slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	fca48db86c	Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update fixes a critical security issue: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-16/ https://www.cve.org/CVERecord?id=CVE-2024-29944 (* Security fix *)	2024-03-24 13:30:44 +01:00
Patrick J Volkerding	9f08fbd623	Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt. Fix a regression in bluez-5.71: [PATCH] adapter: Fix link key address type for old kernels. Thanks to marav. patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection using proxycommand. Potential downgrade attack using strict kex. Missing checks for return values of MD functions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6004 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.cve.org/CVERecord?id=CVE-2023-6918 (* Security fix ) patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-54/ https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6865 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6867 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 ( Security fix ) patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ https://www.cve.org/CVERecord?id=CVE-2023-50762 https://www.cve.org/CVERecord?id=CVE-2023-50761 https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 ( Security fix *)	2023-12-20 13:30:35 +01:00
Patrick J Volkerding	151fc86d25	Tue Nov 21 21:15:30 UTC 2023 patches/packages/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.139/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.116: https://www.cve.org/CVERecord?id=CVE-2023-35788 https://www.cve.org/CVERecord?id=CVE-2022-45887 https://www.cve.org/CVERecord?id=CVE-2022-45886 https://www.cve.org/CVERecord?id=CVE-2023-3212 https://www.cve.org/CVERecord?id=CVE-2022-45919 Fixed in 5.15.117: https://www.cve.org/CVERecord?id=CVE-2023-2124 https://www.cve.org/CVERecord?id=CVE-2023-34255 Fixed in 5.15.118: https://www.cve.org/CVERecord?id=CVE-2023-3609 https://www.cve.org/CVERecord?id=CVE-2023-3117 https://www.cve.org/CVERecord?id=CVE-2023-3390 https://www.cve.org/CVERecord?id=CVE-2023-3338 Fixed in 5.15.119: https://www.cve.org/CVERecord?id=CVE-2023-3610 Fixed in 5.15.121: https://www.cve.org/CVERecord?id=CVE-2023-31248 https://www.cve.org/CVERecord?id=CVE-2023-38432 https://www.cve.org/CVERecord?id=CVE-2023-3866 https://www.cve.org/CVERecord?id=CVE-2023-2898 https://www.cve.org/CVERecord?id=CVE-2023-44466 https://www.cve.org/CVERecord?id=CVE-2023-4132 https://www.cve.org/CVERecord?id=CVE-2023-3611 https://www.cve.org/CVERecord?id=CVE-2022-48502 https://www.cve.org/CVERecord?id=CVE-2023-3865 https://www.cve.org/CVERecord?id=CVE-2023-35001 https://www.cve.org/CVERecord?id=CVE-2023-3776 https://www.cve.org/CVERecord?id=CVE-2023-3863 Fixed in 5.15.122: https://www.cve.org/CVERecord?id=CVE-2023-20593 Fixed in 5.15.123: https://www.cve.org/CVERecord?id=CVE-2023-3777 https://www.cve.org/CVERecord?id=CVE-2023-4004 Fixed in 5.15.124: https://www.cve.org/CVERecord?id=CVE-2023-4015 https://www.cve.org/CVERecord?id=CVE-2023-4147 https://www.cve.org/CVERecord?id=CVE-2023-1206 Fixed in 5.15.125: https://www.cve.org/CVERecord?id=CVE-2022-40982 https://www.cve.org/CVERecord?id=CVE-2023-20569 Fixed in 5.15.126: https://www.cve.org/CVERecord?id=CVE-2023-20588 https://www.cve.org/CVERecord?id=CVE-2023-4128 https://www.cve.org/CVERecord?id=CVE-2023-4208 https://www.cve.org/CVERecord?id=CVE-2023-4206 https://www.cve.org/CVERecord?id=CVE-2023-4207 https://www.cve.org/CVERecord?id=CVE-2023-40283 Fixed in 5.15.128: https://www.cve.org/CVERecord?id=CVE-2023-4569 https://www.cve.org/CVERecord?id=CVE-2023-39194 https://www.cve.org/CVERecord?id=CVE-2023-4273 https://www.cve.org/CVERecord?id=CVE-2023-3772 Fixed in 5.15.132: https://www.cve.org/CVERecord?id=CVE-2023-4921 https://www.cve.org/CVERecord?id=CVE-2023-4623 https://www.cve.org/CVERecord?id=CVE-2023-42753 https://www.cve.org/CVERecord?id=CVE-2023-42752 https://www.cve.org/CVERecord?id=CVE-2023-39189 https://www.cve.org/CVERecord?id=CVE-2023-4881 https://www.cve.org/CVERecord?id=CVE-2023-45871 https://www.cve.org/CVERecord?id=CVE-2023-39193 https://www.cve.org/CVERecord?id=CVE-2023-39192 Fixed in 5.15.133: https://www.cve.org/CVERecord?id=CVE-2023-42755 Fixed in 5.15.134: https://www.cve.org/CVERecord?id=CVE-2023-42754 https://www.cve.org/CVERecord?id=CVE-2023-4563 https://www.cve.org/CVERecord?id=CVE-2023-4244 https://www.cve.org/CVERecord?id=CVE-2023-5197 Fixed in 5.15.135: https://www.cve.org/CVERecord?id=CVE-2023-34324 https://www.cve.org/CVERecord?id=CVE-2023-31085 https://www.cve.org/CVERecord?id=CVE-2023-5158 Fixed in 5.15.136: https://www.cve.org/CVERecord?id=CVE-2023-35827 Fixed in 5.15.137: https://www.cve.org/CVERecord?id=CVE-2023-46813 https://www.cve.org/CVERecord?id=CVE-2023-5717 https://www.cve.org/CVERecord?id=CVE-2023-5178 ( Security fix ) patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. Thanks to zuriel for the taskbar icon fix on Wayland. :-) For more information, see: https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-50/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 ( Security fix *)	2023-11-22 13:30:37 +01:00
Patrick J Volkerding	79e6c8efb8	Fri Aug 4 20:17:36 UTC 2023 extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3823 (* Security fix ) extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. We'll hang onto this just in case. patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ https://www.cve.org/CVERecord?id=CVE-2023-4045 https://www.cve.org/CVERecord?id=CVE-2023-4046 https://www.cve.org/CVERecord?id=CVE-2023-4047 https://www.cve.org/CVERecord?id=CVE-2023-4048 https://www.cve.org/CVERecord?id=CVE-2023-4049 https://www.cve.org/CVERecord?id=CVE-2023-4050 https://www.cve.org/CVERecord?id=CVE-2023-4052 https://www.cve.org/CVERecord?id=CVE-2023-4054 https://www.cve.org/CVERecord?id=CVE-2023-4055 https://www.cve.org/CVERecord?id=CVE-2023-4056 https://www.cve.org/CVERecord?id=CVE-2023-4057 ( Security fix ) patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because Windows has made changes that break Samba 4.15.x. The last 4.15.x will be retained in /pasture as a fallback. There may be some required configuration changes with this, but we've kept using MIT Kerberos to try to have the behavior change as little as possible. Upgrade carefully. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 ( Security fix *)	2023-08-05 13:30:38 +02:00
Patrick J Volkerding	23a0b53a62	Tue Sep 6 20:21:24 UTC 2022 extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1. patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix ) patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. Some accounts may need to be reconfigured after moving from Thunderbird 91.13.0 to Thunderbird 102.2.1. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059 ( Security fix ) patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 ( Security fix *) patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.	2022-09-07 13:30:33 +02:00
Patrick J Volkerding	d96560a977	Tue Aug 23 19:27:56 UTC 2022 extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt. In recent versions of glibc, USE_INET6 has been removed which caused sendmail to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the site.config.m4 allows the reverse lookups to work again fixing this issue. Thanks to talo. extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt. patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded. Fixed invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 (* Security fix ) patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix ) patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix *)	2022-08-24 13:30:27 +02:00
Patrick J Volkerding	bfbbd63f28	Mon Jul 25 20:53:49 UTC 2022 patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/ (* Security fix *) patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release. Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14. Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and possibly other programs) might have trouble linking with it since it's not in the LD_LIBRARY_PATH. Thanks to oneforall.	2022-07-26 13:30:29 +02:00
Patrick J Volkerding	7a6788c35a	Tue Jun 28 19:16:08 UTC 2022 patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix ) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 ( Security fix *)	2022-06-29 13:30:31 +02:00
Patrick J Volkerding	eb19d64569	Thu Feb 10 01:46:55 UTC 2022 patches/packages/at-3.2.3-x86_64-1_slack15.0.txz: Upgraded. Switched to at-3.2.3 since version 3.2.4 has a regression that causes queued jobs to not always run on time when atd is run as a standalone daemon. Thanks to Cesare. patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-05/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764 (* Security fix ) patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6 ( Security fix *)	2022-02-10 05:00:00 +01:00

9 commits