Commit graph

305 commits

Author SHA1 Message Date
Patrick J Volkerding
6d57f3ac47 Sun Feb 20 05:13:20 UTC 2022
patches/packages/expat-2.4.5-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed security issues that could lead to denial of service or potentially
  arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
  (* Security fix *)
2022-02-21 13:29:58 +01:00
Patrick J Volkerding
a019271253 Fri Feb 18 05:29:00 UTC 2022
patches/packages/mozilla-thunderbird-91.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
  (* Security fix *)
patches/packages/php-7.4.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  UAF due to php_filter_float() failing for ints.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
  (* Security fix *)
2022-02-19 13:30:02 +01:00
Patrick J Volkerding
c9881ad979 Tue Feb 15 20:00:48 UTC 2022
patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz:  Rebuilt.
  If root's mailbox did not already exist, it would be created with insecure
  permissions leading to possible local information disclosure. This update
  ensures that a new mailbox will be created with proper permissions and
  ownership, and corrects the permissions on an existing mailbox if they are
  found to be incorrect. Thanks to Martin for the bug report.
  (* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes a security issue in chsh(1) and chfn(8):
  By default, these utilities had been linked with libreadline, which allows
  the INPUTRC environment variable to be abused to produce an error message
  containing data from an arbitrary file. So, don't link these utilities with
  libreadline as it does not use secure_getenv() (or a similar concept), or
  sanitize the config file path to avoid vulnerabilities that could occur in
  set-user-ID or set-group-ID programs.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
  (* Security fix *)
2022-02-16 13:29:58 +01:00
Patrick J Volkerding
9a5f4fd634 Mon Feb 14 00:10:38 UTC 2022
patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes potential denial-of-service vulnerabilities.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
  (* Security fix *)
2022-02-14 13:29:59 +01:00
Patrick J Volkerding
eb19d64569 Thu Feb 10 01:46:55 UTC 2022
patches/packages/at-3.2.3-x86_64-1_slack15.0.txz:  Upgraded.
  Switched to at-3.2.3 since version 3.2.4 has a regression that causes
  queued jobs to not always run on time when atd is run as a standalone
  daemon. Thanks to Cesare.
patches/packages/mozilla-firefox-91.6.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.6.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-05/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22763
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
  (* Security fix *)
patches/packages/mozilla-thunderbird-91.6.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6
  (* Security fix *)
2022-02-10 05:00:00 +01:00