Commit graph

1177 commits

Author SHA1 Message Date
Patrick J Volkerding
f9f39a199c Fri Oct 21 18:19:00 UTC 2022
patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  Notably, this addresses some regressions caused by the file-list validation
  fix in rsync-3.2.5.
  Thanks to llgar.
2022-10-22 13:30:46 +02:00
Patrick J Volkerding
1f4633ae9c Thu Oct 20 18:39:03 UTC 2022
patches/packages/mozilla-thunderbird-102.4.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.4.0/releasenotes/
patches/packages/whois-5.5.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update adds the .bf and .sd TLD servers, removes the .gu TLD server,
  updates the .dm, .fj, .mt and .pk TLD servers, updates the charset for
  whois.nic.tr, updates the list of new gTLDs, removes whois.nic.fr from the
  list of RIPE-like servers (because it is not one anymore), renames
  whois.arnes.si to whois.register.si in the list of RIPE-like servers, and
  adds the hiding string for whois.auda.org.au.
2022-10-21 13:30:04 +02:00
Patrick J Volkerding
58fac6b4a4 Wed Oct 19 20:06:33 UTC 2022
patches/packages/samba-4.15.10-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.samba.org/samba/history/samba-4.15.10.html
2022-10-20 13:30:54 +02:00
Patrick J Volkerding
f6bba8a1d2 Tue Oct 18 20:29:54 UTC 2022
patches/packages/git-2.35.5-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes two security issues:
  * CVE-2022-39253:
  When relying on the `--local` clone optimization, Git dereferences
  symbolic links in the source repository before creating hardlinks
  (or copies) of the dereferenced link in the destination repository.
  This can lead to surprising behavior where arbitrary files are
  present in a repository's `$GIT_DIR` when cloning from a malicious
  repository.
  Git will no longer dereference symbolic links via the `--local`
  clone mechanism, and will instead refuse to clone repositories that
  have symbolic links present in the `$GIT_DIR/objects` directory.
  Additionally, the value of `protocol.file.allow` is changed to be
  "user" by default.
  * CVE-2022-39260:
  An overly-long command string given to `git shell` can result in
  overflow in `split_cmdline()`, leading to arbitrary heap writes and
  remote code execution when `git shell` is exposed and the directory
  `$HOME/git-shell-commands` exists.
  `git shell` is taught to refuse interactive commands that are
  longer than 4MiB in size. `split_cmdline()` is hardened to reject
  inputs larger than 2GiB.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
  (* Security fix *)
patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.4.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-45/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
  (* Security fix *)
2022-10-19 13:30:12 +02:00
Patrick J Volkerding
2559feca78 Mon Oct 17 19:31:45 UTC 2022
patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz:  Rebuilt.
  xkb: proof GetCountedString against request length attacks.
  xkb: fix some possible memleaks in XkbGetKbdByName.
  xquartz: Fix a possible crash when editing the Application menu due
  to mutating immutable arrays.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz:  Rebuilt.
  xkb: proof GetCountedString against request length attacks.
  xkb: fix some possible memleaks in XkbGetKbdByName.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
  (* Security fix *)
2022-10-18 13:30:33 +02:00
Patrick J Volkerding
a37e7d6f03 Mon Oct 17 00:42:43 UTC 2022
patches/packages/glibc-zoneinfo-2022e-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-10-17 13:30:32 +02:00
Patrick J Volkerding
da8b549669 Sat Oct 15 20:28:34 UTC 2022
patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a bug when getting a gzip header extra field with inflateGetHeader().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
  (* Security fix *)
2022-10-16 13:30:55 +02:00
Patrick J Volkerding
00cb38d107 Fri Oct 14 01:39:37 UTC 2022
patches/packages/mozilla-thunderbird-102.3.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.3/releasenotes/
patches/packages/python3-3.9.15-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap
  use-after-free vulnerability in function doContent.
  gh-97616: a fix for a possible buffer overflow in list *= int.
  gh-97612: a fix for possible shell injection in the example script
  get-remote-certificate.py.
  gh-96577: a fix for a potential buffer overrun in msilib.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  (* Security fix *)
2022-10-14 13:30:41 +02:00
Patrick J Volkerding
46235d1ce0 Sat Oct 8 19:23:31 UTC 2022
patches/packages/libksba-1.6.2-x86_64-1_slack15.0.txz:  Upgraded.
  Detect a possible overflow directly in the TLV parser.
  This patch detects possible integer overflows immmediately when creating
  the TI object.
  Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
  (* Security fix *)
2022-10-09 13:31:06 +02:00
Patrick J Volkerding
d0aaad7d2b Fri Oct 7 20:32:18 UTC 2022
patches/packages/mozilla-thunderbird-102.3.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.2/releasenotes/
2022-10-08 13:30:33 +02:00
Patrick J Volkerding
153ac9bb20 Wed Oct 5 18:55:36 UTC 2022
patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two security issues:
  Corrected a reference count leak that occurs when the server builds
  responses to leasequery packets.
  Corrected a memory leak that occurs when unpacking a packet that has an
  FQDN option (81) that contains a label with length greater than 63 bytes.
  Thanks to VictorV of Cyber Kunlun Lab for reporting these issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929
  (* Security fix *)
2022-10-06 13:30:32 +02:00
Patrick J Volkerding
a96a6a61e4 Sat Oct 1 18:38:27 UTC 2022
patches/packages/glibc-zoneinfo-2022d-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-10-02 13:30:33 +02:00
Patrick J Volkerding
3087018ea7 Fri Sep 30 17:52:21 UTC 2022
extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236
  (* Security fix *)
patches/packages/php-7.4.32-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  phar wrapper: DOS when using quine gzip file.
  Don't mangle HTTP variable names that clash with ones that have a specific
  semantic meaning.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
  (* Security fix *)
patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.14
  (* Security fix *)
patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free and stack-based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324
  (* Security fix *)
patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz:  Upgraded.
2022-10-01 13:30:35 +02:00
Patrick J Volkerding
ef823d82ca Wed Sep 28 18:59:51 UTC 2022
patches/packages/xorg-server-xwayland-21.1.4-x86_64-2_slack15.0.txz:  Rebuilt.
  xkb: switch to array index loops to moving pointers.
  xkb: add request length validation for XkbSetGeometry.
  xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
  I hadn't realized that the xorg-server patches were needed (or applied
  cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-)
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
  (* Security fix *)
2022-09-29 13:30:05 +02:00
Patrick J Volkerding
0ab769ac69 Mon Sep 26 19:43:54 UTC 2022
patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz:  Upgraded.
  Fix write-after-free error in DHCPv6 server code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934
  (* Security fix *)
patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed stack-based buffer overflow.
  Thanks to marav for the heads-up.
  In addition, Mig21 pointed out an issue where the defaults.vim file might
  need to be edited for some purposes as its contents will override the
  settings in the system-wide vimrc. Usually this file is replaced whenever
  vim is upgraded, which in those situations would be inconvenient for the
  admin. So, I've added support for a file named defaults.vim.custom which
  (if it exists) will be used instead of the defaults.vim file shipped in
  the package and will persist through upgrades.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
  (* Security fix *)
patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz:  Upgraded.
2022-09-27 13:30:30 +02:00
Patrick J Volkerding
1730200e5d Fri Sep 23 23:51:02 UTC 2022
patches/packages/vim-9.0.0558-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
  (* Security fix *)
patches/packages/vim-gvim-9.0.0558-x86_64-1_slack15.0.txz:  Upgraded.
2022-09-24 13:30:28 +02:00
Patrick J Volkerding
d22a8a6524 Thu Sep 22 19:50:20 UTC 2022
patches/packages/ca-certificates-20220922-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2022-09-23 13:30:28 +02:00
Patrick J Volkerding
8f546e8375 Wed Sep 21 19:19:07 UTC 2022
patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz:  Rebuilt.
  Fixed crash when using the CUPS web setup interface:
  [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
  it (Issue #409).
  Thanks to MisterL, bryjen, and kjhambrick.
  Fixed an OpenSSL certificate loading issue:
  [PATCH] The OpenSSL code path wasn't loading the full certificate
  chain (Issue #465).
  Thanks to tmmukunn.
2022-09-22 13:30:28 +02:00
Patrick J Volkerding
b9facc142f Tue Sep 20 22:50:28 UTC 2022
patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Heap use-after-free vulnerability in function doContent. Expected impact is
  denial of service or potentially arbitrary code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  (* Security fix *)
patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-41/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/
2022-09-21 13:30:31 +02:00
Patrick J Volkerding
ed751ebff5 Sun Sep 18 19:02:14 UTC 2022
patches/packages/vim-9.0.0500-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed heap-based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
  (* Security fix *)
patches/packages/vim-gvim-9.0.0500-x86_64-1_slack15.0.txz:  Upgraded.
2022-09-19 13:30:28 +02:00
Patrick J Volkerding
b6bae52b64 Sat Sep 10 01:51:43 UTC 2022
patches/packages/vim-9.0.0417-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed null pointer dereference.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153
  (* Security fix *)
patches/packages/vim-gvim-9.0.0417-x86_64-1_slack15.0.txz:  Upgraded.
2022-09-11 13:30:27 +02:00
Patrick J Volkerding
dfdaa16c05 Thu Sep 8 01:33:19 UTC 2022
patches/packages/mozilla-thunderbird-102.2.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
2022-09-08 13:30:28 +02:00
Patrick J Volkerding
23a0b53a62 Tue Sep 6 20:21:24 UTC 2022
extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1.
patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-34/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  Some accounts may need to be reconfigured after moving from
  Thunderbird 91.13.0 to Thunderbird 102.2.1.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
  (* Security fix *)
patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
  (* Security fix *)
patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
2022-09-07 13:30:33 +02:00
Patrick J Volkerding
ca8c1d3c22 Thu Sep 1 20:01:13 UTC 2022
patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz:  Rebuilt.
  [PATCH] JBIG2Stream: Fix crash on broken file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860
  (* Security fix *)
2022-09-02 13:30:06 +02:00
Patrick J Volkerding
1393bd0f4f Tue Aug 30 19:39:30 UTC 2022
extra/sendmail/sendmail-8.17.1-x86_64-4_slack15.0.txz:  Rebuilt.
  Patched sendmail.h to fix SASL auth. Thanks to af7567.
  Build without -DUSE_EAI (which is evidently considered experimental) since
  the option breaks the vacation binary. Thanks to bitfuzzy and HQuest.
  It is possible that this could work but requires additional options. I found
  this in the ChangeLog for the SUSE rpm:
    Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available
    when using the compile time option USE_EAI (see also
    devtools/Site/site.config.m4.sample for other required settings) and the cf
    option SMTPUTF8.  If a mail submission via the command line requires the
    use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the
    addresses on the command line are all ASCII, then the new option -U must be
    used, and the cf option SMTPUTF8 must be set in submit.cf.
  Any assistance with getting -DUSE_EAI working properly would be appreciated.
extra/sendmail/sendmail-cf-8.17.1-noarch-4_slack15.0.txz:  Rebuilt.
patches/packages/vim-9.0.0334-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
  (* Security fix *)
patches/packages/vim-gvim-9.0.0334-x86_64-1_slack15.0.txz:  Upgraded.
2022-08-31 13:30:01 +02:00
Patrick J Volkerding
71a81b7408 Fri Aug 26 04:02:20 UTC 2022
patches/packages/linux-5.15.63/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.39:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
    Fixed in 5.15.40:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943
    Fixed in 5.15.41:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
    Fixed in 5.15.42:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
    Fixed in 5.15.44:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
    Fixed in 5.15.45:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
    Fixed in 5.15.46:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973
    Fixed in 5.15.47:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981
    Fixed in 5.15.48:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
    Fixed in 5.15.53:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744
    Fixed in 5.15.54:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
    Fixed in 5.15.56:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123
    Fixed in 5.15.57:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
    Fixed in 5.15.58:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
    Fixed in 5.15.59:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
    Fixed in 5.15.60:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
    Fixed in 5.15.61:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
  (* Security fix *)
patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz:  Upgraded.
  We're just going to move to vim-9 instead of continuing to backport patches
  to the vim-8 branch. Most users will be better served by this.
  Fixed use after free and null pointer dereference.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
  (* Security fix *)
patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz:  Upgraded.
2022-08-27 13:30:28 +02:00
Patrick J Volkerding
d96560a977 Tue Aug 23 19:27:56 UTC 2022
extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz:  Rebuilt.
  In recent versions of glibc, USE_INET6 has been removed which caused sendmail
  to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the
  site.config.m4 allows the reverse lookups to work again fixing this issue.
  Thanks to talo.
extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz:  Rebuilt.
patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed invalid read operation in SuggestMgr::leftcommonsubstring
  in suggestmgr.cxx.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707
  (* Security fix *)
patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-35/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
2022-08-24 13:30:27 +02:00
Patrick J Volkerding
44e993e802 Sat Aug 20 20:04:15 UTC 2022
patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz:  Rebuilt.
  Fix use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz:  Rebuilt.
2022-08-21 13:30:26 +02:00
Patrick J Volkerding
77a67ac465 Thu Aug 18 23:19:52 UTC 2022
patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-08-19 13:29:58 +02:00
Patrick J Volkerding
821b8a94bf Wed Aug 17 20:41:53 UTC 2022
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix use after free, out-of-bounds read, and heap based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
2022-08-18 13:30:02 +02:00
Patrick J Volkerding
834b3a5fc2 Tue Aug 16 18:51:34 UTC 2022
patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
  (* Security fix *)
2022-08-17 13:30:28 +02:00
Patrick J Volkerding
cffeb680aa Mon Aug 15 20:23:47 UTC 2022
patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz:  Upgraded.
  Added some file-list safety checking that helps to ensure that a rogue
  sending rsync can't add unrequested top-level names and/or include recursive
  names that should have been excluded by the sender. These extra safety
  checks only require the receiver rsync to be updated. When dealing with an
  untrusted sending host, it is safest to copy into a dedicated destination
  directory for the remote content (i.e. don't copy into a destination
  directory that contains files that aren't from the remote host unless you
  trust the remote host).
  For more information, see:
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
  (* Security fix *)
2022-08-16 13:30:28 +02:00
Patrick J Volkerding
24a4907817 Sat Aug 13 19:12:40 UTC 2022
patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-08-14 13:30:29 +02:00
Patrick J Volkerding
5dd1410e22 Tue Aug 9 19:25:22 UTC 2022
patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix update.
  Applied an upstream patch to restore the handling of CRC inputs to be the
  same as in previous releases of zlib. This fixes an issue with OpenJDK.
  Thanks to alienBOB.
2022-08-10 13:30:27 +02:00
Patrick J Volkerding
e8686ed7fd Fri Jul 29 19:59:03 UTC 2022
patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz:  Upgraded.
  libgnutls: Fixed double free during verification of pkcs7 signatures.
  Reported by Jaak Ristioja.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
  (* Security fix *)
2022-07-30 13:30:32 +02:00
Patrick J Volkerding
0648599e6d Thu Jul 28 23:48:36 UTC 2022
patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12
  (* Security fix *)
2022-07-29 13:31:04 +02:00
Patrick J Volkerding
ad19766c1e Wed Jul 27 19:17:38 UTC 2022
patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  Samba AD users can bypass certain restrictions associated with changing
  passwords.
  Samba AD users can forge password change requests for any user.
  Samba AD users can crash the server process with an LDAP add or modify
  request.
  Samba AD users can induce a use-after-free in the server process with an
  LDAP add or modify request.
  Server memory information leak via SMB1.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2031.html
    https://www.samba.org/samba/security/CVE-2022-32744.html
    https://www.samba.org/samba/security/CVE-2022-32745.html
    https://www.samba.org/samba/security/CVE-2022-32746.html
    https://www.samba.org/samba/security/CVE-2022-32742.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
  (* Security fix *)
2022-07-28 13:30:29 +02:00
Patrick J Volkerding
bfbbd63f28 Mon Jul 25 20:53:49 UTC 2022
patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
  (* Security fix *)
patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92,
  Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14.
  Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
  possibly other programs) might have trouble linking with it since it's not
  in the LD_LIBRARY_PATH. Thanks to oneforall.
2022-07-26 13:30:29 +02:00
Patrick J Volkerding
7e93037632 Thu Jul 21 18:13:18 UTC 2022
patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
  an out-of-bounds memory access.
  A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
  pointer dereference.
  Improper Input Validation when SETing malformed OIDs in master agent and
  subagent simultaneously.
  A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
  can cause an out-of-bounds memory access.
  A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
  NULL pointer dereference.
  A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
  dereference.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
  (* Security fix *)
2022-07-22 13:30:29 +02:00
Patrick J Volkerding
83e918a979 Wed Jul 13 19:56:59 UTC 2022
patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
  xkb: switch to array index loops to moving pointers.
  xkb: add request length validation for XkbSetGeometry.
  xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
2022-07-14 13:30:35 +02:00
Patrick J Volkerding
86cbc47746 Mon Jul 11 19:22:52 UTC 2022
patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.13
  (* Security fix *)
2022-07-12 13:30:28 +02:00
Patrick J Volkerding
5cd37beaa8 Sun Jul 10 18:49:34 UTC 2022
patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz:  Upgraded.
  WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially
  crafted DSD file causes an out-of-bounds read exception.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
  (* Security fix *)
2022-07-11 13:30:28 +02:00
Patrick J Volkerding
9edcc6c242 Thu Jul 7 23:03:01 UTC 2022
patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz:  Upgraded.
  g10: Fix possibly garbled status messages in NOTATION_DATA.  This bug could
  trick GPGME and other parsers to accept faked status lines.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
  (* Security fix *)
extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627
  (* Security fix *)
2022-07-08 13:30:29 +02:00
Patrick J Volkerding
4338767300 Tue Jul 5 20:17:00 UTC 2022
patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Heap memory corruption with RSA private key operation.
  AES OCB fails to encrypt some bytes.
  For more information, see:
    https://www.openssl.org/news/secadv/20220705.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz:  Upgraded.
2022-07-06 13:30:42 +02:00
Patrick J Volkerding
d01c4c7b84 Fri Jul 1 01:23:50 UTC 2022
patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
2022-07-01 13:30:27 +02:00
Patrick J Volkerding
7a6788c35a Tue Jun 28 19:16:08 UTC 2022
patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Set-Cookie denial of service.
  HTTP compression denial of service.
  Unpreserved file permissions.
  FTP-KRB bad message verification.
  For more information, see:
    https://curl.se/docs/CVE-2022-32205.html
    https://curl.se/docs/CVE-2022-32206.html
    https://curl.se/docs/CVE-2022-32207.html
    https://curl.se/docs/CVE-2022-32208.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
  (* Security fix *)
patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-25/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
2022-06-29 13:30:31 +02:00
Patrick J Volkerding
40bf9bf864 Thu Jun 23 05:30:51 UTC 2022
patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
  In addition to the c_rehash shell command injection identified in
  CVE-2022-1292, further circumstances where the c_rehash script does not
  properly sanitise shell metacharacters to prevent command injection were
  found by code review.
  When the CVE-2022-1292 was fixed it was not discovered that there
  are other places in the script where the file names of certificates
  being hashed were possibly passed to a command executed through the shell.
  For more information, see:
    https://www.openssl.org/news/secadv/20220621.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
2022-06-24 01:30:06 +02:00
Patrick J Volkerding
7809bcc762 Mon Jun 13 21:02:58 UTC 2022
patches/packages/php-7.4.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
2022-06-14 13:30:26 +02:00
Patrick J Volkerding
348dffe043 Wed Jun 8 19:15:34 UTC 2022
patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
  Information Disclosure in mod_lua with websockets.
  mod_sed denial of service.
  Denial of service in mod_lua r:parsebody.
  Read beyond bounds in ap_strcmp_match().
  Read beyond bounds via ap_rwrite().
  Read beyond bounds in mod_isapi.
  mod_proxy_ajp: Possible request smuggling.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.54
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
  (* Security fix *)
2022-06-09 13:30:28 +02:00
Patrick J Volkerding
b9f4e8dc0e Sat Jun 4 18:43:17 UTC 2022
patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://www.pidgin.im/posts/2022-06-2.14.10-released/
  (* Security fix *)
2022-06-05 13:30:26 +02:00