diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-01-31 20:46:25 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-02-01 08:59:50 +0100 |
| commit | 4e955dc4b6fff43956d47c0286bb698e03f14b11 (patch) | |
| tree | 8821f786c06617480dce97b28c23ee78836010c2 /ChangeLog.rss | |
| parent | 0012caf61824ffcca7bbe5cd19b79612d6445307 (diff) | |
| download | current-4e955dc4b6fff43956d47c0286bb698e03f14b11.tar.gz current-4e955dc4b6fff43956d47c0286bb698e03f14b11.tar.xz | |
Fri Jan 31 20:46:25 UTC 202020200131204625
a/util-linux-2.35.1-x86_64-1.txz: Upgraded.
a/zerofree-1.1.1-x86_64-1.txz: Added.
Also queued up for the next installer build. Thanks to bifferos.
ap/sudo-1.8.31-x86_64-1.txz: Upgraded.
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in some Linux distributions; however, it
is not the default for upstream or in Slackware, and would exist only if
enabled by an administrator.) The attacker needs to deliver a long string
to the stdin of getln() in tgetpass.c.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
(* Security fix *)
n/NetworkManager-1.22.6-x86_64-1.txz: Upgraded.
n/openldap-client-2.4.49-x86_64-1.txz: Upgraded.
xfce/Thunar-1.8.11-x86_64-1.txz: Removed.
xfce/thunar-1.8.12-x86_64-1.txz: Added.
Changed package name from "Thunar" to "thunar" to follow upstream's naming.
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 969840e48..06e570489 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,39 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Fri, 31 Jan 2020 03:36:03 GMT</pubDate> - <lastBuildDate>Fri, 31 Jan 2020 07:59:41 GMT</lastBuildDate> + <pubDate>Fri, 31 Jan 2020 20:46:25 GMT</pubDate> + <lastBuildDate>Sat, 1 Feb 2020 07:59:45 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.11</generator> <item> + <title>Fri, 31 Jan 2020 20:46:25 GMT</title> + <pubDate>Fri, 31 Jan 2020 20:46:25 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20200131204625</link> + <guid isPermaLink="false">20200131204625</guid> + <description> + <![CDATA[<pre> +a/util-linux-2.35.1-x86_64-1.txz: Upgraded. +a/zerofree-1.1.1-x86_64-1.txz: Added. + Also queued up for the next installer build. Thanks to bifferos. +ap/sudo-1.8.31-x86_64-1.txz: Upgraded. + This update fixes a security issue: + In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can + trigger a stack-based buffer overflow in the privileged sudo process. + (pwfeedback is a default setting in some Linux distributions; however, it + is not the default for upstream or in Slackware, and would exist only if + enabled by an administrator.) The attacker needs to deliver a long string + to the stdin of getln() in tgetpass.c. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634 + (* Security fix *) +n/NetworkManager-1.22.6-x86_64-1.txz: Upgraded. +n/openldap-client-2.4.49-x86_64-1.txz: Upgraded. +xfce/Thunar-1.8.11-x86_64-1.txz: Removed. +xfce/thunar-1.8.12-x86_64-1.txz: Added. + Changed package name from "Thunar" to "thunar" to follow upstream's naming. + </pre>]]> + </description> + </item> + <item> <title>Fri, 31 Jan 2020 03:36:03 GMT</title> <pubDate>Fri, 31 Jan 2020 03:36:03 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20200131033603</link> |