| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Tue Feb 15 20:00:48 UTC 202220220215200048_15.0 |   Patrick J Volkerding | 2022-02-16 | 29 | -0/+7956 |
| | | | | | | | | | | | | | | | | | | | | | | patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt. If root's mailbox did not already exist, it would be created with insecure permissions leading to possible local information disclosure. This update ensures that a new mailbox will be created with proper permissions and ownership, and corrects the permissions on an existing mailbox if they are found to be incorrect. Thanks to Martin for the bug report. (* Security fix *) patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded. This release fixes a security issue in chsh(1) and chfn(8): By default, these utilities had been linked with libreadline, which allows the INPUTRC environment variable to be abused to produce an error message containing data from an arbitrary file. So, don't link these utilities with libreadline as it does not use secure_getenv() (or a similar concept), or sanitize the config file path to avoid vulnerabilities that could occur in set-user-ID or set-group-ID programs. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563 (* Security fix *) | ||||
| * | Mon Feb 14 00:10:38 UTC 202220220214001038_15.0 | Patrick J Volkerding | 2022-02-14 | 6 | -0/+383 |
| | | | | | | | | | | | | | patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded. This update fixes potential denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663 (* Security fix *) | ||||
| * | Thu Feb 10 01:46:55 UTC 202220220210014655_15.0 | Patrick J Volkerding | 2022-02-10 | 40 | -0/+3636 |
| patches/packages/at-3.2.3-x86_64-1_slack15.0.txz: Upgraded. Switched to at-3.2.3 since version 3.2.4 has a regression that causes queued jobs to not always run on time when atd is run as a standalone daemon. Thanks to Cesare. patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-05/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764 (* Security fix *) patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6 (* Security fix *) | |||||
 |
index : current | |
| Tracking development of slackware-current | alien@slackware.com |
| summaryrefslogtreecommitdiffstats |