diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-18 21:13:58 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-04-19 08:59:44 +0200 |
| commit | e2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch) | |
| tree | d595288d3ad1e2512cef499ce15c79b8f32a1a14 /ChangeLog.rss | |
| parent | 4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff) | |
| download | current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.xz | |
Thu Apr 18 21:13:58 UTC 201920190418211358
ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/icu4c-64.2-x86_64-1.txz: Upgraded.
l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/zstd-1.4.0-x86_64-1.txz: Upgraded.
n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *)
n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
n/openssh-8.0p1-x86_64-1.txz: Upgraded.
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *)
xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
Compiled against libcdio-2.1.0.
xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
Compiled against libcdio-2.1.0.
extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 56 |
1 files changed, 54 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index da445ce2e..9f6267df9 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,62 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate> - <lastBuildDate>Thu, 18 Apr 2019 15:59:41 GMT</lastBuildDate> + <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate> + <lastBuildDate>Fri, 19 Apr 2019 06:59:41 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.10</generator> <item> + <title>Thu, 18 Apr 2019 21:13:58 GMT</title> + <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20190418211358</link> + <guid isPermaLink="false">20190418211358</guid> + <description> + <![CDATA[<pre> +ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded. +ap/sysstat-12.1.4-x86_64-1.txz: Upgraded. +l/gvfs-1.40.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/icu4c-64.2-x86_64-1.txz: Upgraded. +l/libcddb-1.3.2-x86_64-6.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/libcdio-2.1.0-x86_64-1.txz: Upgraded. + Shared library .so-version bump. +l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/zstd-1.4.0-x86_64-1.txz: Upgraded. +n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded. +n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Trying to login with 8bit username containing invalid UTF8 input causes + auth process to crash if auth policy is enabled. This could be used rather + easily to cause a DoS. Similar crash also happens during mail delivery + when using invalid UTF8 in From or Subject header when OX push + notification driver is used. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 + (* Security fix *) +n/nghttp2-1.38.0-x86_64-1.txz: Upgraded. +n/openssh-8.0p1-x86_64-1.txz: Upgraded. + This release contains a mitigation for a weakness in the scp(1) tool + and protocol (CVE-2019-6111): when copying files from a remote system + to a local directory, scp(1) did not verify that the filenames that + the server sent matched those requested by the client. This could + allow a hostile server to create or clobber unexpected local files + with attacker-controlled content. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + (* Security fix *) +xap/MPlayer-20190418-x86_64-1.txz: Upgraded. + Compiled against libcdio-2.1.0. +xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded. + Compiled against libcdio-2.1.0. +extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt. + Recompiled against libcdio-2.1.0. + </pre>]]> + </description> + </item> + <item> <title>Wed, 17 Apr 2019 20:27:23 GMT</title> <pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20190417202723</link> |