slackware-current

1247 commits 8 branches 2432 tags 300 MiB

Author	SHA1	Message	Date
Patrick J Volkerding	73b668742a	Thu May 25 00:24:33 UTC 2023 patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded. This update patches a security issue: LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Thanks to Johannes Schoepfer. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-32700 (* Security fix *)	2023-05-25 13:30:31 +02:00
Patrick J Volkerding	907d5f4ae7	Wed May 17 20:59:51 UTC 2023 patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: more POST-after-PUT confusion. IDN wildcard match. siglongjmp race condition. UAF in SSH sha256 fingerprint check. For more information, see: https://curl.se/docs/CVE-2023-28322.html https://curl.se/docs/CVE-2023-28321.html https://curl.se/docs/CVE-2023-28320.html https://curl.se/docs/CVE-2023-28319.html https://www.cve.org/CVERecord?id=CVE-2023-28322 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://www.cve.org/CVERecord?id=CVE-2023-28320 https://www.cve.org/CVERecord?id=CVE-2023-28319 (* Security fix *) patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release.	2023-05-18 13:30:28 +02:00

Author

SHA1

Message

Date

Patrick J Volkerding

73b668742a

Thu May 25 00:24:33 UTC 2023

patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)

2023-05-25 13:30:31 +02:00

Patrick J Volkerding

907d5f4ae7

Wed May 17 20:59:51 UTC 2023

patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  more POST-after-PUT confusion.
  IDN wildcard match.
  siglongjmp race condition.
  UAF in SSH sha256 fingerprint check.
  For more information, see:
    https://curl.se/docs/CVE-2023-28322.html
    https://curl.se/docs/CVE-2023-28321.html
    https://curl.se/docs/CVE-2023-28320.html
    https://curl.se/docs/CVE-2023-28319.html
    https://www.cve.org/CVERecord?id=CVE-2023-28322
    https://www.cve.org/CVERecord?id=CVE-2023-28321
    https://www.cve.org/CVERecord?id=CVE-2023-28320
    https://www.cve.org/CVERecord?id=CVE-2023-28319
  (* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.

2023-05-18 13:30:28 +02:00

Renamed from patches/packages/curl-8.0.1-x86_64-1_slack15.0.txt (Browse further)

2 commits