From ad9ea8bf781935db257f79f0efd1e0744c8e02c2 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 15 Feb 2023 03:05:40 +0000
Subject: Wed Feb 15 03:05:40 UTC 2023

extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
patches/packages/hwdata-0.367-noarch-1_slack15.0.txz:  Upgraded.
  Upgraded to get information for newer hardware.
  Requested by kingbeowulf on LQ.
patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
    https://www.cve.org/CVERecord?id=CVE-2023-25728
    https://www.cve.org/CVERecord?id=CVE-2023-25730
    https://www.cve.org/CVERecord?id=CVE-2023-25743
    https://www.cve.org/CVERecord?id=CVE-2023-0767
    https://www.cve.org/CVERecord?id=CVE-2023-25735
    https://www.cve.org/CVERecord?id=CVE-2023-25737
    https://www.cve.org/CVERecord?id=CVE-2023-25738
    https://www.cve.org/CVERecord?id=CVE-2023-25739
    https://www.cve.org/CVERecord?id=CVE-2023-25729
    https://www.cve.org/CVERecord?id=CVE-2023-25732
    https://www.cve.org/CVERecord?id=CVE-2023-25734
    https://www.cve.org/CVERecord?id=CVE-2023-25742
    https://www.cve.org/CVERecord?id=CVE-2023-25746
  (* Security fix *)
patches/packages/php-7.4.33-x86_64-3_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
---
 recompress.sh | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'recompress.sh')

diff --git a/recompress.sh b/recompress.sh
index aba4fc02e..bf5209fcd 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -1266,8 +1266,11 @@ gzip ./patches/source/libtiff/patches/CVE-2022-2056_2057_2058.patch
 gzip ./patches/source/libtiff/patches/CVE-2022-34526.patch
 gzip ./patches/source/libtiff/patches/CVE-2022-3970.patch
 gzip ./patches/source/php/php-fpm.conf.diff
+gzip ./patches/source/php/CVE-2023-0662.patch
 gzip ./patches/source/php/php.enchant-2.patch
 gzip ./patches/source/php/CVE-2022-31631.patch
+gzip ./patches/source/php/CVE-2023-0568.patch
+gzip ./patches/source/php/CVE-2023-0567.patch
 gzip ./patches/source/php/doinst.sh
 gzip ./patches/source/php/php.imap.api.diff
 gzip ./patches/source/php/php.ini-development.diff
-- 
cgit v1.2.3-80-g2a13