Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1299 commits 8 branches 2371 tags 482 MiB
Commit graph

6 commits

Author SHA1 Message Date
Patrick J Volkerding
79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023 
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
 2023-08-05 13:30:38 +02:00
Patrick J Volkerding
23a0b53a62 Tue Sep 6 20:21:24 UTC 2022 
extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1.
patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-34/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  Some accounts may need to be reconfigured after moving from
  Thunderbird 91.13.0 to Thunderbird 102.2.1.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
  (* Security fix *)
patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
  (* Security fix *)
patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
 2022-09-07 13:30:33 +02:00
Patrick J Volkerding
d96560a977 Tue Aug 23 19:27:56 UTC 2022 
extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz:  Rebuilt.
  In recent versions of glibc, USE_INET6 has been removed which caused sendmail
  to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the
  site.config.m4 allows the reverse lookups to work again fixing this issue.
  Thanks to talo.
extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz:  Rebuilt.
patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed invalid read operation in SuggestMgr::leftcommonsubstring
  in suggestmgr.cxx.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707
  (* Security fix *)
patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-35/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
 2022-08-24 13:30:27 +02:00
Patrick J Volkerding
bfbbd63f28 Mon Jul 25 20:53:49 UTC 2022 
patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
  (* Security fix *)
patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92,
  Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14.
  Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
  possibly other programs) might have trouble linking with it since it's not
  in the LD_LIBRARY_PATH. Thanks to oneforall.
 2022-07-26 13:30:29 +02:00
Patrick J Volkerding
7a6788c35a Tue Jun 28 19:16:08 UTC 2022 
patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Set-Cookie denial of service.
  HTTP compression denial of service.
  Unpreserved file permissions.
  FTP-KRB bad message verification.
  For more information, see:
    https://curl.se/docs/CVE-2022-32205.html
    https://curl.se/docs/CVE-2022-32206.html
    https://curl.se/docs/CVE-2022-32207.html
    https://curl.se/docs/CVE-2022-32208.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
  (* Security fix *)
patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-25/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
 2022-06-29 13:30:31 +02:00
Patrick J Volkerding
eb19d64569 Thu Feb 10 01:46:55 UTC 2022 
patches/packages/at-3.2.3-x86_64-1_slack15.0.txz:  Upgraded.
  Switched to at-3.2.3 since version 3.2.4 has a regression that causes
  queued jobs to not always run on time when atd is run as a standalone
  daemon. Thanks to Cesare.
patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-05/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
  (* Security fix *)
patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6
  (* Security fix *)
 2022-02-10 05:00:00 +01:00