1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-16 15:41:42 +01:00
Commit graph

6 commits

Author SHA1 Message Date
Patrick J Volkerding
52e9abcddc Sat Sep 14 18:15:34 UTC 2024
patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  fix multiple vulnerabilities identified by SAST (#2251, #2256)
  cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
  lzop: prevent integer overflow (#2174)
  rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
  rar4: fix CVE-2024-26256 (#2269)
  rar4: fix OOB in delta and audio filter (#2148, #2149)
  rar4: fix out of boundary access with large files (#2179)
  rar4: add boundary checks to rgb filter (#2210)
  rar4: fix OOB access with unicode filenames (#2203)
  rar5: clear 'data ready' cache on window buffer reallocs (#2265)
  rpm: calculate huge header sizes correctly (#2158)
  unzip: unify EOF handling (#2175)
  util: fix out of boundary access in mktemp functions (#2160)
  uu: stop processing if lines are too long (#2168)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-20696
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
2024-09-15 13:30:43 +02:00
Patrick J Volkerding
1163276b19 Thu Apr 25 17:58:17 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz:  Rebuilt.
  Patched an out-of-bound error in the rar e8 filter that could allow for
  the execution of arbitrary code.
  Thanks to gmgf for the heads-up.
  For more information, see:
    https://github.com/advisories/GHSA-2jc9-36w4-pmqw
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
2024-04-26 13:30:48 +02:00
Patrick J Volkerding
971e161e46 Mon Apr 8 18:44:37 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix possible vulnerability in tar error reporting introduced in f27c173
  by JiaT75.
  For more information, see:
    f27c173d17
    https://github.com/libarchive/libarchive/pull/2101
  (* Security fix *)
2024-04-09 13:30:46 +02:00
Patrick J Volkerding
41dd70fad9 Thu Sep 14 21:10:50 UTC 2023
patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz:  Upgraded.
  Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
2023-09-15 13:30:41 +02:00
Patrick J Volkerding
3c02d6f8a1 Sun Dec 18 20:28:03 UTC 2022
patches/packages/libarchive-3.6.2-x86_64-2_slack15.0.txz:  Rebuilt.
  This update fixes a regression causing a failure to compile against
  libarchive: don't include iconv in libarchive.pc.
2022-12-19 13:30:36 +01:00
Patrick J Volkerding
c023bce19a Fri Apr 8 20:03:36 UTC 2022
patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix and security release.
  Security fixes:
    7zip reader: fix PPMD read beyond boundary.
    ZIP reader: fix possible out of bounds read.
    ISO reader: fix possible heap buffer overflow in read_children().
    RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in
    libarchive 3.6.0).
    Fix heap use after free in archive_read_format_rar_read_data().
    Fix null dereference in read_data_compressed().
    Fix heap user after free in run_filters().
  (* Security fix *)
2022-04-09 13:29:59 +02:00