summaryrefslogtreecommitdiffstats
path: root/source/n/vsftpd/vsftpd.SlackBuild (unfollow)
Commit message (Expand)AuthorFilesLines
2022-07-01Fri Jul 1 01:23:50 UTC 2022...patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *) 20220701012350_15.0 Patrick J Volkerding5-28/+75
2022-06-29Tue Jun 28 19:16:08 UTC 2022...patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix *) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *) 20220628191608_15.0 Patrick J Volkerding6-34/+109
2022-06-24Thu Jun 23 05:30:51 UTC 2022...patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. 20220623053051_15.0 Patrick J Volkerding7-188/+1212
2022-06-14Mon Jun 13 21:02:58 UTC 2022...patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *) extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *) extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix *) 20220613210258_15.0 Patrick J Volkerding7-52/+112
2022-06-09Wed Jun 8 19:15:34 UTC 2022...patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. Information Disclosure in mod_lua with websockets. mod_sed denial of service. Denial of service in mod_lua r:parsebody. Read beyond bounds in ap_strcmp_match(). Read beyond bounds via ap_rwrite(). Read beyond bounds in mod_isapi. mod_proxy_ajp: Possible request smuggling. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.54 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 (* Security fix *) 20220608191534_15.0 Patrick J Volkerding4-22/+76
2022-06-05Sat Jun 4 18:43:17 UTC 2022...patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://www.pidgin.im/posts/2022-06-2.14.10-released/ (* Security fix *) 20220604184317_15.0 Patrick J Volkerding4-24/+46
2022-06-03Thu Jun 2 19:42:06 UTC 2022...patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *) 20220602194206_15.0 Patrick J Volkerding4-22/+64
2022-06-01Wed Jun 1 00:49:45 UTC 2022...patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-21/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *) 20220601004945_15.0 Patrick J Volkerding4-22/+62
2022-05-27Thu May 26 18:27:32 UTC 2022...patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691 (* Security fix *) 20220526182732_15.0 Patrick J Volkerding9-47/+353
2022-05-22Sat May 21 19:30:02 UTC 2022...patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458 (* Security fix *) 20220521193002_15.0 Patrick J Volkerding5-23/+89
2022-05-21Sat May 21 01:35:40 UTC 2022...patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix *) patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix *) 20220521013540_15.0 Patrick J Volkerding5-28/+72
2022-05-20Thu May 19 23:07:59 UTC 2022...patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183 (* Security fix *) 20220519230759_15.0 Patrick J Volkerding4-42/+70
2022-05-12Wed May 11 19:01:59 UTC 2022...patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778 (* Security fix *) 20220511190159_15.0 Patrick J Volkerding4-22/+78
2022-05-10Mon May 9 21:33:25 UTC 2022...patches/packages/linux-5.15.38/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.27: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494 Fixed in 5.15.28: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042 Fixed in 5.15.29: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854 Fixed in 5.15.32: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356 Fixed in 5.15.33: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516 Fixed in 5.15.34: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582 Fixed in 5.15.35: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205 Fixed in 5.15.37: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222 (* Security fix *) 20220509213325_15.0 Patrick J Volkerding22-37/+825
2022-05-05Wed May 4 21:24:57 UTC 2022...patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/ (* Security fix *) patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292 (* Security fix *) patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.12 (* Security fix *) 20220504212457_15.0 Patrick J Volkerding7-36/+82
2022-05-03Mon May 2 20:02:49 UTC 2022...patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html 20220502200249_15.0 Patrick J Volkerding16-72/+990
2022-05-01Sat Apr 30 21:18:47 UTC 2022...patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491 (* Security fix *) 20220430211847_15.0 Patrick J Volkerding9-48/+385
2022-04-28Wed Apr 27 21:43:51 UTC 2022...patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection re-use. Credential leak on redirect. Bad local IPv6 connection reuse. Auth/cookie leak on redirect. For more information, see: https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776 (* Security fix *) 20220427214351_15.0 Patrick J Volkerding7-35/+277
2022-04-26Mon Apr 25 20:55:17 UTC 2022...patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded. This update is a security and maintenance release. For more information, see: https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog (* Security fix *) 20220425205517_15.0 Patrick J Volkerding7-35/+249
2022-04-22Thu Apr 21 19:11:10 UTC 2022...patches/packages/mozilla-thunderbird-91.8.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/ 20220421191110_15.0 Patrick J Volkerding4-22/+42
2022-04-15Thu Apr 14 21:14:21 UTC 2022...patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue where a Git worktree created by another user might be able to execute arbitrary code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 (* Security fix *) patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 (* Security fix *) patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt. This update fixes a security issue: xzgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 (* Security fix *) 20220414211421_15.0 Patrick J Volkerding14-79/+873
2022-04-14Wed Apr 13 20:51:01 UTC 2022...patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Double free in Regexp compilation. Buffer overrun in String-to-Float conversion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739 (* Security fix *) 20220413205101_15.0 Patrick J Volkerding6-31/+242
2022-04-13Tue Apr 12 21:56:14 UTC 2022...patches/packages/whois-5.5.13-x86_64-1_slack15.0.txz: Upgraded. This update adds the .sd TLD server, updates the list of new gTLDs, and adds a Turkish translation. 20220412215614_15.0 Patrick J Volkerding4-23/+42
2022-04-09Fri Apr 8 20:03:36 UTC 2022...patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix and security release. Security fixes: 7zip reader: fix PPMD read beyond boundary. ZIP reader: fix possible out of bounds read. ISO reader: fix possible heap buffer overflow in read_children(). RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0). Fix heap use after free in archive_read_format_rar_read_data(). Fix null dereference in read_data_compressed(). Fix heap user after free in run_filters(). (* Security fix *) 20220408200336_15.0 Patrick J Volkerding7-39/+231
2022-04-07Wed Apr 6 20:23:46 UTC 2022...patches/packages/mozilla-thunderbird-91.8.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *) 20220406202346_15.0 Patrick J Volkerding4-22/+64
2022-04-06Tue Apr 5 19:16:30 UTC 2022...patches/packages/mozilla-firefox-91.8.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289 (* Security fix *) 20220405191630_15.0 Patrick J Volkerding4-22/+60
2022-04-04Sun Apr 3 19:57:16 UTC 2022...patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. 20220403195716_15.0 Patrick J Volkerding5-332/+450
2022-03-31Wed Mar 30 22:37:05 UTC 2022...patches/packages/vim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded. Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646. This vulnerability is capable of crashing software, bypassing protection mechanisms, modifying memory, and possibly execution of arbitrary code. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154 https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-1_slack15.0.txz: Upgraded. 20220330223705_15.0 Patrick J Volkerding13-64/+941
2022-03-29Mon Mar 28 19:33:46 UTC 2022...patches/packages/whois-5.5.12-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. Thanks to Nobby6. patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Thanks to marav. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 (* Security fix *) 20220328193346_15.0 Patrick J Volkerding10-56/+380
2022-03-26Fri Mar 25 19:18:41 UTC 2022...patches/packages/seamonkey-2.53.11.1-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.11.1 (* Security fix *) 20220325191841_15.0 Patrick J Volkerding4-25/+47
2022-03-25Thu Mar 24 20:59:09 UTC 2022...patches/packages/python3-3.9.12-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://pythoninsider.blogspot.com/2022/03/python-3104-and-3912-are-now-available.html usb-and-pxe-installers/usbimg2disk.sh: Upgraded. Calculate the space requirement by checking the size of the packages in the Slackware directory tree. 20220324205909_15.0 Patrick J Volkerding4-24/+50
2022-03-22Mon Mar 21 20:24:16 UTC 2022...patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz: Upgraded. Sorry folks, I had not meant to bump BIND to the newer branch. I've moved the other packages into /testing. Thanks to Nobby6 for pointing this out. This update fixes bugs and the following security issues: A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer() to be called recursively, which in turn left TCP connections hanging in the CLOSE_WAIT state blocking indefinitely when out-of-order processing was disabled. The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220 (* Security fix *) testing/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Moved. 20220321202416_15.0 Patrick J Volkerding6-42/+124
2022-03-20Sat Mar 19 20:28:16 UTC 2022...patches/packages/glibc-zoneinfo-2022a-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. 20220319202816_15.0 Patrick J Volkerding18-482/+3592
2022-03-19Fri Mar 18 20:16:12 UTC 2022...patches/packages/python3-3.9.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: libexpat upgraded from 2.4.1 to 2.4.7 bundled pip upgraded from 21.2.4 to 22.0.4 authorization bypass fixed in urllib.request REDoS avoided in importlib.metadata For more information, see: https://pythoninsider.blogspot.com/2022/03/python-3103-3911-3813-and-3713-are-now.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363 (* Security fix *) 20220318201612_15.0 Patrick J Volkerding14-69/+504
2022-03-18Thu Mar 17 19:46:28 UTC 2022...patches/packages/bind-9.18.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: An assertion could occur in resume_dslookup() if the fetch had been shut down earlier. Lookups involving a DNAME could trigger an INSIST when "synth-from-dnssec" was enabled. A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer() to be called recursively, which in turn left TCP connections hanging in the CLOSE_WAIT state blocking indefinitely when out-of-order processing was disabled. The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220 (* Security fix *) patches/packages/bluez-5.64-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release: Fix issue with handling A2DP discover procedure. Fix issue with media endpoint replies and SetConfiguration. Fix issue with HoG queuing events before report map is read. Fix issue with HoG and read order of GATT attributes. Fix issue with HoG and not using UHID_CREATE2 interface. Fix issue with failed scanning for 5 minutes after reboot. patches/packages/openssl-1.1.1n-x86_64-1_slack15.0.txz: Upgraded. This update fixes a high severity security issue: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. For more information, see: https://www.openssl.org/news/secadv/20220315.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778 (* Security fix *) patches/packages/openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz: Upgraded. patches/packages/qt5-5.15.3_20220312_33a3f16f-x86_64-1_slack15.0.txz: Upgraded. Thanks to Heinz Wiesinger for updating the fetch_sources.sh script to make sure that the QtWebEngine version matches the rest of Qt, which got the latest git pull compiling again. If a 32-bit userspace is detected, then: export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox" This works around crashes occuring with 32-bit QtWebEngine applications. Thanks to alienBOB. 20220317194628_15.0 Patrick J Volkerding45-232/+2725
2022-03-15Tue Mar 15 00:13:59 UTC 2022...patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_sed: Read/write beyond bounds core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody HTTP request smuggling vulnerability mod_lua: Use of uninitialized value in r:parsebody For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.53 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719 (* Security fix *) patches/packages/mozilla-firefox-91.7.1esr-x86_64-1_slack15.0.txz: Upgraded. This release makes the following change: Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox. For more information, see: https://www.mozilla.org/en-US/firefox/91.7.1/releasenotes/ (* Security fix *) 20220315001359_15.0 Patrick J Volkerding13-57/+564
2022-03-13Sat Mar 12 20:57:35 UTC 2022...patches/packages/polkit-0.120-x86_64-3_slack15.0.txz: Rebuilt. Patched to fix a security issue where an unprivileged user could cause a denial of service due to process file descriptor exhaustion. Thanks to marav. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115 (* Security fix *) 20220312205735_15.0 Patrick J Volkerding12-59/+554
2022-03-10Thu Mar 10 02:30:54 UTC 2022...patches/packages/ca-certificates-20220309-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. 20220310023054_15.0 Patrick J Volkerding14-66/+23762
2022-03-09Wed Mar 9 04:14:08 UTC 2022...patches/packages/linux-5.15.27/*: Upgraded. These updates fix various bugs and security issues, including the recently announced "Dirty Pipe" vulnerability which allows overwriting data in arbitrary read-only files (CVE-2022-0847). Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.20: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492 Fixed in 5.15.23: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0487 Fixed in 5.15.24: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25375 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25258 Fixed in 5.15.25: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847 Fixed in 5.15.26: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636 (* Security fix *) 20220309041408_15.0 Patrick J Volkerding8-294/+425
2022-03-09Tue Mar 8 04:39:53 UTC 2022...patches/packages/boost-1.78.0-x86_64-2_slack15.0.txz: Rebuilt. This update has been patched to fix a regression: Boost.Build silently skips installation of library headers and binaries in some cases. Thanks to Willy Sudiarto Raharjo. 20220308043953_15.0 Patrick J Volkerding8-38/+378
2022-03-08Tue Mar 8 00:52:43 UTC 2022...patches/packages/mozilla-firefox-91.7.0esr-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.7.0/releasenotes/ (* Security fix *) 20220308005243_15.0 Patrick J Volkerding4-22/+44
2022-03-06Sat Mar 5 19:56:26 UTC 2022...patches/packages/expat-2.4.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release: Relax fix to CVE-2022-25236 (introduced with release 2.4.5) with regard to all valid URI characters (RFC 3986). patches/packages/mozilla-firefox-91.6.1esr-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.6.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-09/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486 (* Security fix *) patches/packages/mozilla-thunderbird-91.6.2-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.6.2/releasenotes/ (* Security fix *) 20220305195626_15.0 Patrick J Volkerding6-35/+81
2022-03-03Wed Mar 2 21:39:57 UTC 2022...patches/packages/seamonkey-2.53.11-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.11 (* Security fix *) 20220302213957_15.0 Patrick J Volkerding15-80/+1044
2022-03-02Tue Mar 1 05:05:48 UTC 2022...patches/packages/libxml2-2.9.13-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Use-after-free of ID and IDREF attributes (Thanks to Shinji Sato for the report) Use-after-free in xmlXIncludeCopyRange (David Kilzer) Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) Fix memory leak in xmlXPathCompNodeTest Fix null pointer deref in xmlStringGetNodeList Fix several memory leaks found by Coverity (David King) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308 (* Security fix *) patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix use-after-free in xsltApplyTemplates Fix memory leak in xsltDocumentElem (David King) Fix memory leak in xsltCompileIdKeyPattern (David King) Fix double-free with stylesheets containing entity nodes For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560 (* Security fix *) 20220301050548_15.0 Patrick J Volkerding15-75/+596
2022-02-25Fri Feb 25 00:03:28 UTC 2022...patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407 (* Security fix *) 20220225000328_15.0 Patrick J Volkerding10-47/+310
2022-02-22Mon Feb 21 20:21:38 UTC 2022...patches/packages/expat-2.4.6-x86_64-1_slack15.0.txz: Upgraded. Fixed a regression introduced by the fix for CVE-2022-25313 that affects applications that (1) call function XML_SetElementDeclHandler and (2) are parsing XML that contains nested element declarations: (e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>"). patches/packages/flac-1.3.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes overflow issues with encoding and decoding. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561 (* Security fix *) patches/packages/mariadb-10.5.15-x86_64-2_slack15.0.txz: Rebuilt. Removed dangling symlink. 20220221202138_15.0 Patrick J Volkerding12-52/+281
2022-02-21Sun Feb 20 05:13:20 UTC 2022...patches/packages/expat-2.4.5-x86_64-1_slack15.0.txz: Upgraded. Fixed security issues that could lead to denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315 (* Security fix *) 20220220051320_15.0 Patrick J Volkerding6-37/+214
2022-02-19Fri Feb 18 05:29:00 UTC 2022...patches/packages/mozilla-thunderbird-91.6.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566 (* Security fix *) patches/packages/php-7.4.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: UAF due to php_filter_float() failing for ints. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708 (* Security fix *) extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: UAF due to php_filter_float() failing for ints. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708 (* Security fix *) extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: UAF due to php_filter_float() failing for ints. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708 (* Security fix *) 20220218052900_15.0 Patrick J Volkerding19-91/+837
2022-02-16Tue Feb 15 20:00:48 UTC 2022...patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz: Rebuilt. If root's mailbox did not already exist, it would be created with insecure permissions leading to possible local information disclosure. This update ensures that a new mailbox will be created with proper permissions and ownership, and corrects the permissions on an existing mailbox if they are found to be incorrect. Thanks to Martin for the bug report. (* Security fix *) patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz: Upgraded. This release fixes a security issue in chsh(1) and chfn(8): By default, these utilities had been linked with libreadline, which allows the INPUTRC environment variable to be abused to produce an error message containing data from an arbitrary file. So, don't link these utilities with libreadline as it does not use secure_getenv() (or a similar concept), or sanitize the config file path to avoid vulnerabilities that could occur in set-user-ID or set-group-ID programs. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563 (* Security fix *) 20220215200048_15.0 Patrick J Volkerding33-3384/+11440
2022-02-14Mon Feb 14 00:10:38 UTC 2022...patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz: Upgraded. This update fixes potential denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663 (* Security fix *) 20220214001038_15.0 Patrick J Volkerding10-55/+480