Commit graph

3 commits

Author SHA1 Message Date
Patrick J Volkerding
7a770fe9ed Thu Dec 14 20:09:31 UTC 2023
patches/packages/bluez-5.71-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  It may have been possible for an attacker within Bluetooth range to inject
  keystrokes (and possibly execute commands) while devices were discoverable.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-45866
  (* Security fix *)
patches/packages/libxml2-2.11.6-x86_64-1_slack15.0.txz:  Upgraded.
  We're going to drop back to the 2.11 branch here on the stable releases
  since it has all of the relevant security fixes and better compatibility.
2023-12-15 13:30:41 +01:00
Patrick J Volkerding
e20d844068 Sun Dec 10 01:12:17 UTC 2023
patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz:  Upgraded.
  Add --sysconfdir=/etc option so that this can find the xml catalog.
  Thanks to SpiderTux.
  Fix the following security issues:
  Fix integer overflows with XML_PARSE_HUGE.
  Fix dict corruption caused by entity reference cycles.
  Hashing of empty dict strings isn't deterministic.
  Fix null deref in xmlSchemaFixupComplexType.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-40303
    https://www.cve.org/CVERecord?id=CVE-2022-40304
    https://www.cve.org/CVERecord?id=CVE-2023-29469
    https://www.cve.org/CVERecord?id=CVE-2023-28484
  (* Security fix *)
2023-12-10 13:30:41 +01:00
Patrick J Volkerding
87f850786e Tue Mar 1 05:05:48 UTC 2022
patches/packages/libxml2-2.9.13-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  Use-after-free of ID and IDREF attributes
  (Thanks to Shinji Sato for the report)
  Use-after-free in xmlXIncludeCopyRange (David Kilzer)
  Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
  Fix memory leak in xmlXPathCompNodeTest
  Fix null pointer deref in xmlStringGetNodeList
  Fix several memory leaks found by Coverity (David King)
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
  (* Security fix *)
patches/packages/libxslt-1.1.35-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  Fix use-after-free in xsltApplyTemplates
  Fix memory leak in xsltDocumentElem (David King)
  Fix memory leak in xsltCompileIdKeyPattern (David King)
  Fix double-free with stylesheets containing entity nodes
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
  (* Security fix *)
2022-03-02 13:30:01 +01:00