diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-09-18 18:40:04 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-09-18 21:29:02 +0200 |
commit | 9191658382bcc955e2a3209799dd405f6f523442 (patch) | |
tree | 3b377ae632c9b807f1e069303c3df1cea347c2b0 /source/l/imagemagick/policy.xml.diff | |
parent | 1ca47371e62165c8d226a0f8b2b27e1aad28ff74 (diff) | |
download | current-9191658382bcc955e2a3209799dd405f6f523442.tar.gz current-9191658382bcc955e2a3209799dd405f6f523442.tar.xz |
Mon Sep 18 18:40:04 UTC 202320230918184004
a/sysklogd-2.5.2-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.11-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-45.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-45.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_16-x86_64-1.txz: Upgraded.
l/libdeflate-1.19-x86_64-1.txz: Upgraded.
l/libqalculate-4.8.1-x86_64-1.txz: Upgraded.
l/vte-0.74.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.17-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
Diffstat (limited to 'source/l/imagemagick/policy.xml.diff')
-rw-r--r-- | source/l/imagemagick/policy.xml.diff | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/source/l/imagemagick/policy.xml.diff b/source/l/imagemagick/policy.xml.diff deleted file mode 100644 index 95a02f279..000000000 --- a/source/l/imagemagick/policy.xml.diff +++ /dev/null @@ -1,32 +0,0 @@ ---- ./config/policy.xml.orig 2020-11-14 07:53:19.000000000 -0600 -+++ ./config/policy.xml 2020-11-16 13:45:10.032089547 -0600 -@@ -52,6 +52,21 @@ - <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> - --> - <policymap> -+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -+ <!-- SECURITY: disable potentially insecure coders: --> -+ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> -+ <policy domain="coder" rights="none" pattern="HTTPS" /> -+ <policy domain="coder" rights="none" pattern="MVG" /> -+ <policy domain="coder" rights="none" pattern="MSL" /> -+ <policy domain="coder" rights="none" pattern="TEXT" /> -+ <policy domain="coder" rights="none" pattern="SHOW" /> -+ <policy domain="coder" rights="none" pattern="WIN" /> -+ <policy domain="coder" rights="none" pattern="PLT" /> -+ <!-- SECURITY: prevent indirect reads: --> -+ <policy domain="path" rights="none" pattern="@*" /> -+ <!-- SECURITY: prevent pipe to shell: --> -+ <policy domain="path" rights="none" pattern="|*" /> -+ <!-- Some examples: --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> -@@ -70,7 +85,6 @@ - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> - <!-- <policy domain="cache" name="synchronize" value="True"/> --> -- <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> - <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> - <!-- <policy domain="system" name="shred" value="2"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> |