Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1238 commits 8 branches 2371 tags 482 MiB
Commit graph

10 commits

Author SHA1 Message Date
Patrick J Volkerding
0c961905d2 Tue Mar 14 20:42:47 UTC 2023 
patches/packages/mozilla-firefox-102.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-10
    https://www.cve.org/CVERecord?id=CVE-2023-25751
    https://www.cve.org/CVERecord?id=CVE-2023-28164
    https://www.cve.org/CVERecord?id=CVE-2023-28162
    https://www.cve.org/CVERecord?id=CVE-2023-25752
    https://www.cve.org/CVERecord?id=CVE-2023-28163
    https://www.cve.org/CVERecord?id=CVE-2023-28176
  (* Security fix *)
 2023-03-15 13:30:41 +01:00
Patrick J Volkerding
9b5b70af5b Wed Feb 15 19:48:10 UTC 2023 
patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP multi-header compression denial of service.
  HSTS amnesia with --parallel.
  HSTS ignored on multiple requests.
  For more information, see:
    https://curl.se/docs/CVE-2023-23916.html
    https://curl.se/docs/CVE-2023-23915.html
    https://curl.se/docs/CVE-2023-23914.html
    https://www.cve.org/CVERecord?id=CVE-2023-23916
    https://www.cve.org/CVERecord?id=CVE-2023-23915
    https://www.cve.org/CVERecord?id=CVE-2023-23914
  (* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Using a specially-crafted repository, Git can be tricked into using
  its local clone optimization even when using a non-local transport.
  Though Git will abort local clones whose source $GIT_DIR/objects
  directory contains symbolic links (c.f., CVE-2022-39253), the objects
  directory itself may still be a symbolic link.
  These two may be combined to include arbitrary files based on known
  paths on the victim's filesystem within the malicious repository's
  working copy, allowing for data exfiltration in a similar manner as
  CVE-2022-39253.
  By feeding a crafted input to "git apply", a path outside the
  working tree can be overwritten as the user who is running "git
  apply".
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-22490
    https://www.cve.org/CVERecord?id=CVE-2023-23946
  (* Security fix *)
 2023-02-16 13:30:35 +01:00
Patrick J Volkerding
585883b9b5 Sat Jan 7 01:50:00 UTC 2023 
extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  PDO::quote() may return unquoted string.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31631
  (* Security fix *)
extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  PDO::quote() may return unquoted string.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31631
  (* Security fix *)
patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
  For more information, see:
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
    https://www.cve.org/CVERecord?id=CVE-2021-43527
  (* Security fix *)
patches/packages/php-7.4.33-x86_64-2_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  PDO::quote() may return unquoted string.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31631
  (* Security fix *)
 2023-01-07 13:30:29 +01:00
Patrick J Volkerding
bcdf30a8fe Mon Oct 31 23:31:36 UTC 2022 
extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  GD: OOB read due to insufficient input validation in imageloadfont().
  Hash: buffer overflow in hash_update() on long parameter.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31630
    https://www.cve.org/CVERecord?id=CVE-2022-37454
  (* Security fix *)
extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  GD: OOB read due to insufficient input validation in imageloadfont().
  Hash: buffer overflow in hash_update() on long parameter.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31630
    https://www.cve.org/CVERecord?id=CVE-2022-37454
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.
  A vulnerability was found in vim and classified as problematic. Affected by
  this issue is the function qf_update_buffer of the file quickfix.c of the
  component autocmd Handler. The manipulation leads to use after free. The
  attack may be launched remotely. Upgrading to version 9.0.0805 is able to
  address this issue.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-3705
  (* Security fix *)
patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.
 2022-11-01 13:30:36 +01:00
Patrick J Volkerding
3087018ea7 Fri Sep 30 17:52:21 UTC 2022 
extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236
  (* Security fix *)
patches/packages/php-7.4.32-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.14
  (* Security fix *)
patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free and stack-based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324
  (* Security fix *)
patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz:  Upgraded.
 2022-10-01 13:30:35 +02:00
Patrick J Volkerding
7809bcc762 Mon Jun 13 21:02:58 UTC 2022 
patches/packages/php-7.4.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
 2022-06-14 13:30:26 +02:00
Patrick J Volkerding
a019271253 Fri Feb 18 05:29:00 UTC 2022 
patches/packages/mozilla-thunderbird-91.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
  (* Security fix *)
patches/packages/php-7.4.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
 2022-02-19 13:30:02 +01:00
Patrick J Volkerding
30ad57f5bd Fri Jan 21 05:47:49 UTC 2022 
a/aaa_libraries-15.0-x86_64-15.txz:  Rebuilt.
  Upgraded: libzstd.so.1.5.2.
a/kernel-firmware-20220119_0c6a7b3-noarch-1.txz:  Upgraded.
a/kernel-generic-5.15.16-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.15.16-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.15.16-x86_64-1.txz:  Upgraded.
ap/vim-8.2.4166-x86_64-1.txz:  Upgraded.
d/kernel-headers-5.15.16-x86-1.txz:  Upgraded.
d/rust-1.58.1-x86_64-1.txz:  Upgraded.
k/kernel-source-5.15.16-noarch-1.txz:  Upgraded.
l/qt5-5.15.3_20211130_014c375b-x86_64-2.txz:  Rebuilt.
  Applied upstream patch:
  [PATCH] Move the wayland socket polling to a separate event thread.
  Thanks to LuckyCyborg.
l/svgalib-1.9.25-x86_64-7.txz:  Rebuilt.
  Don't try to use the (broken) assembly. Thanks to nobodino.
l/zstd-1.5.2-x86_64-1.txz:  Upgraded.
x/ibus-m17n-1.4.9-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.2.4166-x86_64-1.txz:  Upgraded.
extra/php80/php80-8.0.15-x86_64-1.txz:  Upgraded.
extra/php81/php81-8.1.2-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
 2022-01-21 17:59:42 +01:00
Patrick J Volkerding
93a272f6d5 Fri Dec 17 20:47:13 UTC 2021 
a/kernel-generic-5.15.10-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.15.10-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.15.10-x86_64-1.txz:  Upgraded.
ap/inxi-3.3.11_1-noarch-1.txz:  Upgraded.
ap/ksh93-1.0_20211217_ce3e080c-x86_64-1.txz:  Upgraded.
ap/neofetch-20211210_ccd5d9f5-noarch-1.txz:  Upgraded.
d/Cython-0.29.26-x86_64-1.txz:  Upgraded.
d/kernel-headers-5.15.10-x86-1.txz:  Upgraded.
k/kernel-source-5.15.10-noarch-1.txz:  Upgraded.
l/utf8proc-2.7.0-x86_64-1.txz:  Upgraded.
n/ca-certificates-20211216-noarch-1.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
xap/xine-ui-0.99.13-x86_64-1.txz:  Upgraded.
extra/php80/php80-8.0.14-x86_64-1.txz:  Upgraded.
extra/php81/php81-8.1.1-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
 2021-12-18 08:59:54 +01:00
Patrick J Volkerding
c29dcfa2dd Fri Dec 3 20:07:20 UTC 2021 
ap/rpm-4.16.1.3-x86_64-4.txz:  Rebuilt.
  Patched to handle non-compliant RPMs created by install4j. Thanks to alienBOB.
d/poke-1.4-x86_64-1.txz:  Upgraded.
l/enchant-2.3.2-x86_64-1.txz:  Upgraded.
l/freetype-2.11.1-x86_64-1.txz:  Upgraded.
l/glib2-2.70.2-x86_64-1.txz:  Upgraded.
n/lynx-2.9.0dev.10-x86_64-1.txz:  Upgraded.
extra/php8/php8-8.1.0-x86_64-1.txz:  Removed.
extra/php80/php80-8.0.13-x86_64-1.txz:  Added.
extra/php81/php81-8.1.0-x86_64-1.txz:  Added.
 2021-12-04 08:59:57 +01:00