix *)
20220608191534_15.0 | Patrick J Volkerding | 4 | -22/+76 |
| 2022-06-05 | Sat Jun 4 18:43:17 UTC 2022...patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://www.pidgin.im/posts/2022-06-2.14.10-released/
(* Security fix *)
20220604184317_15.0 | Patrick J Volkerding | 4 | -24/+46 |
| 2022-06-03 | Thu Jun 2 19:42:06 UTC 2022...patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
(* Security fix *)
20220602194206_15.0 | Patrick J Volkerding | 4 | -22/+64 |
| 2022-06-01 | Wed Jun 1 00:49:45 UTC 2022...patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-21/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
(* Security fix *)
20220601004945_15.0 | Patrick J Volkerding | 4 | -22/+62 |
| 2022-05-27 | Thu May 26 18:27:32 UTC 2022...patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed certificate strings comparison for Local authorization.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691
(* Security fix *)
20220526182732_15.0 | Patrick J Volkerding | 9 | -47/+353 |
| 2022-05-22 | Sat May 21 19:30:02 UTC 2022...patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458
(* Security fix *)
20220521193002_15.0 | Patrick J Volkerding | 5 | -23/+89 |
| 2022-05-21 | Sat May 21 01:35:40 UTC 2022...patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-19/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
(* Security fix *)
patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-19/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
(* Security fix *)
20220521013540_15.0 | Patrick J Volkerding | 5 | -28/+72 |
| 2022-05-20 | Thu May 19 23:07:59 UTC 2022...patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream
socket object deletion.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183
(* Security fix *)
20220519230759_15.0 | Patrick J Volkerding | 4 | -42/+70 |
| 2022-05-12 | Wed May 11 19:01:59 UTC 2022...patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HSTS bypass via trailing dot.
TLS and SSH connection too eager reuse.
CERTINFO never-ending busy-loop.
percent-encoded path separator in URL host.
cookie for trailing dot TLD.
curl removes wrong file on error.
For more information, see:
https://curl.se/docs/CVE-2022-30115.html
https://curl.se/docs/CVE-2022-27782.html
https://curl.se/docs/CVE-2022-27781.html
https://curl.se/docs/CVE-2022-27780.html
https://curl.se/docs/CVE-2022-27779.html
https://curl.se/docs/CVE-2022-27778.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778
(* Security fix *)
20220511190159_15.0 | Patrick J Volkerding | 4 | -22/+78 |
| 2022-05-10 | Mon May 9 21:33:25 UTC 2022...patches/packages/linux-5.15.38/*: Upgraded.
These updates fix various bugs and security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.27:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494
Fixed in 5.15.28:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042
Fixed in 5.15.29:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
Fixed in 5.15.32:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356
Fixed in 5.15.33:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516
Fixed in 5.15.34:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582
Fixed in 5.15.35:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
Fixed in 5.15.37:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
(* Security fix *)
20220509213325_15.0 | Patrick J Volkerding | 22 | -37/+825 |
| 2022-05-05 | Wed May 4 21:24:57 UTC 2022...patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/
(* Security fix *)
patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded.
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
(* Security fix *)
patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.12
(* Security fix *)
20220504212457_15.0 | Patrick J Volkerding | 7 | -36/+82 |
| 2022-05-03 | Mon May 2 20:02:49 UTC 2022...patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix integer overflow in xmlBuf and xmlBuffer.
Fix potential double-free in xmlXPtrStringRangeFunction.
Fix memory leak in xmlFindCharEncodingHandler.
Normalize XPath strings in-place.
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
Fix leak of xmlElementContent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
(* Security fix *)
patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/
patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.samba.org/samba/history/samba-4.15.7.html
20220502200249_15.0 | Patrick J Volkerding | 16 | -72/+990 |
| 2022-05-01 | Sat Apr 30 21:18:47 UTC 2022...patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded.
Mitigate the potential for a man in the middle attack via DNS spoofing by
removing the code that supported the _xmppconnect DNS TXT record.
For more information, see:
https://www.pidgin.im/about/security/advisories/cve-2022-26491/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491
(* Security fix *)
20220430211847_15.0 | Patrick J Volkerding | 9 | -48/+385 |
| 2022-04-28 | Wed Apr 27 21:43:51 UTC 2022...patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
OAUTH2 bearer bypass in connection re-use.
Credential leak on redirect.
Bad local IPv6 connection reuse.
Auth/cookie leak on redirect.
For more information, see:
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
(* Security fix *)
20220427214351_15.0 | Patrick J Volkerding | 7 | -35/+277 |
| 2022-04-26 | Mon Apr 25 20:55:17 UTC 2022...patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded.
This update is a security and maintenance release.
For more information, see:
https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog
(* Security fix *)
20220425205517_15.0 | Patrick J Volkerding | 7 | -35/+249 |
| 2022-04-22 | Thu Apr 21 19:11:10 UTC 2022...patches/packages/mozilla-thunderbird-91.8.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/
20220421191110_15.0 | Patrick J Volkerding | 4 | -22/+42 |
| 2022-04-15 | Thu Apr 14 21:14:21 UTC 2022...patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue where a Git worktree created by another
user might be able to execute arbitrary code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
(* Security fix *)
patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
zgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes a security issue:
xzgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
20220414211421_15.0 | Patrick J Volkerding | 14 | -79/+873 |
| 2022-04-14 | Wed Apr 13 20:51:01 UTC 2022...patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Double free in Regexp compilation.
Buffer overrun in String-to-Float conversion.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
(* Security fix *)
20220413205101_15.0 | Patrick J Volkerding | 6 | -31/+242 |
| 2022-04-13 | Tue Apr 12 21:56:14 UTC 2022...patches/packages/whois-5.5.13-x86_64-1_slack15.0.txz: Upgraded.
This update adds the .sd TLD server, updates the list of new gTLDs, and adds
a Turkish translation.
20220412215614_15.0 | Patrick J Volkerding | 4 | -23/+42 |
| 2022-04-09 | Fri Apr 8 20:03:36 UTC 2022...patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix and security release.
Security fixes:
7zip reader: fix PPMD read beyond boundary.
ZIP reader: fix possible out of bounds read.
ISO reader: fix possible heap buffer overflow in read_children().
RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in
libarchive 3.6.0).
Fix heap use after free in archive_read_format_rar_read_data().
Fix null dereference in read_data_compressed().
Fix heap user after free in run_filters().
(* Security fix *)
20220408200336_15.0 | Patrick J Volkerding | 7 | -39/+231 |
| 2022-04-07 | Wed Apr 6 20:23:46 UTC 2022...patches/packages/mozilla-thunderbird-91.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
(* Security fix *)
20220406202346_15.0 | Patrick J Volkerding | 4 | -22/+64 |
| 2022-04-06 | Tue Apr 5 19:16:30 UTC 2022...patches/packages/mozilla-firefox-91.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
(* Security fix *)
20220405191630_15.0 | Patrick J Volkerding | 4 | -22/+60 |
| 2022-04-04 | Sun Apr 3 19:57:16 UTC 2022...patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
20220403195716_15.0 | Patrick J Volkerding | 5 | -332/+450 |
| 2022-03-31 | Wed Mar 30 22:37:05 UTC 2022...patches/packages/vim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded.
Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646.
This vulnerability is capable of crashing software, bypassing protection
mechanisms, modifying memory, and possibly execution of arbitrary code.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded.
20220330223705_15.0 | Patrick J Volkerding | 13 | -64/+941 |
| 2022-03-29 | Mon Mar 28 19:33:46 UTC 2022...patches/packages/whois-5.5.12-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. Thanks to Nobby6.
patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes memory corruption when deflating (i.e., when compressing)
if the input has many distant matches. Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
(* Security fix *)
20220328193346_15.0 | Patrick J Volkerding | 10 | -56/+380 |
| 2022-03-26 | Fri Mar 25 19:18:41 UTC 2022...patches/packages/seamonkey-2.53.11.1-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.11.1
(* Security fix *)
20220325191841_15.0 | Patrick J Volkerding | 4 | -25/+47 |
| 2022-03-25 | Thu Mar 24 20:59:09 UTC 2022...patches/packages/python3-3.9.12-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://pythoninsider.blogspot.com/2022/03/python-3104-and-3912-are-now-available.html
usb-and-pxe-installers/usbimg2disk.sh: Upgraded.
Calculate the space requirement by checking the size of the packages in the
Slackware directory tree.
20220324205909_15.0 | Patrick J Volkerding | 4 | -24/+50 |
| 2022-03-22 | Mon Mar 21 20:24:16 UTC 2022...patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz: Upgraded.
Sorry folks, I had not meant to bump BIND to the newer branch. I've moved
the other packages into /testing. Thanks to Nobby6 for pointing this out.
This update fixes bugs and the following security issues:
A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
to be called recursively, which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when out-of-order processing was
disabled.
The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
(* Security fix *)
testing/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Moved.
20220321202416_15.0 | Patrick J Volkerding | 6 | -42/+124 |
| 2022-03-20 | Sat Mar 19 20:28:16 UTC 2022...patches/packages/glibc-zoneinfo-2022a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
20220319202816_15.0 | Patrick J Volkerding | 18 | -482/+3592 |
| 2022-03-19 | Fri Mar 18 20:16:12 UTC 2022...patches/packages/python3-3.9.11-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
libexpat upgraded from 2.4.1 to 2.4.7
bundled pip upgraded from 21.2.4 to 22.0.4
authorization bypass fixed in urllib.request
REDoS avoided in importlib.metadata
For more information, see:
https://pythoninsider.blogspot.com/2022/03/python-3103-3911-3813-and-3713-are-now.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363
(* Security fix *)
20220318201612_15.0 | Patrick J Volkerding | 14 | -69/+504 |
| 2022-03-18 | Thu Mar 17 19:46:28 UTC 2022...patches/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
An assertion could occur in resume_dslookup() if the fetch had been shut
down earlier.
Lookups involving a DNAME could trigger an INSIST when "synth-from-dnssec"
was enabled.
A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
to be called recursively, which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when out-of-order processing was
disabled.
The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
(* Security fix *)
patches/packages/bluez-5.64-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release:
Fix issue with handling A2DP discover procedure.
Fix issue with media endpoint replies and SetConfiguration.
Fix issue with HoG queuing events before report map is read.
Fix issue with HoG and read order of GATT attributes.
Fix issue with HoG and not using UHID_CREATE2 interface.
Fix issue with failed scanning for 5 minutes after reboot.
patches/packages/openssl-1.1.1n-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a high severity security issue:
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.
For more information, see:
https://www.openssl.org/news/secadv/20220315.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
(* Security fix *)
patches/packages/openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/qt5-5.15.3_20220312_33a3f16f-x86_64-1_slack15.0.txz: Upgraded.
Thanks to Heinz Wiesinger for updating the fetch_sources.sh script to make
sure that the QtWebEngine version matches the rest of Qt, which got the
latest git pull compiling again.
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
20220317194628_15.0 | Patrick J Volkerding | 45 | -232/+2725 |
| 2022-03-15 | Tue Mar 15 00:13:59 UTC 2022...patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_sed: Read/write beyond bounds
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody
HTTP request smuggling vulnerability
mod_lua: Use of uninitialized value in r:parsebody
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.53
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
(* Security fix *)
patches/packages/mozilla-firefox-91.7.1esr-x86_64-1_slack15.0.txz: Upgraded.
This release makes the following change:
Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.7.1/releasenotes/
(* Security fix *)
20220315001359_15.0 | Patrick J Volkerding | 13 | -57/+564 |
Patrick J Volkerding