diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-04-22 02:19:37 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-04-22 08:59:52 +0200 |
| commit | bf29f9a870281df42f1c50664c2cabd208d753d0 (patch) | |
| tree | e016f21ceb5581eb520855a25d9b3c05b0ea2066 /ChangeLog.rss | |
| parent | 72b3c9e90fc0aaa9889f6be69da37f506cabeba2 (diff) | |
| download | current-bf29f9a870281df42f1c50664c2cabd208d753d0.tar.gz current-bf29f9a870281df42f1c50664c2cabd208d753d0.tar.xz | |
Wed Apr 22 02:19:37 UTC 202020200422021937
a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded.
d/git-2.26.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
(* Security fix *)
d/kernel-headers-5.4.34-x86-1.txz: Upgraded.
d/vala-0.48.4-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.34-noarch-1.txz: Upgraded.
INFINIBAND_CXGB3 n -> m
INFINIBAND_IPOIB_CM n -> y
INFINIBAND_IPOIB_DEBUG_DATA n -> y
Thanks to Karl Magnus Kolstø.
l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt.
Don't package typing-3.7.4.1 for python3.
l/netpbm-10.90.01-x86_64-1.txz: Upgraded.
n/openssl-1.1.1g-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fixed segmentation fault in SSL_check_chain() that could be exploited by a
malicious peer in a Denial of Service attack.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
(* Security fix *)
x/libva-2.7.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded.
This update fixes a security issue:
Fix illegal client float. Thanks to Lev Stipakov.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
(* Security fix *)
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 59 |
1 files changed, 57 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index cbc6766f8..99ee89e2b 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,65 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Tue, 21 Apr 2020 02:45:06 GMT</pubDate> - <lastBuildDate>Tue, 21 Apr 2020 06:59:47 GMT</lastBuildDate> + <pubDate>Wed, 22 Apr 2020 02:19:37 GMT</pubDate> + <lastBuildDate>Wed, 22 Apr 2020 06:59:45 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.11</generator> <item> + <title>Wed, 22 Apr 2020 02:19:37 GMT</title> + <pubDate>Wed, 22 Apr 2020 02:19:37 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20200422021937</link> + <guid isPermaLink="false">20200422021937</guid> + <description> + <![CDATA[<pre> +a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded. +a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded. +a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded. +a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded. +a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded. +d/git-2.26.2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + With a crafted URL that contains a newline or empty host, or lacks + a scheme, the credential helper machinery can be fooled into + providing credential information that is not appropriate for the + protocol in use and host being contacted. + Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the + credentials are not for a host of the attacker's choosing; instead, + they are for some unspecified host (based on how the configured + credential helper handles an absent "host" parameter). + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008 + (* Security fix *) +d/kernel-headers-5.4.34-x86-1.txz: Upgraded. +d/vala-0.48.4-x86_64-1.txz: Upgraded. +k/kernel-source-5.4.34-noarch-1.txz: Upgraded. + INFINIBAND_CXGB3 n -> m + INFINIBAND_IPOIB_CM n -> y + INFINIBAND_IPOIB_DEBUG_DATA n -> y + Thanks to Karl Magnus Kolstø. +l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt. + Don't package typing-3.7.4.1 for python3. +l/netpbm-10.90.01-x86_64-1.txz: Upgraded. +n/openssl-1.1.1g-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Fixed segmentation fault in SSL_check_chain() that could be exploited by a + malicious peer in a Denial of Service attack. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967 + (* Security fix *) +x/libva-2.7.1-x86_64-1.txz: Upgraded. +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded. + This update fixes a security issue: + Fix illegal client float. Thanks to Lev Stipakov. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810 + (* Security fix *) +usb-and-pxe-installers/usbboot.img: Rebuilt. + </pre>]]> + </description> + </item> + <item> <title>Tue, 21 Apr 2020 02:45:06 GMT</title> <pubDate>Tue, 21 Apr 2020 02:45:06 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20200421024506</link> |