slackware-current

mirror of git://slackware.nl/current.git synced 2025-01-24 08:01:36 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	d17567f359	Thu Dec 8 22:48:34 UTC 2022 patches/packages/emacs-27.2-x86_64-2_slack15.0.txz: Rebuilt. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix ) patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded. This update fixes various security issues such as a heap-based buffer overflow and use after free. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-4141 https://www.cve.org/CVERecord?id=CVE-2022-3591 https://www.cve.org/CVERecord?id=CVE-2022-3520 https://www.cve.org/CVERecord?id=CVE-2022-3491 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://www.cve.org/CVERecord?id=CVE-2022-4293 ( Security fix *) patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.	2022-12-09 13:30:05 +01:00
Patrick J Volkerding	c3b931c533	Mon Dec 5 21:00:46 UTC 2022 patches/packages/ca-certificates-20221205-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.	2022-12-06 13:30:35 +01:00
Patrick J Volkerding	f2cf8c475b	Fri Dec 2 20:58:24 UTC 2022 patches/packages/krusader-2.8.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/mozilla-thunderbird-102.5.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.5.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/ https://www.cve.org/CVERecord?id=CVE-2022-45414 (* Security fix *)	2022-12-03 13:30:20 +01:00
Patrick J Volkerding	cd369db342	Tue Nov 29 20:56:03 UTC 2022 patches/packages/kernel-firmware-20221123_cdf9499-noarch-1.txz: Upgraded. patches/packages/linux-5.15.80/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.63: https://www.cve.org/CVERecord?id=CVE-2022-3629 https://www.cve.org/CVERecord?id=CVE-2022-3635 https://www.cve.org/CVERecord?id=CVE-2022-3633 https://www.cve.org/CVERecord?id=CVE-2022-3625 Fixed in 5.15.64: https://www.cve.org/CVERecord?id=CVE-2022-39190 https://www.cve.org/CVERecord?id=CVE-2022-3028 https://www.cve.org/CVERecord?id=CVE-2022-2905 Fixed in 5.15.65: https://www.cve.org/CVERecord?id=CVE-2022-42703 https://www.cve.org/CVERecord?id=CVE-2022-3176 Fixed in 5.15.66: https://www.cve.org/CVERecord?id=CVE-2022-4095 https://www.cve.org/CVERecord?id=CVE-2022-20421 Fixed in 5.15.68: https://www.cve.org/CVERecord?id=CVE-2022-3303 https://www.cve.org/CVERecord?id=CVE-2022-2663 https://www.cve.org/CVERecord?id=CVE-2022-40307 https://www.cve.org/CVERecord?id=CVE-2022-3586 Fixed in 5.15.70: https://www.cve.org/CVERecord?id=CVE-2022-0171 https://www.cve.org/CVERecord?id=CVE-2022-39842 https://www.cve.org/CVERecord?id=CVE-2022-3061 Fixed in 5.15.72: https://www.cve.org/CVERecord?id=CVE-2022-2308 Fixed in 5.15.73: https://www.cve.org/CVERecord?id=CVE-2022-2978 https://www.cve.org/CVERecord?id=CVE-2022-43750 Fixed in 5.15.74: https://www.cve.org/CVERecord?id=CVE-2022-40768 https://www.cve.org/CVERecord?id=CVE-2022-42721 https://www.cve.org/CVERecord?id=CVE-2022-3621 https://www.cve.org/CVERecord?id=CVE-2022-42722 https://www.cve.org/CVERecord?id=CVE-2022-42719 https://www.cve.org/CVERecord?id=CVE-2022-41674 https://www.cve.org/CVERecord?id=CVE-2022-3649 https://www.cve.org/CVERecord?id=CVE-2022-3646 https://www.cve.org/CVERecord?id=CVE-2022-42720 Fixed in 5.15.75: https://www.cve.org/CVERecord?id=CVE-2022-43945 https://www.cve.org/CVERecord?id=CVE-2022-41849 https://www.cve.org/CVERecord?id=CVE-2022-3535 https://www.cve.org/CVERecord?id=CVE-2022-3594 https://www.cve.org/CVERecord?id=CVE-2022-2602 https://www.cve.org/CVERecord?id=CVE-2022-41850 https://www.cve.org/CVERecord?id=CVE-2022-3565 https://www.cve.org/CVERecord?id=CVE-2022-3542 Fixed in 5.15.77: https://www.cve.org/CVERecord?id=CVE-2022-3524 Fixed in 5.15.78: https://www.cve.org/CVERecord?id=CVE-2022-3628 https://www.cve.org/CVERecord?id=CVE-2022-3623 https://www.cve.org/CVERecord?id=CVE-2022-42896 https://www.cve.org/CVERecord?id=CVE-2022-42895 https://www.cve.org/CVERecord?id=CVE-2022-3543 https://www.cve.org/CVERecord?id=CVE-2022-3564 https://www.cve.org/CVERecord?id=CVE-2022-3619 Fixed in 5.15.80: https://www.cve.org/CVERecord?id=CVE-2022-3521 https://www.cve.org/CVERecord?id=CVE-2022-3169 ( Security fix *) patches/packages/openssl-1.1.1s-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/openssl-solibs-1.1.1s-x86_64-1_slack15.0.txz: Upgraded.	2022-11-30 13:30:31 +01:00
Patrick J Volkerding	860213618e	Thu Nov 17 20:02:33 UTC 2022 patches/packages/freerdp-2.9.0-x86_64-1_slack15.0.txz: Upgraded. Fixed multiple client side input validation issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-39316 https://www.cve.org/CVERecord?id=CVE-2022-39317 https://www.cve.org/CVERecord?id=CVE-2022-39318 https://www.cve.org/CVERecord?id=CVE-2022-39319 https://www.cve.org/CVERecord?id=CVE-2022-39320 https://www.cve.org/CVERecord?id=CVE-2022-41877 https://www.cve.org/CVERecord?id=CVE-2022-39347 (* Security fix *)	2022-11-18 13:30:33 +01:00
Patrick J Volkerding	45ec128def	Thu Nov 17 01:49:28 UTC 2022 patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed integer overflows in PAC parsing. Fixed memory leak in OTP kdcpreauth module. Fixed PKCS11 module path search. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-42898 (* Security fix ) patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 ( Security fix ) patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ https://www.cve.org/CVERecord?id=CVE-2022-45403 https://www.cve.org/CVERecord?id=CVE-2022-45404 https://www.cve.org/CVERecord?id=CVE-2022-45405 https://www.cve.org/CVERecord?id=CVE-2022-45406 https://www.cve.org/CVERecord?id=CVE-2022-45408 https://www.cve.org/CVERecord?id=CVE-2022-45409 https://www.cve.org/CVERecord?id=CVE-2022-45410 https://www.cve.org/CVERecord?id=CVE-2022-45411 https://www.cve.org/CVERecord?id=CVE-2022-45412 https://www.cve.org/CVERecord?id=CVE-2022-45416 https://www.cve.org/CVERecord?id=CVE-2022-45418 https://www.cve.org/CVERecord?id=CVE-2022-45420 https://www.cve.org/CVERecord?id=CVE-2022-45421 ( Security fix ) patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded. Fixed a security issue where Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. For more information, see: https://www.samba.org/samba/security/CVE-2022-42898.html https://www.cve.org/CVERecord?id=CVE-2022-42898 ( Security fix *) patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded. This update fixes regressions in the previous security fix: mime-settings: Properly quote command parameters. Revert "Escape characters which do not belong into an URI/URL (Issue #390)."	2022-11-17 13:30:31 +01:00
Patrick J Volkerding	68513bbb1b	Thu Nov 10 19:47:59 UTC 2022 patches/packages/php-7.4.33-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 (* Security fix *)	2022-11-11 13:30:28 +01:00
Patrick J Volkerding	ff521ad792	Wed Nov 9 22:16:30 UTC 2022 patches/packages/sysstat-12.7.1-x86_64-1_slack15.0.txz: Upgraded. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-39377 (* Security fix ) patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txz: Upgraded. Fixed an argument injection vulnerability in xfce4-mime-helper. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45062 ( Security fix *)	2022-11-10 13:30:32 +01:00
Patrick J Volkerding	9cbb8ffdbc	Tue Nov 8 22:21:43 UTC 2022 patches/packages/glibc-zoneinfo-2022f-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://mariadb.com/kb/en/mariadb-10-5-18-release-notes	2022-11-09 13:30:19 +01:00
Patrick J Volkerding	2d3e95aa33	Sat Nov 5 19:18:19 UTC 2022 patches/packages/sudo-1.9.12p1-x86_64-1_slack15.0.txz: Upgraded. Fixed a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-43995 (* Security fix *)	2022-11-06 13:30:38 +01:00
Patrick J Volkerding	44df9c66d8	Fri Nov 4 19:29:28 UTC 2022 patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.4.2/releasenotes/	2022-11-05 13:30:36 +01:00
Patrick J Volkerding	6e7a178c9a	Tue Oct 25 18:38:58 UTC 2022 patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 (* Security fix ) patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issue: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). For more information, see: https://www.samba.org/samba/security/CVE-2022-3437.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 ( Security fix *)	2022-10-26 13:30:34 +02:00
Patrick J Volkerding	58fac6b4a4	Wed Oct 19 20:06:33 UTC 2022 patches/packages/samba-4.15.10-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.10.html	2022-10-20 13:30:54 +02:00
Patrick J Volkerding	2559feca78	Mon Oct 17 19:31:45 UTC 2022 patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. xquartz: Fix a possible crash when editing the Application menu due to mutating immutable arrays. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553 (* Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt. xkb: proof GetCountedString against request length attacks. xkb: fix some possible memleaks in XkbGetKbdByName. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551 ( Security fix *)	2022-10-18 13:30:33 +02:00
Patrick J Volkerding	da8b549669	Sat Oct 15 20:28:34 UTC 2022 patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug when getting a gzip header extra field with inflateGetHeader(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 (* Security fix *)	2022-10-16 13:30:55 +02:00
Patrick J Volkerding	46235d1ce0	Sat Oct 8 19:23:31 UTC 2022 patches/packages/libksba-1.6.2-x86_64-1_slack15.0.txz: Upgraded. Detect a possible overflow directly in the TLV parser. This patch detects possible integer overflows immmediately when creating the TI object. Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929 (* Security fix *)	2022-10-09 13:31:06 +02:00
Patrick J Volkerding	153ac9bb20	Wed Oct 5 18:55:36 UTC 2022 patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz: Upgraded. This update fixes two security issues: Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting these issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929 (* Security fix *)	2022-10-06 13:30:32 +02:00
Patrick J Volkerding	3087018ea7	Fri Sep 30 17:52:21 UTC 2022 extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 (* Security fix ) extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 ( Security fix ) patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236 ( Security fix ) patches/packages/php-7.4.32-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 ( Security fix ) patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.14 ( Security fix ) patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free and stack-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324 ( Security fix *) patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded.	2022-10-01 13:30:35 +02:00
Patrick J Volkerding	ef823d82ca	Wed Sep 28 18:59:51 UTC 2022 patches/packages/xorg-server-xwayland-21.1.4-x86_64-2_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. I hadn't realized that the xorg-server patches were needed (or applied cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *)	2022-09-29 13:30:05 +02:00
Patrick J Volkerding	0ab769ac69	Mon Sep 26 19:43:54 UTC 2022 patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz: Upgraded. Fix write-after-free error in DHCPv6 server code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 (* Security fix ) patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21 pointed out an issue where the defaults.vim file might need to be edited for some purposes as its contents will override the settings in the system-wide vimrc. Usually this file is replaced whenever vim is upgraded, which in those situations would be inconvenient for the admin. So, I've added support for a file named defaults.vim.custom which (if it exists) will be used instead of the defaults.vim file shipped in the package and will persist through upgrades. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296 ( Security fix *) patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.	2022-09-27 13:30:30 +02:00
Patrick J Volkerding	d22a8a6524	Thu Sep 22 19:50:20 UTC 2022 patches/packages/ca-certificates-20220922-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2022-09-23 13:30:28 +02:00
Patrick J Volkerding	8f546e8375	Wed Sep 21 19:19:07 UTC 2022 patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed crash when using the CUPS web setup interface: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing it (Issue #409). Thanks to MisterL, bryjen, and kjhambrick. Fixed an OpenSSL certificate loading issue: [PATCH] The OpenSSL code path wasn't loading the full certificate chain (Issue #465). Thanks to tmmukunn.	2022-09-22 13:30:28 +02:00
Patrick J Volkerding	b9facc142f	Tue Sep 20 22:50:28 UTC 2022 patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix ) patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-41/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962 ( Security fix *) patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/	2022-09-21 13:30:31 +02:00
Patrick J Volkerding	23a0b53a62	Tue Sep 6 20:21:24 UTC 2022 extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1. patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix ) patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. Some accounts may need to be reconfigured after moving from Thunderbird 91.13.0 to Thunderbird 102.2.1. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059 ( Security fix ) patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 ( Security fix *) patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.	2022-09-07 13:30:33 +02:00
Patrick J Volkerding	ca8c1d3c22	Thu Sep 1 20:01:13 UTC 2022 patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt. [PATCH] JBIG2Stream: Fix crash on broken file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860 (* Security fix *)	2022-09-02 13:30:06 +02:00
Patrick J Volkerding	71a81b7408	Fri Aug 26 04:02:20 UTC 2022 patches/packages/linux-5.15.63/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.39: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734 Fixed in 5.15.40: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943 Fixed in 5.15.41: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012 Fixed in 5.15.42: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 Fixed in 5.15.44: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789 Fixed in 5.15.45: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503 Fixed in 5.15.46: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973 Fixed in 5.15.47: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981 Fixed in 5.15.48: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123 Fixed in 5.15.53: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744 Fixed in 5.15.54: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918 Fixed in 5.15.56: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123 Fixed in 5.15.57: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901 Fixed in 5.15.58: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879 Fixed in 5.15.59: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946 Fixed in 5.15.60: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373 Fixed in 5.15.61: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 ( Security fix ) patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded. We're just going to move to vim-9 instead of continuing to backport patches to the vim-8 branch. Most users will be better served by this. Fixed use after free and null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923 ( Security fix *) patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.	2022-08-27 13:30:28 +02:00
Patrick J Volkerding	d96560a977	Tue Aug 23 19:27:56 UTC 2022 extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt. In recent versions of glibc, USE_INET6 has been removed which caused sendmail to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the site.config.m4 allows the reverse lookups to work again fixing this issue. Thanks to talo. extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt. patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded. Fixed invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 (* Security fix ) patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix ) patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix *)	2022-08-24 13:30:27 +02:00
Patrick J Volkerding	44e993e802	Sat Aug 20 20:04:15 UTC 2022 patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt. Fix use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.	2022-08-21 13:30:26 +02:00
Patrick J Volkerding	821b8a94bf	Wed Aug 17 20:41:53 UTC 2022 patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.	2022-08-18 13:30:02 +02:00
Patrick J Volkerding	cffeb680aa	Mon Aug 15 20:23:47 UTC 2022 patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 (* Security fix *)	2022-08-16 13:30:28 +02:00
Patrick J Volkerding	5dd1410e22	Tue Aug 9 19:25:22 UTC 2022 patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix update. Applied an upstream patch to restore the handling of CRC inputs to be the same as in previous releases of zlib. This fixes an issue with OpenJDK. Thanks to alienBOB.	2022-08-10 13:30:27 +02:00
Patrick J Volkerding	e8686ed7fd	Fri Jul 29 19:59:03 UTC 2022 patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 (* Security fix *)	2022-07-30 13:30:32 +02:00
Patrick J Volkerding	ad19766c1e	Wed Jul 27 19:17:38 UTC 2022 patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 (* Security fix *)	2022-07-28 13:30:29 +02:00
Patrick J Volkerding	bfbbd63f28	Mon Jul 25 20:53:49 UTC 2022 patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/ (* Security fix *) patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release. Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14. Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and possibly other programs) might have trouble linking with it since it's not in the LD_LIBRARY_PATH. Thanks to oneforall.	2022-07-26 13:30:29 +02:00
Patrick J Volkerding	7e93037632	Thu Jul 21 18:13:18 UTC 2022 patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810 (* Security fix *)	2022-07-22 13:30:29 +02:00
Patrick J Volkerding	83e918a979	Wed Jul 13 19:56:59 UTC 2022 patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.	2022-07-14 13:30:35 +02:00
Patrick J Volkerding	5cd37beaa8	Sun Jul 10 18:49:34 UTC 2022 patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded. WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially crafted DSD file causes an out-of-bounds read exception. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269 (* Security fix *)	2022-07-11 13:30:28 +02:00
Patrick J Volkerding	9edcc6c242	Thu Jul 7 23:03:01 UTC 2022 patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded. g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903 (* Security fix ) extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627 ( Security fix *)	2022-07-08 13:30:29 +02:00
Patrick J Volkerding	d01c4c7b84	Fri Jul 1 01:23:50 UTC 2022 patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *)	2022-07-01 13:30:27 +02:00
Patrick J Volkerding	7a6788c35a	Tue Jun 28 19:16:08 UTC 2022 patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix ) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 ( Security fix *)	2022-06-29 13:30:31 +02:00
Patrick J Volkerding	40bf9bf864	Thu Jun 23 05:30:51 UTC 2022 patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.	2022-06-24 01:30:06 +02:00
Patrick J Volkerding	7809bcc762	Mon Jun 13 21:02:58 UTC 2022 patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix ) extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix ) extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix *)	2022-06-14 13:30:26 +02:00
Patrick J Volkerding	81f2355530	Thu May 26 18:27:32 UTC 2022 patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691 (* Security fix *)	2022-05-27 13:30:00 +02:00
Patrick J Volkerding	590bfd3df8	Sat May 21 19:30:02 UTC 2022 patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458 (* Security fix *)	2022-05-22 13:30:03 +02:00
Patrick J Volkerding	d88c750381	Mon May 2 20:02:49 UTC 2022 patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html	2022-05-03 13:29:53 +02:00
Patrick J Volkerding	7d2523ede3	Sat Apr 30 21:18:47 UTC 2022 patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491 (* Security fix *)	2022-05-01 13:30:01 +02:00
Patrick J Volkerding	cf5d757506	Wed Apr 27 21:43:51 UTC 2022 patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: OAUTH2 bearer bypass in connection re-use. Credential leak on redirect. Bad local IPv6 connection reuse. Auth/cookie leak on redirect. For more information, see: https://curl.se/docs/CVE-2022-22576.html https://curl.se/docs/CVE-2022-27774.html https://curl.se/docs/CVE-2022-27775.html https://curl.se/docs/CVE-2022-27776.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776 (* Security fix *)	2022-04-28 13:29:49 +02:00
Patrick J Volkerding	dfafa37940	Mon Apr 25 20:55:17 UTC 2022 patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded. This update is a security and maintenance release. For more information, see: https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog (* Security fix *)	2022-04-26 13:30:04 +02:00
Patrick J Volkerding	9e2efe650c	Thu Apr 14 21:14:21 UTC 2022 patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue where a Git worktree created by another user might be able to execute arbitrary code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 (* Security fix ) patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: zgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 ( Security fix ) patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt. This update fixes a security issue: xzgrep applied to a crafted file name with two or more newlines can no longer overwrite an arbitrary, attacker-selected file. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 ( Security fix *)	2022-04-15 13:29:52 +02:00
Patrick J Volkerding	799fadd352	Wed Apr 13 20:51:01 UTC 2022 patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Double free in Regexp compilation. Buffer overrun in String-to-Float conversion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739 (* Security fix *)	2022-04-14 13:30:03 +02:00

1 2

71 commits