summaryrefslogtreecommitdiffstats
path: root/ChangeLog.rss
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-05-19 19:47:49 +0000
committer Eric Hameleers <alien@slackware.com>2020-05-20 09:00:04 +0200
commit26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048 (patch)
tree6c966f78a2f38c7141fda47144ac28da8b798137 /ChangeLog.rss
parentbb7dc1ffb7eb47db06eded668ce6c9e8eaa9cec0 (diff)
downloadcurrent-26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048.tar.gz
current-26cd2dd0d1823fa8a3bd95d273dc4f1ec5bdb048.tar.xz
Tue May 19 19:47:49 UTC 202020200519194749
a/shadow-4.8.1-x86_64-8.txz: Rebuilt. It seems that /etc/suauth is not supported when PAM is in use, even if configure.ac is hacked to enable it. I've removed the man pages for it, and would suggest using sudo as a replacement. l/libexif-0.6.22-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: CVE-2018-20030: Fix for recursion DoS CVE-2020-13114: Time consumption DoS when parsing canon array markers CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-0093: read overflow CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-12767: fixed division by zero CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 (* Security fix *) l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt. Rebuilt with --enable-posix-api. Thanks to MisterL. l/python-packaging-20.4-x86_64-1.txz: Upgraded. n/bind-9.16.3-x86_64-1.txz: Upgraded. This update fixes a security issue: A malicious actor who intentionally exploits the lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. For more information, see: https://kb.isc.org/docs/cve-2020-8616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616 (* Security fix *) x/fontconfig-2.13.92-x86_64-1.txz: Upgraded. x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded.
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss62
1 files changed, 60 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 1687963db..29a6e5bb8 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,68 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Mon, 18 May 2020 23:30:26 GMT</pubDate>
- <lastBuildDate>Tue, 19 May 2020 06:59:47 GMT</lastBuildDate>
+ <pubDate>Tue, 19 May 2020 19:47:49 GMT</pubDate>
+ <lastBuildDate>Wed, 20 May 2020 06:59:58 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.11</generator>
<item>
+ <title>Tue, 19 May 2020 19:47:49 GMT</title>
+ <pubDate>Tue, 19 May 2020 19:47:49 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20200519194749</link>
+ <guid isPermaLink="false">20200519194749</guid>
+ <description>
+ <![CDATA[<pre>
+a/shadow-4.8.1-x86_64-8.txz: Rebuilt.
+ It seems that /etc/suauth is not supported when PAM is in use, even if
+ configure.ac is hacked to enable it. I've removed the man pages for it,
+ and would suggest using sudo as a replacement.
+l/libexif-0.6.22-x86_64-1.txz: Upgraded.
+ This update fixes bugs and security issues:
+ CVE-2018-20030: Fix for recursion DoS
+ CVE-2020-13114: Time consumption DoS when parsing canon array markers
+ CVE-2020-13113: Potential use of uninitialized memory
+ CVE-2020-13112: Various buffer overread fixes due to integer overflows
+ in maker notes
+ CVE-2020-0093: read overflow
+ CVE-2019-9278: replaced integer overflow checks the compiler could
+ optimize away by safer constructs
+ CVE-2020-12767: fixed division by zero
+ CVE-2016-6328: fixed integer overflow when parsing maker notes
+ CVE-2017-7544: fixed buffer overread
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
+ (* Security fix *)
+l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt.
+ Rebuilt with --enable-posix-api. Thanks to MisterL.
+l/python-packaging-20.4-x86_64-1.txz: Upgraded.
+n/bind-9.16.3-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ A malicious actor who intentionally exploits the lack of effective
+ limitation on the number of fetches performed when processing referrals
+ can, through the use of specially crafted referrals, cause a recursing
+ server to issue a very large number of fetches in an attempt to process
+ the referral. This has at least two potential effects: The performance of
+ the recursing server can potentially be degraded by the additional work
+ required to perform these fetches, and the attacker can exploit this
+ behavior to use the recursing server as a reflector in a reflection attack
+ with a high amplification factor.
+ For more information, see:
+ https://kb.isc.org/docs/cve-2020-8616
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
+ (* Security fix *)
+x/fontconfig-2.13.92-x86_64-1.txz: Upgraded.
+x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Mon, 18 May 2020 23:30:26 GMT</title>
<pubDate>Mon, 18 May 2020 23:30:26 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20200518233026</link>