slackware-current

1193 commits 8 branches 2378 tags 489 MiB

Author	SHA1	Message	Date
Patrick J Volkerding	d17567f359	Thu Dec 8 22:48:34 UTC 2022 patches/packages/emacs-27.2-x86_64-2_slack15.0.txz: Rebuilt. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix ) patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded. This update fixes various security issues such as a heap-based buffer overflow and use after free. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-4141 https://www.cve.org/CVERecord?id=CVE-2022-3591 https://www.cve.org/CVERecord?id=CVE-2022-3520 https://www.cve.org/CVERecord?id=CVE-2022-3491 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://www.cve.org/CVERecord?id=CVE-2022-4293 ( Security fix *) patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.	2022-12-09 13:30:05 +01:00
Patrick J Volkerding	bcdf30a8fe	Mon Oct 31 23:31:36 UTC 2022 extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 (* Security fix ) extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-31630 https://www.cve.org/CVERecord?id=CVE-2022-37454 ( Security fix ) patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/ patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded. A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-3705 ( Security fix *) patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded.	2022-11-01 13:30:36 +01:00

Author

SHA1

Message

Date

Patrick J Volkerding

d17567f359

Thu Dec 8 22:48:34 UTC 2022

patches/packages/emacs-27.2-x86_64-2_slack15.0.txz:  Rebuilt.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes various security issues such as a heap-based buffer
  overflow and use after free.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-4141
    https://www.cve.org/CVERecord?id=CVE-2022-3591
    https://www.cve.org/CVERecord?id=CVE-2022-3520
    https://www.cve.org/CVERecord?id=CVE-2022-3491
    https://www.cve.org/CVERecord?id=CVE-2022-4292
    https://www.cve.org/CVERecord?id=CVE-2022-4293
  (* Security fix *)
patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz:  Upgraded.

2022-12-09 13:30:05 +01:00

Patrick J Volkerding

bcdf30a8fe

Mon Oct 31 23:31:36 UTC 2022

extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  GD: OOB read due to insufficient input validation in imageloadfont().
  Hash: buffer overflow in hash_update() on long parameter.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31630
    https://www.cve.org/CVERecord?id=CVE-2022-37454
  (* Security fix *)
extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  GD: OOB read due to insufficient input validation in imageloadfont().
  Hash: buffer overflow in hash_update() on long parameter.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-31630
    https://www.cve.org/CVERecord?id=CVE-2022-37454
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.
  A vulnerability was found in vim and classified as problematic. Affected by
  this issue is the function qf_update_buffer of the file quickfix.c of the
  component autocmd Handler. The manipulation leads to use after free. The
  attack may be launched remotely. Upgrading to version 9.0.0805 is able to
  address this issue.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-3705
  (* Security fix *)
patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.

2022-11-01 13:30:36 +01:00

Renamed from patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txt (Browse further)

2 commits