Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-14 08:01:11 +01:00
Code Issues Projects Releases Packages Wiki Activity
1420 commits 8 branches 2386 tags 497 MiB
Commit graph

1420 commits

Author SHA1 Message Date
Patrick J Volkerding
7165f6f4db Tue Apr 16 18:50:13 UTC 2024 
patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-19/
    https://www.cve.org/CVERecord?id=CVE-2024-3852
    https://www.cve.org/CVERecord?id=CVE-2024-3854
    https://www.cve.org/CVERecord?id=CVE-2024-3857
    https://www.cve.org/CVERecord?id=CVE-2024-2609
    https://www.cve.org/CVERecord?id=CVE-2024-3859
    https://www.cve.org/CVERecord?id=CVE-2024-3861
    https://www.cve.org/CVERecord?id=CVE-2024-3863
    https://www.cve.org/CVERecord?id=CVE-2024-3302
    https://www.cve.org/CVERecord?id=CVE-2024-3864
  (* Security fix *)
 2024-04-17 13:30:44 +02:00
Patrick J Volkerding
1d9ca96a22 Sun Apr 14 18:35:32 UTC 2024 
patches/packages/less-653-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  less through 653 allows OS command execution via a newline character in the
  name of a file, because quoting is mishandled in filename.c. Exploitation
  typically requires use with attacker-controlled file names, such as the files
  extracted from an untrusted archive. Exploitation also requires the LESSOPEN
  environment variable, but this is set by default in many common cases.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32487
  (* Security fix *)
 2024-04-15 13:30:43 +02:00
Patrick J Volkerding
47084e3f2f Fri Apr 12 19:08:59 UTC 2024 
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Command injection via array-ish $command parameter of proc_open.
  __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
  Password_verify can erroneously return true, opening ATO risk.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.28
    https://www.cve.org/CVERecord?id=CVE-2024-1874
    https://www.cve.org/CVERecord?id=CVE-2024-2756
    https://www.cve.org/CVERecord?id=CVE-2024-3096
  (* Security fix *)
 2024-04-13 13:30:41 +02:00
Patrick J Volkerding
971e161e46 Mon Apr 8 18:44:37 UTC 2024 
patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix possible vulnerability in tar error reporting introduced in f27c173
  by JiaT75.
  For more information, see:
    f27c173d17
    https://github.com/libarchive/libarchive/pull/2101
  (* Security fix *)
 2024-04-09 13:30:46 +02:00
Patrick J Volkerding
d5ca6849f8 Fri Apr 5 20:11:23 UTC 2024 
extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including the latest patches for
  several security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
 2024-04-06 13:30:47 +02:00
Patrick J Volkerding
1e2fa38645 Thu Apr 4 20:49:23 UTC 2024 
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
 2024-04-05 13:30:57 +02:00
Patrick J Volkerding
d6e7dd0417 Wed Apr 3 22:22:06 UTC 2024 
patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
 2024-04-04 13:30:42 +02:00
Patrick J Volkerding
3874039d9c Fri Mar 29 02:25:21 UTC 2024 
patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz:  Upgraded.
  chmod -R now avoids a race where an attacker may replace a traversed file
  with a symlink, causing chmod to operate on an unintended file.
  [This bug was present in "the beginning".]
  split --line-bytes with a mixture of very long and short lines no longer
  overwrites the heap.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0684
  (* Security fix *)
 2024-03-29 13:30:42 +01:00
Patrick J Volkerding
9146b9762b Wed Mar 27 19:16:09 UTC 2024 
patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes the following security issues:
  TLS certificate check bypass with mbedTLS.
  HTTP/2 push headers memory-leak.
  QUIC certificate check bypass with wolfSSL.
  Usage of disabled protocol.
  For more information, see:
    https://curl.se/docs/CVE-2024-2466.html
    https://curl.se/docs/CVE-2024-2398.html
    https://curl.se/docs/CVE-2024-2379.html
    https://curl.se/docs/CVE-2024-2004.html
    https://www.cve.org/CVERecord?id=CVE-2024-2466
    https://www.cve.org/CVERecord?id=CVE-2024-2398
    https://www.cve.org/CVERecord?id=CVE-2024-2379
    https://www.cve.org/CVERecord?id=CVE-2024-2004
  (* Security fix *)
 2024-03-28 13:30:39 +01:00
Patrick J Volkerding
9543d326f2 Sun Mar 24 18:21:46 UTC 2024 
patches/packages/emacs-29.3-x86_64-1_slack15.0.txz:  Upgraded.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
 2024-03-25 13:30:45 +01:00
Patrick J Volkerding
fca48db86c Sat Mar 23 19:34:02 UTC 2024 
patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a critical security issue:
  An attacker was able to inject an event handler into a privileged object
  that would allow arbitrary JavaScript execution in the parent process.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-16/
    https://www.cve.org/CVERecord?id=CVE-2024-29944
  (* Security fix *)
 2024-03-24 13:30:44 +01:00
Patrick J Volkerding
7fee55d3d8 Wed Mar 20 21:10:30 UTC 2024 
patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  bundled libexpat was updated to 2.6.0.
  zipfile is now protected from the "quoted-overlap" zipbomb.
  tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
  working around file system permission errors.
  For more information, see:
    https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html
    https://www.cve.org/CVERecord?id=CVE-2023-52425
    https://www.cve.org/CVERecord?id=CVE-2024-0450
    https://www.cve.org/CVERecord?id=CVE-2023-6597
  (* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-03-21 13:30:40 +01:00
Patrick J Volkerding
56c5869402 Wed Mar 20 00:08:59 UTC 2024 
patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  libgnutls: Fix side-channel in the deterministic ECDSA.
  Reported by George Pantelakis (#1516).
  libgnutls: Fixed a bug where certtool crashed when verifying a certificate
  chain with more than 16 certificates. Reported by William Woodruff (#1525)
  and yixiangzhike (#1527).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-28834
    https://www.cve.org/CVERecord?id=CVE-2024-28835
  (* Security fix *)
patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-13/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)
 2024-03-20 13:30:42 +01:00
Patrick J Volkerding
735bb1f74b Wed Mar 13 19:46:48 UTC 2024 
patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz:  Upgraded.
  Prevent billion laughs attacks with isolated use of external parsers.
  For more information, see:
    1d50b80cf3
    https://www.cve.org/CVERecord?id=CVE-2024-28757
  (* Security fix *)
 2024-03-14 13:30:42 +01:00
Patrick J Volkerding
c131b21d96 Fri Mar 8 19:20:11 UTC 2024 
patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-03-09 13:30:47 +01:00
Patrick J Volkerding
9f285815b9 Thu Mar 7 20:40:08 UTC 2024 
patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Fixes security issues:
  A vulnerability was identified in the way Ghostscript/GhostPDL called
  tesseract for the OCR devices, which could allow arbitrary code execution.
  Thanks to J_W for the heads-up.
  Mishandling of permission validation for pipe devices could allow arbitrary
  code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
  (* Security fix *)
 2024-03-08 13:30:42 +01:00
Patrick J Volkerding
f4d1d3ac7d Tue Mar 5 21:16:50 UTC 2024 
patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
    https://www.cve.org/CVERecord?id=CVE-2024-1936
  (* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.postfix.org/announcements/postfix-3.8.6.html
 2024-03-06 13:30:42 +01:00
Patrick J Volkerding
ce64f0a935 Fri Mar 1 22:13:28 UTC 2024 
patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-03-02 13:31:26 +01:00
Patrick J Volkerding
cec16b4f7e Thu Feb 29 19:11:19 UTC 2024 
patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a regression in openjpeg-2.5.1:
  API breakage / openjpeg version no longer detected (openjpeg.h no longer
  includes opj_config.h).
 2024-03-01 13:30:44 +01:00
Patrick J Volkerding
970e55afb6 Wed Feb 28 18:36:48 UTC 2024 
patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz:  Rebuilt.
  Patched the implementation of PEAP in wpa_supplicant to prevent an
  authentication bypass. For a successful attack, wpa_supplicant must be
  configured to not verify the network's TLS certificate during Phase 1
  authentication, and an eap_peap_decrypt vulnerability can then be abused
  to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
  Success packet instead of starting Phase 2. This allows an adversary to
  impersonate Enterprise Wi-Fi networks.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52160
  (* Security fix *)
 2024-02-29 13:30:42 +01:00
Patrick J Volkerding
6008910371 Mon Feb 26 20:09:43 UTC 2024 
patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
  sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
  this to execute arbitrary code with the permissions of the application
  compiled against openjpeg.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-3575
  (* Security fix *)
 2024-02-27 13:30:41 +01:00
Patrick J Volkerding
76371c76c5 Sun Feb 25 19:16:52 UTC 2024 
patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .cv and .sd TLD servers.
  Removed 4 new gTLDs which are no longer active.
 2024-02-26 13:30:47 +01:00
Patrick J Volkerding
c33fb28229 Fri Feb 23 20:37:29 UTC 2024 
patches/packages/dcron-4.5-x86_64-13_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  run-parts.8: document skiping *.orig files. Thanks to metaed.
 2024-02-24 13:30:44 +01:00
Patrick J Volkerding
14f2469b12 Wed Feb 21 20:00:08 UTC 2024 
patches/packages/dcron-4.5-x86_64-12_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  run-parts: skip *.orig files. Thanks to metaed.
patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
    https://www.cve.org/CVERecord?id=CVE-2024-1546
    https://www.cve.org/CVERecord?id=CVE-2024-1547
    https://www.cve.org/CVERecord?id=CVE-2024-1548
    https://www.cve.org/CVERecord?id=CVE-2024-1549
    https://www.cve.org/CVERecord?id=CVE-2024-1550
    https://www.cve.org/CVERecord?id=CVE-2024-1551
    https://www.cve.org/CVERecord?id=CVE-2024-1552
    https://www.cve.org/CVERecord?id=CVE-2024-1553
  (* Security fix *)
 2024-02-22 13:39:58 +01:00
Patrick J Volkerding
bdfa16c82f Tue Feb 20 21:08:27 UTC 2024 
patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a server-side request forgery (SSRF) flaw.
  Thanks to alex2grad for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-24806
  (* Security fix *)
 2024-02-21 13:30:43 +01:00
Patrick J Volkerding
b9cc8f3425 Sun Feb 18 21:03:57 UTC 2024 
extra/llvm-17.0.6-x86_64-1_slack15.0.txz:  Added.
  In case anyone needs a newer compiler.
extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz:  Added.
  In case anyone needs to run binaries linked to the old compiler.
 2024-02-19 13:30:46 +01:00
Patrick J Volkerding
bdd6ac9360 Fri Feb 16 20:18:59 UTC 2024 
patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
 2024-02-17 13:30:46 +01:00
Patrick J Volkerding
9847738ba0 Wed Feb 14 04:18:12 UTC 2024 
patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz:  Upgraded.
  Add limits on the resources used to do DNSSEC validation.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-50387
    https://www.cve.org/CVERecord?id=CVE-2023-50868
  (* Security fix *)
 2024-02-15 13:30:47 +01:00
Patrick J Volkerding
cd44edc237 Tue Feb 13 19:19:24 UTC 2024 
patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Specific DNS answers could cause a denial-of-service condition due to DNS
  validation taking a long time.
  Query patterns that continuously triggered cache database maintenance could
  exhaust all available memory on the host running named.
  Restore DNS64 state when handling a serve-stale timeout.
  Specific queries could trigger an assertion check with nxdomain-redirect
  enabled.
  Speed up parsing of DNS messages with many different names.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-50387
    https://www.cve.org/CVERecord?id=CVE-2023-50387
    https://kb.isc.org/docs/cve-2023-6516
    https://www.cve.org/CVERecord?id=CVE-2023-6516
    https://kb.isc.org/docs/cve-2023-5679
    https://www.cve.org/CVERecord?id=CVE-2023-5679
    https://kb.isc.org/docs/cve-2023-5517
    https://www.cve.org/CVERecord?id=CVE-2023-5517
    https://kb.isc.org/docs/cve-2023-4408
    https://www.cve.org/CVERecord?id=CVE-2023-4408
  (* Security fix *)
testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Specific DNS answers could cause a denial-of-service condition due to DNS
  validation taking a long time.
  Restore DNS64 state when handling a serve-stale timeout.
  Specific queries could trigger an assertion check with nxdomain-redirect
  enabled.
  Speed up parsing of DNS messages with many different names.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-50387
    https://www.cve.org/CVERecord?id=CVE-2023-50387
    https://kb.isc.org/docs/cve-2023-5679
    https://www.cve.org/CVERecord?id=CVE-2023-5679
    https://kb.isc.org/docs/cve-2023-5517
    https://www.cve.org/CVERecord?id=CVE-2023-5517
    https://kb.isc.org/docs/cve-2023-4408
    https://www.cve.org/CVERecord?id=CVE-2023-4408
  (* Security fix *)
 2024-02-14 13:30:43 +01:00
Patrick J Volkerding
4f3857a3d1 Sun Feb 11 22:11:59 UTC 2024 
patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/
 2024-02-12 13:30:40 +01:00
Patrick J Volkerding
639c931a2b Fri Feb 9 21:48:09 UTC 2024 
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fixed a bug in the ICCBased color space parser that was allowing the number
  of components to be zero. Thanks to huckleberry for the bug report.
  Fixed a bug in the ICCBased color space parser that was allowing the number
  of components to be zero. Thanks to huckleberry for the bug report.
  Added checks for PDF object loops in AcroForm::scanField(),
  Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
  The zero-width character problem can also happen if the page size is very
  large -- that needs to be limited too, the same way as character position
  coordinates. Thanks to jlinliu for the bug report.
  Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
  the bug report.
  Fix a deadlock when an object stream's length field is contained in another
  object stream. Thanks to Jiahao Liu for the bug report.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-2662
    https://www.cve.org/CVERecord?id=CVE-2023-2662
    https://www.cve.org/CVERecord?id=CVE-2018-7453
    https://www.cve.org/CVERecord?id=CVE-2018-16369
    https://www.cve.org/CVERecord?id=CVE-2022-36561
    https://www.cve.org/CVERecord?id=CVE-2022-41844
    https://www.cve.org/CVERecord?id=CVE-2023-2663
    https://www.cve.org/CVERecord?id=CVE-2023-2664
    https://www.cve.org/CVERecord?id=CVE-2023-3044
    https://www.cve.org/CVERecord?id=CVE-2023-3436
  (* Security fix *)
 2024-02-10 13:30:40 +01:00
Patrick J Volkerding
2fac477c48 Thu Feb 8 22:17:18 UTC 2024 
patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz:  Upgraded.
  This is a bugfix release that addresses (among other things) an
  "unbound variable" error if the signing server is not available.
  Thanks to metaed for the heads-up.
 2024-02-09 13:30:41 +01:00
Patrick J Volkerding
edf4df250a Wed Feb 7 20:07:29 UTC 2024 
patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Fix quadratic runtime issues with big tokens that can cause
  denial of service.
  Fix billion laughs attacks for users compiling *without* XML_DTD
  defined (which is not common).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52425
    https://www.cve.org/CVERecord?id=CVE-2023-52426
  (* Security fix *)
 2024-02-08 13:30:44 +01:00
Patrick J Volkerding
bc19f3bbd2 Sun Feb 4 19:37:40 UTC 2024 
patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz:  Upgraded.
  Fix the following security issue:
  xmlreader: Don't expand XIncludes when backtracking.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-25062
  (* Security fix *)
 2024-02-05 13:30:39 +01:00
Patrick J Volkerding
285b51e992 Sat Feb 3 20:54:00 UTC 2024 
patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
 2024-02-04 13:30:41 +01:00
Patrick J Volkerding
4af705d201 Wed Jan 31 21:19:19 UTC 2024 
extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz:  Upgraded.
  sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
  Remote attackers can use a published exploitation technique to inject e-mail
  messages with a spoofed MAIL FROM address, allowing bypass of an SPF
  protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
  but some other popular e-mail servers do not. This is resolved in 8.18 and
  later versions with 'o' in srv_features.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-51765
  (* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz:  Upgraded.
patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-02-01 13:30:49 +01:00
Patrick J Volkerding
71cfddeb9f Fri Jan 26 20:59:27 UTC 2024 
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  pam_namespace.so: fixed a possible local denial-of-service vulnerability.
  For more information, see:
    https://seclists.org/oss-sec/2024/q1/31
    https://www.cve.org/CVERecord?id=CVE-2024-22365
  (* Security fix *)
 2024-01-27 13:30:38 +01:00
Patrick J Volkerding
36d337af73 Wed Jan 24 04:53:38 UTC 2024 
patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
    https://www.cve.org/CVERecord?id=CVE-2024-0741
    https://www.cve.org/CVERecord?id=CVE-2024-0742
    https://www.cve.org/CVERecord?id=CVE-2024-0746
    https://www.cve.org/CVERecord?id=CVE-2024-0747
    https://www.cve.org/CVERecord?id=CVE-2024-0749
    https://www.cve.org/CVERecord?id=CVE-2024-0750
    https://www.cve.org/CVERecord?id=CVE-2024-0751
    https://www.cve.org/CVERecord?id=CVE-2024-0753
    https://www.cve.org/CVERecord?id=CVE-2024-0755
  (* Security fix *)
 2024-01-25 13:30:41 +01:00
Patrick J Volkerding
57dd8bdc60 Tue Jan 23 20:08:07 UTC 2024 
patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-02/
    https://www.cve.org/CVERecord?id=CVE-2024-0741
    https://www.cve.org/CVERecord?id=CVE-2024-0742
    https://www.cve.org/CVERecord?id=CVE-2024-0746
    https://www.cve.org/CVERecord?id=CVE-2024-0747
    https://www.cve.org/CVERecord?id=CVE-2024-0749
    https://www.cve.org/CVERecord?id=CVE-2024-0750
    https://www.cve.org/CVERecord?id=CVE-2024-0751
    https://www.cve.org/CVERecord?id=CVE-2024-0753
    https://www.cve.org/CVERecord?id=CVE-2024-0755
  (* Security fix *)
 2024-01-24 13:30:39 +01:00
Patrick J Volkerding
2bde1d73b5 Mon Jan 22 20:57:12 UTC 2024 
patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz:  Upgraded.
  Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
  = normalize" (default "no" for Postfix < 3.9), the Postfix
  SMTP server requires the standard End-of-DATA sequence
  <CR><LF>.<CR><LF>, and otherwise allows command or message
  content lines ending in the non-standard <LF>, processing
  them as if the client sent the standard <CR><LF>.
  The alternative setting, "smtpd_forbid_bare_newline = reject"
  will reject any command or message that contains a bare
  <LF>, and is more likely to cause problems with legitimate
  clients.
  For backwards compatibility, local clients are excluded by
  default with "smtpd_forbid_bare_newline_exclusions =
  $mynetworks".
  For more information, see:
    https://www.postfix.org/smtp-smuggling.html
  (* Security fix *)
 2024-01-23 13:30:31 +01:00
Patrick J Volkerding
4e88327303 Sun Jan 21 20:50:08 UTC 2024 
extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including the latest patches for
  several security issues. Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-0408
    https://www.cve.org/CVERecord?id=CVE-2024-0409
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-21886
  (* Security fix *)
 2024-01-22 13:30:35 +01:00
Patrick J Volkerding
0a8de80c8a Wed Jan 17 21:13:27 UTC 2024 
patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.18.1
 2024-01-18 13:39:30 +01:00
Patrick J Volkerding
95fd8ef935 Tue Jan 16 20:49:28 UTC 2024 
patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  Fix more timing side-channel inside RSA-PSK key exchange.
  Fix assertion failure when verifying a certificate chain with a cycle of
  cross signatures.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0553
    https://www.cve.org/CVERecord?id=CVE-2024-0567
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux context corruption.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
    https://www.cve.org/CVERecord?id=CVE-2024-0409
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
  Reattaching to different master device may lead to out-of-bounds memory access.
  Heap buffer overflow in XISendDeviceHierarchyEvent.
  Heap buffer overflow in DisableDevice.
  SELinux unlabeled GLX PBuffer.
  For more information, see:
    https://lists.x.org/archives/xorg/2024-January/061525.html
    https://www.cve.org/CVERecord?id=CVE-2023-6816
    https://www.cve.org/CVERecord?id=CVE-2024-0229
    https://www.cve.org/CVERecord?id=CVE-2024-21885
    https://www.cve.org/CVERecord?id=CVE-2024-21886
    https://www.cve.org/CVERecord?id=CVE-2024-0408
  (* Security fix *)
 2024-01-17 13:30:37 +01:00
Patrick J Volkerding
caf0fadb3f Wed Jan 10 20:25:54 UTC 2024 
patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2024-01-11 13:30:33 +01:00
Patrick J Volkerding
54a86f88d1 Tue Jan 9 20:49:08 UTC 2024 
patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/
 2024-01-10 13:30:33 +01:00
Patrick J Volkerding
13faba8157 Sat Dec 30 19:53:07 UTC 2023 
patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2023-12-31 13:30:38 +01:00
Patrick J Volkerding
029640d1b8 Tue Dec 26 00:20:26 UTC 2023 
patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz:  Upgraded.
  Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*:  Upgraded.
  These updates fix various bugs and security issues.
  Thanks to jwoithe for the PCI fix!
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.140:
    https://www.cve.org/CVERecord?id=CVE-2023-46862
    Fixed in 5.15.141:
    https://www.cve.org/CVERecord?id=CVE-2023-6121
  (* Security fix *)
 2023-12-26 13:30:41 +01:00
Patrick J Volkerding
d46ef1440f Sat Dec 23 02:48:56 UTC 2023 
patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz:  Upgraded.
  Security: this release adds support to defend against an email spoofing
  attack (SMTP smuggling) on recipients at a Postfix server. Sites
  concerned about SMTP smuggling attacks should enable this feature on
  Internet-facing Postfix servers. For compatibility with non-standard
  clients, Postfix by default excludes clients in mynetworks from this
  countermeasure.
  The recommended settings are:
    # Optionally disconnect remote SMTP clients that send bare newlines,
    # but allow local clients with non-standard SMTP implementations
    # such as netcat, fax machines, or load balancer health checks.
    #
    smtpd_forbid_bare_newline = yes
    smtpd_forbid_bare_newline_exclusions = $mynetworks
  The smtpd_forbid_bare_newline feature is disabled by default.
  For more information, see:
    https://www.postfix.org/smtp-smuggling.html
  (* Security fix *)
 2023-12-23 13:30:45 +01:00
Patrick J Volkerding
7bbe71feea Thu Dec 21 20:46:11 UTC 2023 
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.27
 2023-12-22 13:30:38 +01:00
Patrick J Volkerding
ae2de64cd3 Wed Dec 20 21:10:47 UTC 2023 
patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  mod_sftp: implemented mitigations for "Terrapin" SSH attack.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-48795
  (* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2023-12-21 13:30:36 +01:00
Patrick J Volkerding
9f08fbd623 Tue Dec 19 21:24:05 UTC 2023 
patches/packages/bluez-5.71-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix a regression in bluez-5.71:
  [PATCH] adapter: Fix link key address type for old kernels.
  Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Command injection using proxycommand.
  Potential downgrade attack using strict kex.
  Missing checks for return values of MD functions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-6004
    https://www.cve.org/CVERecord?id=CVE-2023-48795
    https://www.cve.org/CVERecord?id=CVE-2023-6918
  (* Security fix *)
patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-54/
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6865
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6867
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
    https://www.cve.org/CVERecord?id=CVE-2023-50762
    https://www.cve.org/CVERecord?id=CVE-2023-50761
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)
 2023-12-20 13:30:35 +01:00
Patrick J Volkerding
2fef188256 Sat Dec 16 20:33:34 UTC 2023 
patches/packages/sudo-1.9.15p4-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
 2023-12-17 13:30:40 +01:00
Patrick J Volkerding
7a770fe9ed Thu Dec 14 20:09:31 UTC 2023 
patches/packages/bluez-5.71-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  It may have been possible for an attacker within Bluetooth range to inject
  keystrokes (and possibly execute commands) while devices were discoverable.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-45866
  (* Security fix *)
patches/packages/libxml2-2.11.6-x86_64-1_slack15.0.txz:  Upgraded.
  We're going to drop back to the 2.11 branch here on the stable releases
  since it has all of the relevant security fixes and better compatibility.
 2023-12-15 13:30:41 +01:00
Patrick J Volkerding
823a8c2cb7 Wed Dec 13 22:01:34 UTC 2023 
patches/packages/libxml2-2.12.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update addresses regressions when building against libxml2 that were
  due to header file refactoring.
patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
  This update fixes two security issues:
  Out-of-bounds memory write in XKB button actions.
  Out-of-bounds memory read in RRChangeOutputProperty and
  RRChangeProviderProperty.
  For more information, see:
    https://lists.x.org/archives/xorg/2023-December/061517.html
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txz:  Rebuilt.
  This update fixes two security issues:
  Out-of-bounds memory write in XKB button actions.
  Out-of-bounds memory read in RRChangeOutputProperty and
  RRChangeProviderProperty.
  For more information, see:
    https://lists.x.org/archives/xorg/2023-December/061517.html
    https://www.cve.org/CVERecord?id=CVE-2023-6377
    https://www.cve.org/CVERecord?id=CVE-2023-6478
  (* Security fix *)
 2023-12-14 13:39:45 +01:00
Patrick J Volkerding
653fd727bd Tue Dec 12 19:54:42 UTC 2023 
patches/packages/mozilla-thunderbird-115.5.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.5.2/releasenotes/
 2023-12-13 13:30:44 +01:00
Patrick J Volkerding
e20d844068 Sun Dec 10 01:12:17 UTC 2023 
patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz:  Upgraded.
  Add --sysconfdir=/etc option so that this can find the xml catalog.
  Thanks to SpiderTux.
  Fix the following security issues:
  Fix integer overflows with XML_PARSE_HUGE.
  Fix dict corruption caused by entity reference cycles.
  Hashing of empty dict strings isn't deterministic.
  Fix null deref in xmlSchemaFixupComplexType.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-40303
    https://www.cve.org/CVERecord?id=CVE-2022-40304
    https://www.cve.org/CVERecord?id=CVE-2023-29469
    https://www.cve.org/CVERecord?id=CVE-2023-28484
  (* Security fix *)
 2023-12-10 13:30:41 +01:00
Patrick J Volkerding
d62d64ff5c Wed Dec 6 20:29:23 UTC 2023 
patches/packages/rdfind-1.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  Redundant data finder utility, needed to build the kernel-firmware package.
 2023-12-07 13:30:45 +01:00
Patrick J Volkerding
759a12e5e6 Thu Nov 30 21:21:55 UTC 2023 
patches/packages/samba-4.18.9-x86_64-1_slack15.0.txz:  Upgraded.
  This is a security release in order to address the following defect:
  An information leak vulnerability was discovered in Samba's LDAP server.
  Due to missing access control checks, an authenticated but unprivileged
  attacker could discover the names and preserved attributes of deleted objects
  in the LDAP store. Upgrading to this package will not prevent this
  information leak - if you are using Samba as an Active Directory Domain
  Controller, you will need to follow the instructions in the samba.org link
  given below.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2018-14628.html
    https://www.cve.org/CVERecord?id=CVE-2018-14628
  (* Security fix *)
 2023-12-01 13:30:38 +01:00
Patrick J Volkerding
65dd125008 Tue Nov 28 22:13:48 UTC 2023 
patches/packages/mozilla-thunderbird-115.5.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.5.1/releasenotes/
 2023-11-29 13:30:42 +01:00
Patrick J Volkerding
37e07224c1 Fri Nov 24 20:52:02 UTC 2023 
patches/packages/vim-9.0.2127-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-48231
    https://www.cve.org/CVERecord?id=CVE-2023-48232
    https://www.cve.org/CVERecord?id=CVE-2023-48233
    https://www.cve.org/CVERecord?id=CVE-2023-48234
    https://www.cve.org/CVERecord?id=CVE-2023-48235
    https://www.cve.org/CVERecord?id=CVE-2023-48236
    https://www.cve.org/CVERecord?id=CVE-2023-48237
  (* Security fix *)
patches/packages/vim-gvim-9.0.2127-x86_64-1_slack15.0.txz:  Upgraded.
 2023-11-25 13:30:42 +01:00
Patrick J Volkerding
48f20efbe7 Wed Nov 22 19:26:09 UTC 2023 
patches/packages/mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
    https://www.cve.org/CVERecord?id=CVE-2023-6204
    https://www.cve.org/CVERecord?id=CVE-2023-6205
    https://www.cve.org/CVERecord?id=CVE-2023-6206
    https://www.cve.org/CVERecord?id=CVE-2023-6207
    https://www.cve.org/CVERecord?id=CVE-2023-6208
    https://www.cve.org/CVERecord?id=CVE-2023-6209
    https://www.cve.org/CVERecord?id=CVE-2023-6212
  (* Security fix *)
 2023-11-23 13:30:33 +01:00
Patrick J Volkerding
151fc86d25 Tue Nov 21 21:15:30 UTC 2023 
patches/packages/kernel-firmware-20231120_9552083-noarch-1.txz:  Upgraded.
  Updated to the latest kernel firmware.
patches/packages/linux-5.15.139/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.116:
    https://www.cve.org/CVERecord?id=CVE-2023-35788
    https://www.cve.org/CVERecord?id=CVE-2022-45887
    https://www.cve.org/CVERecord?id=CVE-2022-45886
    https://www.cve.org/CVERecord?id=CVE-2023-3212
    https://www.cve.org/CVERecord?id=CVE-2022-45919
    Fixed in 5.15.117:
    https://www.cve.org/CVERecord?id=CVE-2023-2124
    https://www.cve.org/CVERecord?id=CVE-2023-34255
    Fixed in 5.15.118:
    https://www.cve.org/CVERecord?id=CVE-2023-3609
    https://www.cve.org/CVERecord?id=CVE-2023-3117
    https://www.cve.org/CVERecord?id=CVE-2023-3390
    https://www.cve.org/CVERecord?id=CVE-2023-3338
    Fixed in 5.15.119:
    https://www.cve.org/CVERecord?id=CVE-2023-3610
    Fixed in 5.15.121:
    https://www.cve.org/CVERecord?id=CVE-2023-31248
    https://www.cve.org/CVERecord?id=CVE-2023-38432
    https://www.cve.org/CVERecord?id=CVE-2023-3866
    https://www.cve.org/CVERecord?id=CVE-2023-2898
    https://www.cve.org/CVERecord?id=CVE-2023-44466
    https://www.cve.org/CVERecord?id=CVE-2023-4132
    https://www.cve.org/CVERecord?id=CVE-2023-3611
    https://www.cve.org/CVERecord?id=CVE-2022-48502
    https://www.cve.org/CVERecord?id=CVE-2023-3865
    https://www.cve.org/CVERecord?id=CVE-2023-35001
    https://www.cve.org/CVERecord?id=CVE-2023-3776
    https://www.cve.org/CVERecord?id=CVE-2023-3863
    Fixed in 5.15.122:
    https://www.cve.org/CVERecord?id=CVE-2023-20593
    Fixed in 5.15.123:
    https://www.cve.org/CVERecord?id=CVE-2023-3777
    https://www.cve.org/CVERecord?id=CVE-2023-4004
    Fixed in 5.15.124:
    https://www.cve.org/CVERecord?id=CVE-2023-4015
    https://www.cve.org/CVERecord?id=CVE-2023-4147
    https://www.cve.org/CVERecord?id=CVE-2023-1206
    Fixed in 5.15.125:
    https://www.cve.org/CVERecord?id=CVE-2022-40982
    https://www.cve.org/CVERecord?id=CVE-2023-20569
    Fixed in 5.15.126:
    https://www.cve.org/CVERecord?id=CVE-2023-20588
    https://www.cve.org/CVERecord?id=CVE-2023-4128
    https://www.cve.org/CVERecord?id=CVE-2023-4208
    https://www.cve.org/CVERecord?id=CVE-2023-4206
    https://www.cve.org/CVERecord?id=CVE-2023-4207
    https://www.cve.org/CVERecord?id=CVE-2023-40283
    Fixed in 5.15.128:
    https://www.cve.org/CVERecord?id=CVE-2023-4569
    https://www.cve.org/CVERecord?id=CVE-2023-39194
    https://www.cve.org/CVERecord?id=CVE-2023-4273
    https://www.cve.org/CVERecord?id=CVE-2023-3772
    Fixed in 5.15.132:
    https://www.cve.org/CVERecord?id=CVE-2023-4921
    https://www.cve.org/CVERecord?id=CVE-2023-4623
    https://www.cve.org/CVERecord?id=CVE-2023-42753
    https://www.cve.org/CVERecord?id=CVE-2023-42752
    https://www.cve.org/CVERecord?id=CVE-2023-39189
    https://www.cve.org/CVERecord?id=CVE-2023-4881
    https://www.cve.org/CVERecord?id=CVE-2023-45871
    https://www.cve.org/CVERecord?id=CVE-2023-39193
    https://www.cve.org/CVERecord?id=CVE-2023-39192
    Fixed in 5.15.133:
    https://www.cve.org/CVERecord?id=CVE-2023-42755
    Fixed in 5.15.134:
    https://www.cve.org/CVERecord?id=CVE-2023-42754
    https://www.cve.org/CVERecord?id=CVE-2023-4563
    https://www.cve.org/CVERecord?id=CVE-2023-4244
    https://www.cve.org/CVERecord?id=CVE-2023-5197
    Fixed in 5.15.135:
    https://www.cve.org/CVERecord?id=CVE-2023-34324
    https://www.cve.org/CVERecord?id=CVE-2023-31085
    https://www.cve.org/CVERecord?id=CVE-2023-5158
    Fixed in 5.15.136:
    https://www.cve.org/CVERecord?id=CVE-2023-35827
    Fixed in 5.15.137:
    https://www.cve.org/CVERecord?id=CVE-2023-46813
    https://www.cve.org/CVERecord?id=CVE-2023-5717
    https://www.cve.org/CVERecord?id=CVE-2023-5178
  (* Security fix *)
patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  Thanks to zuriel for the taskbar icon fix on Wayland. :-)
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-50/
    https://www.cve.org/CVERecord?id=CVE-2023-6204
    https://www.cve.org/CVERecord?id=CVE-2023-6205
    https://www.cve.org/CVERecord?id=CVE-2023-6206
    https://www.cve.org/CVERecord?id=CVE-2023-6207
    https://www.cve.org/CVERecord?id=CVE-2023-6208
    https://www.cve.org/CVERecord?id=CVE-2023-6209
    https://www.cve.org/CVERecord?id=CVE-2023-6212
  (* Security fix *)
 2023-11-22 13:30:37 +01:00
Patrick J Volkerding
4989eb7599 Sat Nov 18 19:26:33 UTC 2023 
patches/packages/ca-certificates-20231117-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
 2023-11-19 13:30:32 +01:00
Patrick J Volkerding
65d9c1e075 Thu Nov 16 20:51:47 UTC 2023 
patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release, needed by the GIMP upgrade.
patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes security issues:
  If a user loads a malicious DDS, PSD, or PSP file, this could result in a
  program crash or possibly the execution of arbitrary code.
  Please note that this package also requires the updated gegl package.
  Thanks to henca for the heads-up.
  For more information, see:
    https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444
  (* Security fix *)
 2023-11-17 13:30:41 +01:00
Patrick J Volkerding
2aa4bf659d Wed Nov 15 22:01:26 UTC 2023 
patches/packages/mozilla-thunderbird-115.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.3/releasenotes/
 2023-11-16 13:39:48 +01:00
Patrick J Volkerding
808e02a014 Tue Nov 14 21:22:47 UTC 2023 
patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Vulnerability allows high privileged attacker with network access via
  multiple protocols to compromise the server. Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
  (* Security fix *)
 2023-11-15 13:30:44 +01:00
Patrick J Volkerding
3dc2470097 Mon Nov 13 19:20:40 UTC 2023 
extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including patches for several
  security issues. Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-3550
    https://www.cve.org/CVERecord?id=CVE-2022-3551
    https://www.cve.org/CVERecord?id=CVE-2022-3553
    https://www.cve.org/CVERecord?id=CVE-2022-4283
    https://www.cve.org/CVERecord?id=CVE-2022-46340
    https://www.cve.org/CVERecord?id=CVE-2022-46341
    https://www.cve.org/CVERecord?id=CVE-2022-46342
    https://www.cve.org/CVERecord?id=CVE-2022-46343
    https://www.cve.org/CVERecord?id=CVE-2022-46344
    https://www.cve.org/CVERecord?id=CVE-2023-0494
    https://www.cve.org/CVERecord?id=CVE-2023-1393
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
 2023-11-14 13:30:39 +01:00
Patrick J Volkerding
048a0f1ff7 Fri Nov 10 18:46:44 UTC 2023 
patches/packages/whois-5.5.20-x86_64-1_slack15.0.txz:  Upgraded.
  Added the .gn TLD server.
  Removed 6 new gTLDs which are no longer active.
 2023-11-11 13:30:40 +01:00
Patrick J Volkerding
4f54aa8e51 Wed Nov 8 22:04:25 UTC 2023 
patches/packages/mozilla-thunderbird-115.4.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
patches/packages/sudo-1.9.15p1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release:
  Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
  from being able to read the ldap.conf file.
 2023-11-09 13:30:50 +01:00
Patrick J Volkerding
206ee03fe7 Tue Nov 7 19:57:12 UTC 2023 
patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz:  Upgraded.
  The sudoers plugin has been modified to make it more resilient to ROWHAMMER
  attacks on authentication and policy matching.
  The sudoers plugin now constructs the user time stamp file path name using
  the user-ID instead of the user name. This avoids a potential problem with
  user names that contain a path separator ('/') being interpreted as part of
  the path name.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42465
    https://www.cve.org/CVERecord?id=CVE-2023-42456
  (* Security fix *)
 2023-11-08 13:30:36 +01:00
Patrick J Volkerding
6142170248 Tue Oct 31 18:49:18 UTC 2023 
extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.25
 2023-11-01 13:30:19 +01:00
Patrick J Volkerding
61c8c898a8 Thu Oct 26 19:55:16 UTC 2023 
patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
 2023-10-27 13:30:41 +02:00
Patrick J Volkerding
6f3fcdc1d3 Tue Oct 24 22:26:20 UTC 2023 
patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-46/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.0/releasenotes/
patches/packages/vim-9.0.2063-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free security issue.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-5535
  (* Security fix *)
patches/packages/vim-gvim-9.0.2063-x86_64-1_slack15.0.txz:  Upgraded.
 2023-10-25 13:30:39 +02:00
Patrick J Volkerding
fabd0327d1 Sun Oct 22 19:30:42 UTC 2023 
patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
  gets(char*, int), which could lead to privilege escalation or application
  crash.
  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
  application crash by maliciously crafted input file.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-32142
    https://www.cve.org/CVERecord?id=CVE-2023-1729
  (* Security fix *)
 2023-10-23 13:30:40 +02:00
Patrick J Volkerding
6f8267e616 Thu Oct 19 19:14:05 UTC 2023 
patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
  right away on RST.
  low: mod_macro buffer over-read.
  low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.58
    https://www.cve.org/CVERecord?id=CVE-2023-45802
    https://www.cve.org/CVERecord?id=CVE-2023-31122
    https://www.cve.org/CVERecord?id=CVE-2023-43622
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
 2023-10-20 13:30:46 +02:00
Patrick J Volkerding
4940fc9a42 Tue Oct 17 19:34:56 UTC 2023 
patches/packages/util-linux-2.37.4-x86_64-2_slack15.0.txz:  Rebuilt.
  Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
  '-h' option, used (for example) by telnetd. If -h is used without
  /etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
  will be ignored, possibly allowing root to login from a tty that is not
  considered secure. Of course, the usual disclaimers about the security of
  telnet/telnetd apply.
  Thanks to HytronBG and Petri Kaukasoina.
  (* Security fix *)
 2023-10-18 13:30:40 +02:00
Patrick J Volkerding
8587721dc4 Wed Oct 11 22:22:40 UTC 2023 
patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a crash bug (a crafted file defining width of zero leads to divide by
  zero and a crash). Seems to be merely a bug rather than a security issue, but
  I'd been meaning to get beta20 building so this was a good excuse.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-0856
  (* Security fix *)
 2023-10-12 13:30:43 +02:00
Patrick J Volkerding
3923d6b15d Tue Oct 10 19:27:56 UTC 2023 
patches/packages/libcue-2.2.1-x86_64-4_slack15.0.txz:  Rebuilt.
  Fixed a bug which could allow memory corruption resulting in arbitrary
  code execution.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-43641
  (* Security fix *)
patches/packages/libnotify-0.8.3-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains a critical stability/minor security update which
  affects Electron applications that utilize Portal notifications (eg,
  through Flatpak). It is highly recommended that all users of libnotify
  0.8.x update to this release.
  (* Security fix *)
 2023-10-11 13:30:18 +02:00
Patrick J Volkerding
8e8992f064 Mon Oct 9 18:10:01 UTC 2023 
patches/packages/wayland-1.22.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/whois-5.5.19-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed english support for Japanese queries to not add again the /e argument
  if it had already been provided by the user. (Closes: #1050171)
  Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
  Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
  .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
  TLD servers.
  Upgraded the TLD URLs to HTTPS whenever possible.
  Updated the charset for whois.jprs.jp.
  Removed 3 new gTLDs which are no longer active.
  Removed support for the obsolete as32 dot notation.
 2023-10-10 13:30:39 +02:00
Patrick J Volkerding
6f6a8c672a Fri Oct 6 21:28:34 UTC 2023 
patches/packages/netatalk-3.1.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Harden create_appledesktop_folder().
  For more information, see:
    https://netatalk.sourceforge.io/CVE-2022-22995.php
    https://www.cve.org/CVERecord?id=CVE-2022-22995
  (* Security fix *)
 2023-10-07 13:30:36 +02:00
Patrick J Volkerding
2e4c4aae36 Tue Oct 3 22:19:10 UTC 2023 
patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)
patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
  libXpm: out of bounds read on XPM with corrupted colormap.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43788
    https://www.cve.org/CVERecord?id=CVE-2023-43789
  (* Security fix *)
 2023-10-04 13:30:38 +02:00
Patrick J Volkerding
fa0445dbfe Sat Sep 30 21:33:49 UTC 2023 
patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains two security related fixes -- one each for VP8 and VP9.
  For more information, see:
    https://crbug.com/1486441
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains a security fix for a critical heap buffer overflow in
  the libvpx VP8 encoder.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
 2023-10-01 13:30:39 +02:00
Patrick J Volkerding
c0d3f6fb28 Thu Sep 28 21:37:06 UTC 2023 
extra/php81/php81-8.1.24-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.24
patches/packages/mozilla-firefox-115.3.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains a security fix.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
 2023-09-29 13:39:40 +02:00
Patrick J Volkerding
1690d47026 Wed Sep 27 23:51:07 UTC 2023 
patches/packages/mozilla-thunderbird-115.3.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/
 2023-09-28 13:39:40 +02:00
Patrick J Volkerding
766af50fb1 Tue Sep 26 19:30:21 UTC 2023 
patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/mozilla-firefox-115.3.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/
    https://www.cve.org/CVERecord?id=CVE-2023-5168
    https://www.cve.org/CVERecord?id=CVE-2023-5169
    https://www.cve.org/CVERecord?id=CVE-2023-5171
    https://www.cve.org/CVERecord?id=CVE-2023-5174
    https://www.cve.org/CVERecord?id=CVE-2023-5176
  (* Security fix *)
 2023-09-27 13:30:41 +02:00
Patrick J Volkerding
9615afc308 Thu Sep 21 19:32:42 UTC 2023 
patches/packages/bind-9.16.44-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
  (* Security fix *)
patches/packages/cups-2.4.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fixed Heap-based buffer overflow when reading Postscript in PPD files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4504
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17.1
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
testing/packages/bind-9.18.19-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  Fix use-after-free error in TLS DNS code when sending data.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
    https://kb.isc.org/docs/cve-2023-4236
    https://www.cve.org/CVERecord?id=CVE-2023-4236
  (* Security fix *)
 2023-09-22 13:30:41 +02:00
Patrick J Volkerding
b0fcf677c3 Mon Sep 18 18:40:04 UTC 2023 
patches/packages/netatalk-3.1.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Validate data type in dalloc_value_for_key(). This flaw could allow a
  malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
  execute arbitrary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42464
  (* Security fix *)
 2023-09-19 13:30:40 +02:00
Patrick J Volkerding
5672ded1ee Fri Sep 15 19:48:39 UTC 2023 
patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
  of the TLS handshake and included protections (like certificate verification)
  and treating sent unencrypted data as if it were post-handshake TLS encrypted
  data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-40217
  (* Security fix *)
 2023-09-16 13:39:10 +02:00
Patrick J Volkerding
41dd70fad9 Thu Sep 14 21:10:50 UTC 2023 
patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz:  Upgraded.
  Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
 2023-09-15 13:30:41 +02:00
Patrick J Volkerding
1c8e67398a Wed Sep 13 01:32:01 UTC 2023 
patches/packages/mozilla-firefox-115.2.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.1/releasenotes/
 2023-09-13 13:30:41 +02:00
Patrick J Volkerding
466ae7e51f Mon Sep 11 20:19:30 UTC 2023 
patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue that does not affect Linux:
  Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4807
patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
 2023-09-12 13:39:43 +02:00
Patrick J Volkerding
38f09f634f Sun Sep 3 19:37:21 UTC 2023 
patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix crash on startup. Thanks to Lockywolf and ponce.
 2023-09-04 13:30:46 +02:00
Patrick J Volkerding
43cd17b912 Fri Sep 1 20:16:14 UTC 2023 
extra/php81/php81-8.1.23-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.23
 2023-09-02 13:30:37 +02:00
Patrick J Volkerding
7089a162f8 Wed Aug 30 21:58:04 UTC 2023 
patches/packages/mozilla-firefox-115.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-36/
    https://www.cve.org/CVERecord?id=CVE-2023-4573
    https://www.cve.org/CVERecord?id=CVE-2023-4574
    https://www.cve.org/CVERecord?id=CVE-2023-4575
    https://www.cve.org/CVERecord?id=CVE-2023-4576
    https://www.cve.org/CVERecord?id=CVE-2023-4577
    https://www.cve.org/CVERecord?id=CVE-2023-4051
    https://www.cve.org/CVERecord?id=CVE-2023-4578
    https://www.cve.org/CVERecord?id=CVE-2023-4053
    https://www.cve.org/CVERecord?id=CVE-2023-4580
    https://www.cve.org/CVERecord?id=CVE-2023-4581
    https://www.cve.org/CVERecord?id=CVE-2023-4582
    https://www.cve.org/CVERecord?id=CVE-2023-4583
    https://www.cve.org/CVERecord?id=CVE-2023-4584
    https://www.cve.org/CVERecord?id=CVE-2023-4585
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.0/releasenotes/
  (* Security fix *)
 2023-08-31 13:30:36 +02:00
Patrick J Volkerding
1676c6978a Wed Aug 16 20:45:00 UTC 2023 
patches/packages/mozilla-thunderbird-115.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
 2023-08-17 13:30:35 +02:00
Patrick J Volkerding
8db417d304 Mon Aug 14 19:04:41 UTC 2023 
patches/packages/mariadb-10.5.22-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://mariadb.com/kb/en/mariadb-10-5-22-changelog/
 2023-08-15 13:30:34 +02:00
Patrick J Volkerding
d32f6bcf5a Mon Aug 7 19:22:02 UTC 2023 
extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Security issue with external entity loading in XML without enabling it.
  Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
  (* Security fix *)
patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
  Applied the last patches from Bram Moolenaar.
  RIP Bram, and thanks for your great work on VIM and your kindness to the
  orphan children in Uganda.
  If you'd like to honor Bram with a donation to his charity, please visit:
  https://iccf-holland.org/
patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
 2023-08-08 13:30:34 +02:00
Patrick J Volkerding
79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023 
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
 2023-08-05 13:30:38 +02:00
Patrick J Volkerding
af3a1b13c3 Tue Aug 1 19:50:53 UTC 2023 
patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Fix excessive time spent checking DH q parameter value.
  Fix DH_check() excessive time with over sized modulus.
  For more information, see:
    https://www.openssl.org/news/secadv/20230731.txt
    https://www.openssl.org/news/secadv/20230719.txt
    https://www.cve.org/CVERecord?id=CVE-2023-3817
    https://www.cve.org/CVERecord?id=CVE-2023-3446
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
 2023-08-02 13:30:35 +02:00
Patrick J Volkerding
b64d3ecbf3 Mon Jul 31 21:52:46 UTC 2023 
patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/
    https://www.cve.org/CVERecord?id=CVE-2023-3417
  (* Security fix *)
patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17
  (* Security fix *)
 2023-08-01 13:30:32 +02:00