Fri Aug 4 20:17:36 UTC 202320230804201736_15.0

extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3823 (* Security fix *) extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. We'll hang onto this just in case. patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ https://www.cve.org/CVERecord?id=CVE-2023-4045 https://www.cve.org/CVERecord?id=CVE-2023-4046 https://www.cve.org/CVERecord?id=CVE-2023-4047 https://www.cve.org/CVERecord?id=CVE-2023-4048 https://www.cve.org/CVERecord?id=CVE-2023-4049 https://www.cve.org/CVERecord?id=CVE-2023-4050 https://www.cve.org/CVERecord?id=CVE-2023-4052 https://www.cve.org/CVERecord?id=CVE-2023-4054 https://www.cve.org/CVERecord?id=CVE-2023-4055 https://www.cve.org/CVERecord?id=CVE-2023-4056 https://www.cve.org/CVERecord?id=CVE-2023-4057 (* Security fix *) patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because Windows has made changes that break Samba 4.15.x. The last 4.15.x will be retained in /pasture as a fallback. There may be some required configuration changes with this, but we've kept using MIT Kerberos to try to have the behavior change as little as possible. Upgrade carefully. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2023-08-04 20:17:36 +0000
committer: Eric Hameleers <alien@slackware.com> 2023-08-05 13:30:38 +0200
commit: 79e6c8efb811e73296062977a5f840c4c7cb0f1c (patch)
tree: d2bc8c1db1ae29eaffc32f50c61ba7a82b55955c /ChangeLog.rss
parent: af3a1b13c3fc7185876bb746f520dcae15c94c8e (diff)
download: current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.gz
current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.xz
1 files changed, 75 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 5f5508f6c..ebe812777 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,83 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Tue,  1 Aug 2023 19:50:53 GMT</pubDate>
-      <lastBuildDate>Wed,  2 Aug 2023 11:30:21 GMT</lastBuildDate>
+      <pubDate>Fri,  4 Aug 2023 20:17:36 GMT</pubDate>
+      <lastBuildDate>Sat,  5 Aug 2023 11:30:25 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Fri,  4 Aug 2023 20:17:36 GMT</title>
+         <pubDate>Fri,  4 Aug 2023 20:17:36 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20230804201736</link>
+         <guid isPermaLink="false">20230804201736</guid>
+         <description>
+           <![CDATA[<pre>
+extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
+  loading in XML without enabling it).
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-3823
+  (* Security fix *)
+extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
+  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
+pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
+  We'll hang onto this just in case.
+patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
+  This update contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
+    https://www.cve.org/CVERecord?id=CVE-2023-4045
+    https://www.cve.org/CVERecord?id=CVE-2023-4046
+    https://www.cve.org/CVERecord?id=CVE-2023-4047
+    https://www.cve.org/CVERecord?id=CVE-2023-4048
+    https://www.cve.org/CVERecord?id=CVE-2023-4049
+    https://www.cve.org/CVERecord?id=CVE-2023-4050
+    https://www.cve.org/CVERecord?id=CVE-2023-4052
+    https://www.cve.org/CVERecord?id=CVE-2023-4054
+    https://www.cve.org/CVERecord?id=CVE-2023-4055
+    https://www.cve.org/CVERecord?id=CVE-2023-4056
+    https://www.cve.org/CVERecord?id=CVE-2023-4057
+  (* Security fix *)
+patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This is a bugfix release.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
+patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
+  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
+  branch because Windows has made changes that break Samba 4.15.x. The last
+  4.15.x will be retained in /pasture as a fallback. There may be some
+  required configuration changes with this, but we've kept using MIT Kerberos
+  to try to have the behavior change as little as possible. Upgrade carefully.
+  This update fixes security issues:
+  When winbind is used for NTLM authentication, a maliciously crafted request
+  can trigger an out-of-bounds read in winbind and possibly crash it.
+  SMB2 packet signing is not enforced if an admin configured
+  "server signing = required" or for SMB2 connections to Domain Controllers
+  where SMB2 packet signing is mandatory.
+  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
+  triggered by an unauthenticated attacker by issuing a malformed RPC request.
+  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
+  used by an unauthenticated attacker to trigger a process crash in a shared
+  RPC mdssvc worker process.
+  As part of the Spotlight protocol Samba discloses the server-side absolute
+  path of shares and files and directories in search results.
+  For more information, see:
+    https://www.samba.org/samba/security/CVE-2022-2127.html
+    https://www.samba.org/samba/security/CVE-2023-3347.html
+    https://www.samba.org/samba/security/CVE-2023-34966.html
+    https://www.samba.org/samba/security/CVE-2023-34967.html
+    https://www.samba.org/samba/security/CVE-2023-34968.html
+    https://www.cve.org/CVERecord?id=CVE-2022-2127
+    https://www.cve.org/CVERecord?id=CVE-2023-3347
+    https://www.cve.org/CVERecord?id=CVE-2023-34966
+    https://www.cve.org/CVERecord?id=CVE-2023-34967
+    https://www.cve.org/CVERecord?id=CVE-2023-34968
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Tue,  1 Aug 2023 19:50:53 GMT</title>
          <pubDate>Tue,  1 Aug 2023 19:50:53 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20230801195053</link>
author	Patrick J Volkerding <volkerdi@slackware.com>	2023-08-04 20:17:36 +0000
committer	Eric Hameleers <alien@slackware.com>	2023-08-05 13:30:38 +0200
commit	79e6c8efb811e73296062977a5f840c4c7cb0f1c (patch)
tree	d2bc8c1db1ae29eaffc32f50c61ba7a82b55955c /ChangeLog.rss
parent	af3a1b13c3fc7185876bb746f520dcae15c94c8e (diff)
download	current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.gz current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.xz