diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 569a64a98..bad42d626 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,57 @@ +Wed Feb 15 03:05:40 UTC 2023 +extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Core: Password_verify() always return true with some hash. + Core: 1-byte array overrun in common path resolve code. + SAPI: DOS vulnerability when parsing multipart request body. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-0567 + https://www.cve.org/CVERecord?id=CVE-2023-0568 + https://www.cve.org/CVERecord?id=CVE-2023-0662 + (* Security fix *) +extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Core: Password_verify() always return true with some hash. + Core: 1-byte array overrun in common path resolve code. + SAPI: DOS vulnerability when parsing multipart request body. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-0567 + https://www.cve.org/CVERecord?id=CVE-2023-0568 + https://www.cve.org/CVERecord?id=CVE-2023-0662 + (* Security fix *) +patches/packages/hwdata-0.367-noarch-1_slack15.0.txz: Upgraded. + Upgraded to get information for newer hardware. + Requested by kingbeowulf on LQ. +patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/ + https://www.cve.org/CVERecord?id=CVE-2023-25728 + https://www.cve.org/CVERecord?id=CVE-2023-25730 + https://www.cve.org/CVERecord?id=CVE-2023-25743 + https://www.cve.org/CVERecord?id=CVE-2023-0767 + https://www.cve.org/CVERecord?id=CVE-2023-25735 + https://www.cve.org/CVERecord?id=CVE-2023-25737 + https://www.cve.org/CVERecord?id=CVE-2023-25738 + https://www.cve.org/CVERecord?id=CVE-2023-25739 + https://www.cve.org/CVERecord?id=CVE-2023-25729 + https://www.cve.org/CVERecord?id=CVE-2023-25732 + https://www.cve.org/CVERecord?id=CVE-2023-25734 + https://www.cve.org/CVERecord?id=CVE-2023-25742 + https://www.cve.org/CVERecord?id=CVE-2023-25746 + (* Security fix *) +patches/packages/php-7.4.33-x86_64-3_slack15.0.txz: Rebuilt. + This update fixes security issues: + Core: Password_verify() always return true with some hash. + Core: 1-byte array overrun in common path resolve code. + SAPI: DOS vulnerability when parsing multipart request body. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-0567 + https://www.cve.org/CVERecord?id=CVE-2023-0568 + https://www.cve.org/CVERecord?id=CVE-2023-0662 + (* Security fix *) ++--------------------------+ Fri Feb 10 20:08:41 UTC 2023 patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. |