slackware-current

1375 commits 8 branches 2375 tags 486 MiB

Author	SHA1	Message	Date
Patrick J Volkerding	88c375df6b	Tue Apr 23 22:24:03 UTC 2024 patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex search. RCE vulnerability with .rdoc_options in RDoc. Buffer overread vulnerability in StringIO. For more information, see: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ https://www.cve.org/CVERecord?id=CVE-2024-27282 https://www.cve.org/CVERecord?id=CVE-2024-27281 https://www.cve.org/CVERecord?id=CVE-2024-27280 (* Security fix *)	2024-04-24 13:30:50 +02:00
Patrick J Volkerding	9543d326f2	Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix *)	2024-03-25 13:30:45 +01:00

Author

SHA1

Message

Date

Patrick J Volkerding

88c375df6b

Tue Apr 23 22:24:03 UTC 2024

patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Arbitrary memory address read vulnerability with Regex search.
  RCE vulnerability with .rdoc_options in RDoc.
  Buffer overread vulnerability in StringIO.
  For more information, see:
    https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
    https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
    https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
    https://www.cve.org/CVERecord?id=CVE-2024-27282
    https://www.cve.org/CVERecord?id=CVE-2024-27281
    https://www.cve.org/CVERecord?id=CVE-2024-27280
  (* Security fix *)

2024-04-24 13:30:50 +02:00

Patrick J Volkerding

9543d326f2

Sun Mar 24 18:21:46 UTC 2024

patches/packages/emacs-29.3-x86_64-1_slack15.0.txz:  Upgraded.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)

2024-03-25 13:30:45 +01:00

Renamed from patches/packages/emacs-27.2-x86_64-2_slack15.0.txt (Browse further)

2 commits