diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-18 21:13:58 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-04-19 08:59:44 +0200 |
| commit | e2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch) | |
| tree | d595288d3ad1e2512cef499ce15c79b8f32a1a14 /ChangeLog.txt | |
| parent | 4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff) | |
| download | current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.xz | |
Thu Apr 18 21:13:58 UTC 201920190418211358
ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/icu4c-64.2-x86_64-1.txz: Upgraded.
l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/zstd-1.4.0-x86_64-1.txz: Upgraded.
n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *)
n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
n/openssh-8.0p1-x86_64-1.txz: Upgraded.
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *)
xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
Compiled against libcdio-2.1.0.
xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
Compiled against libcdio-2.1.0.
extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 21ee7c741..784f2bffd 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,47 @@ +Thu Apr 18 21:13:58 UTC 2019 +ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded. +ap/sysstat-12.1.4-x86_64-1.txz: Upgraded. +l/gvfs-1.40.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/icu4c-64.2-x86_64-1.txz: Upgraded. +l/libcddb-1.3.2-x86_64-6.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/libcdio-2.1.0-x86_64-1.txz: Upgraded. + Shared library .so-version bump. +l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/zstd-1.4.0-x86_64-1.txz: Upgraded. +n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded. +n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Trying to login with 8bit username containing invalid UTF8 input causes + auth process to crash if auth policy is enabled. This could be used rather + easily to cause a DoS. Similar crash also happens during mail delivery + when using invalid UTF8 in From or Subject header when OX push + notification driver is used. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 + (* Security fix *) +n/nghttp2-1.38.0-x86_64-1.txz: Upgraded. +n/openssh-8.0p1-x86_64-1.txz: Upgraded. + This release contains a mitigation for a weakness in the scp(1) tool + and protocol (CVE-2019-6111): when copying files from a remote system + to a local directory, scp(1) did not verify that the filenames that + the server sent matched those requested by the client. This could + allow a hostile server to create or clobber unexpected local files + with attacker-controlled content. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + (* Security fix *) +xap/MPlayer-20190418-x86_64-1.txz: Upgraded. + Compiled against libcdio-2.1.0. +xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded. + Compiled against libcdio-2.1.0. +extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt. + Recompiled against libcdio-2.1.0. ++--------------------------+ Wed Apr 17 20:27:23 UTC 2019 a/kernel-generic-4.19.35-x86_64-1.txz: Upgraded. a/kernel-huge-4.19.35-x86_64-1.txz: Upgraded. |