diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-03-24 19:42:46 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-03-24 21:33:23 +0100 |
| commit | 837c3ac79589e49555409aed395652eff7725470 (patch) | |
| tree | e8f1a6e9f68ac92083e1d8537ffaee3050170057 /recompress.sh | |
| parent | 2c5eed9d76afbc5014408e51cb65ec08bcbdcdc1 (diff) | |
| download | current-837c3ac79589e49555409aed395652eff7725470.tar.gz current-837c3ac79589e49555409aed395652eff7725470.tar.xz | |
Fri Mar 24 19:42:46 UTC 202320230324194246
a/glibc-zoneinfo-2023b-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
a/libbytesize-2.8-x86_64-1.txz: Upgraded.
a/tar-1.34-x86_64-3.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
ap/sqlite-3.41.2-x86_64-1.txz: Upgraded.
d/mercurial-6.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.2-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.1.0-x86_64-1.txz: Upgraded.
Diffstat (limited to 'recompress.sh')
| -rwxr-xr-x | recompress.sh | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/recompress.sh b/recompress.sh index 1ed765c4a..7523987ed 100755 --- a/recompress.sh +++ b/recompress.sh @@ -180,6 +180,7 @@ gzip ./source/a/lbzip2/lbzip2.glibc228.diff gzip ./source/a/libpwquality/doinst.sh gzip ./source/a/lrzip/doinst.sh gzip ./source/a/sysklogd/doinst.sh +gzip ./source/a/tar/CVE-2022-48303.patch gzip ./source/a/tar/tar.nolonezero.diff gzip ./source/a/genpower/genpower.halt.diff gzip ./source/a/genpower/genpower.var.diff |