summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Wed Sep 28 18:59:51 UTC 202220220928185951_15.0 Patrick J Volkerding2022-09-2910-65/+737
| | | | | | | | | | | | | patches/packages/xorg-server-xwayland-21.1.4-x86_64-2_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. I hadn't realized that the xorg-server patches were needed (or applied cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *)
* Mon Sep 26 19:43:54 UTC 202220220926194354_15.0 Patrick J Volkerding2022-09-2715-74/+407
| | | | | | | | | | | | | | | | | | | | | | patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz: Upgraded. Fix write-after-free error in DHCPv6 server code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 (* Security fix *) patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21 pointed out an issue where the defaults.vim file might need to be edited for some purposes as its contents will override the settings in the system-wide vimrc. Usually this file is replaced whenever vim is upgraded, which in those situations would be inconvenient for the admin. So, I've added support for a file named defaults.vim.custom which (if it exists) will be used instead of the defaults.vim file shipped in the package and will persist through upgrades. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296 (* Security fix *) patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.
* Fri Sep 23 23:51:02 UTC 202220220923235102_15.0 Patrick J Volkerding2022-09-245-24/+50
| | | | | | | | | | patches/packages/vim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256 (* Security fix *) patches/packages/vim-gvim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 22 19:50:20 UTC 202220220922195020_15.0 Patrick J Volkerding2022-09-235-185/+620
| | | | | | patches/packages/ca-certificates-20220922-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.
* Wed Sep 21 19:19:07 UTC 202220220921191907_15.0 Patrick J Volkerding2022-09-229-40/+203
| | | | | | | | | | | | patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed crash when using the CUPS web setup interface: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing it (Issue #409). Thanks to MisterL, bryjen, and kjhambrick. Fixed an OpenSSL certificate loading issue: [PATCH] The OpenSSL code path wasn't loading the full certificate chain (Issue #465). Thanks to tmmukunn.
* Tue Sep 20 22:50:28 UTC 202220220920225028_15.0 Patrick J Volkerding2022-09-2128-147/+62460
| | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix *) patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-41/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962 (* Security fix *) patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/
* Sun Sep 18 19:02:14 UTC 202220220918190214_15.0 Patrick J Volkerding2022-09-195-24/+50
| | | | | | | | | | patches/packages/vim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded. Fixed heap-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234 (* Security fix *) patches/packages/vim-gvim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded.
* Sat Sep 10 01:51:43 UTC 202220220910015143_15.0 Patrick J Volkerding2022-09-116-41/+56
| | | | | | | | | | patches/packages/vim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded. Fixed null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153 (* Security fix *) patches/packages/vim-gvim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 8 01:33:19 UTC 202220220908013319_15.0 Patrick J Volkerding2022-09-085-23/+86
| | | | | | | patches/packages/mozilla-thunderbird-102.2.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
* Tue Sep 6 20:21:24 UTC 202220220906202124_15.0 Patrick J Volkerding2022-09-0715-82/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1. patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *) patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. Some accounts may need to be reconfigured after moving from Thunderbird 91.13.0 to Thunderbird 102.2.1. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059 (* Security fix *) patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 (* Security fix *) patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.
* Thu Sep 1 20:01:13 UTC 202220220901200113_15.0 Patrick J Volkerding2022-09-029-49/+312
| | | | | | | | patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt. [PATCH] JBIG2Stream: Fix crash on broken file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860 (* Security fix *)
* Tue Aug 30 19:39:30 UTC 202220220830193930_15.0 Patrick J Volkerding2022-08-3110-48/+130
| | | | | | | | | | | | | | | | | | | | | | | | | extra/sendmail/sendmail-8.17.1-x86_64-4_slack15.0.txz: Rebuilt. Patched sendmail.h to fix SASL auth. Thanks to af7567. Build without -DUSE_EAI (which is evidently considered experimental) since the option breaks the vacation binary. Thanks to bitfuzzy and HQuest. It is possible that this could work but requires additional options. I found this in the ChangeLog for the SUSE rpm: Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Any assistance with getting -DUSE_EAI working properly would be appreciated. extra/sendmail/sendmail-cf-8.17.1-noarch-4_slack15.0.txz: Rebuilt. patches/packages/vim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016 (* Security fix *) patches/packages/vim-gvim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded.
* Fri Aug 26 04:02:20 UTC 202220220826040220_15.0 Patrick J Volkerding2022-08-2717-448/+235
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/linux-5.15.63/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.39: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734 Fixed in 5.15.40: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943 Fixed in 5.15.41: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012 Fixed in 5.15.42: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 Fixed in 5.15.44: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789 Fixed in 5.15.45: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503 Fixed in 5.15.46: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973 Fixed in 5.15.47: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981 Fixed in 5.15.48: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123 Fixed in 5.15.53: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744 Fixed in 5.15.54: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918 Fixed in 5.15.56: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123 Fixed in 5.15.57: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901 Fixed in 5.15.58: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879 Fixed in 5.15.59: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946 Fixed in 5.15.60: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373 Fixed in 5.15.61: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 (* Security fix *) patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded. We're just going to move to vim-9 instead of continuing to backport patches to the vim-8 branch. Most users will be better served by this. Fixed use after free and null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923 (* Security fix *) patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.
* Tue Aug 23 19:27:56 UTC 202220220823192756_15.0 Patrick J Volkerding2022-08-2414-84/+339
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt. In recent versions of glibc, USE_INET6 has been removed which caused sendmail to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the site.config.m4 allows the reverse lookups to work again fixing this issue. Thanks to talo. extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt. patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded. Fixed invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 (* Security fix *) patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *) patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix *)
* Sat Aug 20 20:04:15 UTC 202220220820200415_15.0 Patrick J Volkerding2022-08-219-29/+295
| | | | | | | | | | patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt. Fix use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.
* Thu Aug 18 23:19:52 UTC 202220220818231952_15.0 Patrick J Volkerding2022-08-194-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Wed Aug 17 20:41:53 UTC 202220220817204153_15.0 Patrick J Volkerding2022-08-1811-37/+218
| | | | | | | | | | | | patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
* Tue Aug 16 18:51:34 UTC 202220220816185134_15.0 Patrick J Volkerding2022-08-174-21/+53
| | | | | | | | | | | | | patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 (* Security fix *)
* Mon Aug 15 20:23:47 UTC 202220220815202347_15.0 Patrick J Volkerding2022-08-166-33/+226
| | | | | | | | | | | | | | | patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 (* Security fix *)
* Sat Aug 13 19:12:40 UTC 202220220813191240_15.0 Patrick J Volkerding2022-08-144-24/+40
| | | | | patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.
* Tue Aug 9 19:25:22 UTC 202220220809192522_15.0 Patrick J Volkerding2022-08-106-27/+103
| | | | | | | | patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix update. Applied an upstream patch to restore the handling of CRC inputs to be the same as in previous releases of zlib. This fixes an issue with OpenJDK. Thanks to alienBOB.
* Fri Jul 29 19:59:03 UTC 202220220729195903_15.0 Patrick J Volkerding2022-07-306-44/+274
| | | | | | | | | patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 (* Security fix *)
* Thu Jul 28 23:48:36 UTC 202220220728234836_15.0 Patrick J Volkerding2022-07-294-22/+46
| | | | | | | | | patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12 (* Security fix *)
* Wed Jul 27 19:17:38 UTC 202220220727191738_15.0 Patrick J Volkerding2022-07-285-25/+81
| | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 (* Security fix *)
* Mon Jul 25 20:53:49 UTC 202220220725205349_15.0 Patrick J Volkerding2022-07-2611-107/+826
| | | | | | | | | | | | | | | patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/ (* Security fix *) patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release. Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14. Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and possibly other programs) might have trouble linking with it since it's not in the LD_LIBRARY_PATH. Thanks to oneforall.
* Thu Jul 21 18:13:18 UTC 202220220721181318_15.0 Patrick J Volkerding2022-07-2217-66/+1106
| | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810 (* Security fix *)
* Wed Jul 13 19:56:59 UTC 202220220713195659_15.0 Patrick J Volkerding2022-07-1434-223/+2460
| | | | | | | | | | | | | | patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.
* Mon Jul 11 19:22:52 UTC 202220220711192252_15.0 Patrick J Volkerding2022-07-124-21/+43
| | | | | | | | patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.13 (* Security fix *)
* Sun Jul 10 18:49:34 UTC 202220220710184934_15.0 Patrick J Volkerding2022-07-117-43/+245
| | | | | | | | | patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded. WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially crafted DSD file causes an out-of-bounds read exception. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269 (* Security fix *)
* Thu Jul 7 23:03:01 UTC 202220220707230301_15.0 Patrick J Volkerding2022-07-087-52/+266
| | | | | | | | | | | | | | | patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded. g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903 (* Security fix *) extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627 (* Security fix *)
* Tue Jul 5 20:17:00 UTC 202220220705201700_15.0 Patrick J Volkerding2022-07-065-25/+57
| | | | | | | | | | | | | patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Heap memory corruption with RSA private key operation. AES OCB fails to encrypt some bytes. For more information, see: https://www.openssl.org/news/secadv/20220705.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097 (* Security fix *) patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.
* Fri Jul 1 01:23:50 UTC 202220220701012350_15.0 Patrick J Volkerding2022-07-015-28/+75
| | | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *)
* Tue Jun 28 19:16:08 UTC 202220220628191608_15.0 Patrick J Volkerding2022-06-296-34/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix *) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *)
* Thu Jun 23 05:30:51 UTC 202220220623053051_15.0 Patrick J Volkerding2022-06-247-188/+1212
| | | | | | | | | | | | | | | | | | | patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
* Mon Jun 13 21:02:58 UTC 202220220613210258_15.0 Patrick J Volkerding2022-06-147-52/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *) extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *) extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *)
* Wed Jun 8 19:15:34 UTC 202220220608191534_15.0 Patrick J Volkerding2022-06-094-22/+76
| | | | | | | | | | | | | | | | | | | | | | | | patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. Information Disclosure in mod_lua with websockets. mod_sed denial of service. Denial of service in mod_lua r:parsebody. Read beyond bounds in ap_strcmp_match(). Read beyond bounds via ap_rwrite(). Read beyond bounds in mod_isapi. mod_proxy_ajp: Possible request smuggling. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.54 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 (* Security fix *)
* Sat Jun 4 18:43:17 UTC 202220220604184317_15.0 Patrick J Volkerding2022-06-054-24/+46
| | | | | | | | patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://www.pidgin.im/posts/2022-06-2.14.10-released/ (* Security fix *)
* Thu Jun 2 19:42:06 UTC 202220220602194206_15.0 Patrick J Volkerding2022-06-034-22/+64
| | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)
* Wed Jun 1 00:49:45 UTC 202220220601004945_15.0 Patrick J Volkerding2022-06-014-22/+62
| | | | | | | | | | | | | | | | | patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-21/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)
* Thu May 26 18:27:32 UTC 202220220526182732_15.0 Patrick J Volkerding2022-05-279-47/+353
| | | | | | | | patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691 (* Security fix *)
* Sat May 21 19:30:02 UTC 202220220521193002_15.0 Patrick J Volkerding2022-05-225-23/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458 (* Security fix *)
* Sat May 21 01:35:40 UTC 202220220521013540_15.0 Patrick J Volkerding2022-05-215-28/+72
| | | | | | | | | | | | | | | | | | | patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix *) patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix *)
* Thu May 19 23:07:59 UTC 202220220519230759_15.0 Patrick J Volkerding2022-05-204-42/+70
| | | | | | | | | | | patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183 (* Security fix *)
* Wed May 11 19:01:59 UTC 202220220511190159_15.0 Patrick J Volkerding2022-05-124-22/+78
| | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778 (* Security fix *)
* Mon May 9 21:33:25 UTC 202220220509213325_15.0 Patrick J Volkerding2022-05-1022-37/+825
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | patches/packages/linux-5.15.38/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.27: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494 Fixed in 5.15.28: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042 Fixed in 5.15.29: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854 Fixed in 5.15.32: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356 Fixed in 5.15.33: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516 Fixed in 5.15.34: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582 Fixed in 5.15.35: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205 Fixed in 5.15.37: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222 (* Security fix *)
* Wed May 4 21:24:57 UTC 202220220504212457_15.0 Patrick J Volkerding2022-05-057-36/+82
| | | | | | | | | | | | | | | | | | | | patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/ (* Security fix *) patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292 (* Security fix *) patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.12 (* Security fix *)
* Mon May 2 20:02:49 UTC 202220220502200249_15.0 Patrick J Volkerding2022-05-0316-72/+990
| | | | | | | | | | | | | | | | | | | | | | patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html
* Sat Apr 30 21:18:47 UTC 202220220430211847_15.0 Patrick J Volkerding2022-05-019-48/+385
| | | | | | | | | | patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491 (* Security fix *)
* Wed Apr 27 21:43:51 UTC 202220220427214351_15.0 Patrick J Volkerding2022-04-287-35/+277
| | | | | | | | | | | | | | | | | | | patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection re-use. Credential leak on redirect. Bad local IPv6 connection reuse. Auth/cookie leak on redirect. For more information, see: https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776 (* Security fix *)
* Mon Apr 25 20:55:17 UTC 202220220425205517_15.0 Patrick J Volkerding2022-04-267-35/+249
| | | | | | | | patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded. This update is a security and maintenance release. For more information, see: https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog (* Security fix *)
generated by cgit v1.2.3 (git 2.26.2) at 2024-05-03 13:09:11 +0000