Commit graph

1350 commits

Author SHA1 Message Date
Patrick J Volkerding
44e993e802 Sat Aug 20 20:04:15 UTC 2022
patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz:  Rebuilt.
  Fix use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz:  Rebuilt.
2022-08-21 13:30:26 +02:00
Patrick J Volkerding
77a67ac465 Thu Aug 18 23:19:52 UTC 2022
patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-08-19 13:29:58 +02:00
Patrick J Volkerding
821b8a94bf Wed Aug 17 20:41:53 UTC 2022
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix use after free, out-of-bounds read, and heap based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
2022-08-18 13:30:02 +02:00
Patrick J Volkerding
834b3a5fc2 Tue Aug 16 18:51:34 UTC 2022
patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084
  (* Security fix *)
2022-08-17 13:30:28 +02:00
Patrick J Volkerding
cffeb680aa Mon Aug 15 20:23:47 UTC 2022
patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz:  Upgraded.
  Added some file-list safety checking that helps to ensure that a rogue
  sending rsync can't add unrequested top-level names and/or include recursive
  names that should have been excluded by the sender. These extra safety
  checks only require the receiver rsync to be updated. When dealing with an
  untrusted sending host, it is safest to copy into a dedicated destination
  directory for the remote content (i.e. don't copy into a destination
  directory that contains files that aren't from the remote host unless you
  trust the remote host).
  For more information, see:
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
  (* Security fix *)
2022-08-16 13:30:28 +02:00
Patrick J Volkerding
24a4907817 Sat Aug 13 19:12:40 UTC 2022
patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-08-14 13:30:29 +02:00
Patrick J Volkerding
5dd1410e22 Tue Aug 9 19:25:22 UTC 2022
patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix update.
  Applied an upstream patch to restore the handling of CRC inputs to be the
  same as in previous releases of zlib. This fixes an issue with OpenJDK.
  Thanks to alienBOB.
2022-08-10 13:30:27 +02:00
Patrick J Volkerding
e8686ed7fd Fri Jul 29 19:59:03 UTC 2022
patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz:  Upgraded.
  libgnutls: Fixed double free during verification of pkcs7 signatures.
  Reported by Jaak Ristioja.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
  (* Security fix *)
2022-07-30 13:30:32 +02:00
Patrick J Volkerding
0648599e6d Thu Jul 28 23:48:36 UTC 2022
patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12
  (* Security fix *)
2022-07-29 13:31:04 +02:00
Patrick J Volkerding
ad19766c1e Wed Jul 27 19:17:38 UTC 2022
patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  Samba AD users can bypass certain restrictions associated with changing
  passwords.
  Samba AD users can forge password change requests for any user.
  Samba AD users can crash the server process with an LDAP add or modify
  request.
  Samba AD users can induce a use-after-free in the server process with an
  LDAP add or modify request.
  Server memory information leak via SMB1.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2031.html
    https://www.samba.org/samba/security/CVE-2022-32744.html
    https://www.samba.org/samba/security/CVE-2022-32745.html
    https://www.samba.org/samba/security/CVE-2022-32746.html
    https://www.samba.org/samba/security/CVE-2022-32742.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
  (* Security fix *)
2022-07-28 13:30:29 +02:00
Patrick J Volkerding
bfbbd63f28 Mon Jul 25 20:53:49 UTC 2022
patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/
  (* Security fix *)
patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92,
  Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14.
  Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
  possibly other programs) might have trouble linking with it since it's not
  in the LD_LIBRARY_PATH. Thanks to oneforall.
2022-07-26 13:30:29 +02:00
Patrick J Volkerding
7e93037632 Thu Jul 21 18:13:18 UTC 2022
patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause
  an out-of-bounds memory access.
  A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL
  pointer dereference.
  Improper Input Validation when SETing malformed OIDs in master agent and
  subagent simultaneously.
  A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable
  can cause an out-of-bounds memory access.
  A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a
  NULL pointer dereference.
  A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer
  dereference.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
  (* Security fix *)
2022-07-22 13:30:29 +02:00
Patrick J Volkerding
83e918a979 Wed Jul 13 19:56:59 UTC 2022
patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
  xkb: switch to array index loops to moving pointers.
  xkb: add request length validation for XkbSetGeometry.
  xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz:  Rebuilt.
2022-07-14 13:30:35 +02:00
Patrick J Volkerding
86cbc47746 Mon Jul 11 19:22:52 UTC 2022
patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.13
  (* Security fix *)
2022-07-12 13:30:28 +02:00
Patrick J Volkerding
5cd37beaa8 Sun Jul 10 18:49:34 UTC 2022
patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz:  Upgraded.
  WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially
  crafted DSD file causes an out-of-bounds read exception.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269
  (* Security fix *)
2022-07-11 13:30:28 +02:00
Patrick J Volkerding
9edcc6c242 Thu Jul 7 23:03:01 UTC 2022
patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz:  Upgraded.
  g10: Fix possibly garbled status messages in NOTATION_DATA.  This bug could
  trick GPGME and other parsers to accept faked status lines.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
  (* Security fix *)
extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627
  (* Security fix *)
2022-07-08 13:30:29 +02:00
Patrick J Volkerding
4338767300 Tue Jul 5 20:17:00 UTC 2022
patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Heap memory corruption with RSA private key operation.
  AES OCB fails to encrypt some bytes.
  For more information, see:
    https://www.openssl.org/news/secadv/20220705.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz:  Upgraded.
2022-07-06 13:30:42 +02:00
Patrick J Volkerding
d01c4c7b84 Fri Jul 1 01:23:50 UTC 2022
patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
2022-07-01 13:30:27 +02:00
Patrick J Volkerding
7a6788c35a Tue Jun 28 19:16:08 UTC 2022
patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Set-Cookie denial of service.
  HTTP compression denial of service.
  Unpreserved file permissions.
  FTP-KRB bad message verification.
  For more information, see:
    https://curl.se/docs/CVE-2022-32205.html
    https://curl.se/docs/CVE-2022-32206.html
    https://curl.se/docs/CVE-2022-32207.html
    https://curl.se/docs/CVE-2022-32208.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
  (* Security fix *)
patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-25/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484
  (* Security fix *)
2022-06-29 13:30:31 +02:00
Patrick J Volkerding
40bf9bf864 Thu Jun 23 05:30:51 UTC 2022
patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
  In addition to the c_rehash shell command injection identified in
  CVE-2022-1292, further circumstances where the c_rehash script does not
  properly sanitise shell metacharacters to prevent command injection were
  found by code review.
  When the CVE-2022-1292 was fixed it was not discovered that there
  are other places in the script where the file names of certificates
  being hashed were possibly passed to a command executed through the shell.
  For more information, see:
    https://www.openssl.org/news/secadv/20220621.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
2022-06-24 01:30:06 +02:00
Patrick J Volkerding
7809bcc762 Mon Jun 13 21:02:58 UTC 2022
patches/packages/php-7.4.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  mysqlnd/pdo password buffer overflow.
  Uninitialized array in pg_query_params().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
  (* Security fix *)
2022-06-14 13:30:26 +02:00
Patrick J Volkerding
348dffe043 Wed Jun 8 19:15:34 UTC 2022
patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
  Information Disclosure in mod_lua with websockets.
  mod_sed denial of service.
  Denial of service in mod_lua r:parsebody.
  Read beyond bounds in ap_strcmp_match().
  Read beyond bounds via ap_rwrite().
  Read beyond bounds in mod_isapi.
  mod_proxy_ajp: Possible request smuggling.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.54
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
  (* Security fix *)
2022-06-09 13:30:28 +02:00
Patrick J Volkerding
b9f4e8dc0e Sat Jun 4 18:43:17 UTC 2022
patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://www.pidgin.im/posts/2022-06-2.14.10-released/
  (* Security fix *)
2022-06-05 13:30:26 +02:00
Patrick J Volkerding
a9dc1aa8fa Thu Jun 2 19:42:06 UTC 2022
patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
  (* Security fix *)
2022-06-03 13:30:29 +02:00
Patrick J Volkerding
f6bd13c472 Wed Jun 1 00:49:45 UTC 2022
patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-21/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
  (* Security fix *)
2022-06-01 13:30:20 +02:00
Patrick J Volkerding
81f2355530 Thu May 26 18:27:32 UTC 2022
patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed certificate strings comparison for Local authorization.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691
  (* Security fix *)
2022-05-27 13:30:00 +02:00
Patrick J Volkerding
590bfd3df8 Sat May 21 19:30:02 UTC 2022
patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458
  (* Security fix *)
2022-05-22 13:30:03 +02:00
Patrick J Volkerding
e9f027ce23 Sat May 21 01:35:40 UTC 2022
patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-19/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
  (* Security fix *)
patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-19/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
  (* Security fix *)
2022-05-21 13:30:05 +02:00
Patrick J Volkerding
341dffdb1a Thu May 19 23:07:59 UTC 2022
patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream
  socket object deletion.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183
  (* Security fix *)
2022-05-20 13:30:01 +02:00
Patrick J Volkerding
96bf53e55d Wed May 11 19:01:59 UTC 2022
patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HSTS bypass via trailing dot.
  TLS and SSH connection too eager reuse.
  CERTINFO never-ending busy-loop.
  percent-encoded path separator in URL host.
  cookie for trailing dot TLD.
  curl removes wrong file on error.
  For more information, see:
    https://curl.se/docs/CVE-2022-30115.html
    https://curl.se/docs/CVE-2022-27782.html
    https://curl.se/docs/CVE-2022-27781.html
    https://curl.se/docs/CVE-2022-27780.html
    https://curl.se/docs/CVE-2022-27779.html
    https://curl.se/docs/CVE-2022-27778.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778
  (* Security fix *)
2022-05-12 13:29:51 +02:00
Patrick J Volkerding
3c08cf6792 Mon May 9 21:33:25 UTC 2022
patches/packages/linux-5.15.38/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.27:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494
    Fixed in 5.15.28:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042
    Fixed in 5.15.29:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
    Fixed in 5.15.32:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356
    Fixed in 5.15.33:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516
    Fixed in 5.15.34:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582
    Fixed in 5.15.35:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
    Fixed in 5.15.37:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222
  (* Security fix *)
2022-05-10 13:30:03 +02:00
Patrick J Volkerding
2971d84285 Wed May 4 21:24:57 UTC 2022
patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/
  (* Security fix *)
patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a bug in the c_rehash script which was not properly sanitising shell
  metacharacters to prevent command injection.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.12
  (* Security fix *)
2022-05-05 13:30:04 +02:00
Patrick J Volkerding
d88c750381 Mon May 2 20:02:49 UTC 2022
patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  Fix integer overflow in xmlBuf and xmlBuffer.
  Fix potential double-free in xmlXPtrStringRangeFunction.
  Fix memory leak in xmlFindCharEncodingHandler.
  Normalize XPath strings in-place.
  Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
  Fix leak of xmlElementContent.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
  (* Security fix *)
patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/
patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.samba.org/samba/history/samba-4.15.7.html
2022-05-03 13:29:53 +02:00
Patrick J Volkerding
7d2523ede3 Sat Apr 30 21:18:47 UTC 2022
patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz:  Upgraded.
  Mitigate the potential for a man in the middle attack via DNS spoofing by
  removing the code that supported the _xmppconnect DNS TXT record.
  For more information, see:
    https://www.pidgin.im/about/security/advisories/cve-2022-26491/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491
  (* Security fix *)
2022-05-01 13:30:01 +02:00
Patrick J Volkerding
cf5d757506 Wed Apr 27 21:43:51 UTC 2022
patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  OAUTH2 bearer bypass in connection re-use.
  Credential leak on redirect.
  Bad local IPv6 connection reuse.
  Auth/cookie leak on redirect.
  For more information, see:
    https://curl.se/docs/CVE-2022-22576.html
    https://curl.se/docs/CVE-2022-27774.html
    https://curl.se/docs/CVE-2022-27775.html
    https://curl.se/docs/CVE-2022-27776.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
  (* Security fix *)
2022-04-28 13:29:49 +02:00
Patrick J Volkerding
dfafa37940 Mon Apr 25 20:55:17 UTC 2022
patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update is a security and maintenance release.
  For more information, see:
    https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog
  (* Security fix *)
2022-04-26 13:30:04 +02:00
Patrick J Volkerding
a08f3ec912 Thu Apr 21 19:11:10 UTC 2022
patches/packages/mozilla-thunderbird-91.8.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/
2022-04-22 13:29:59 +02:00
Patrick J Volkerding
9e2efe650c Thu Apr 14 21:14:21 UTC 2022
patches/packages/git-2.35.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue where a Git worktree created by another
  user might be able to execute arbitrary code.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
  (* Security fix *)
patches/packages/gzip-1.12-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  zgrep applied to a crafted file name with two or more newlines can no
  longer overwrite an arbitrary, attacker-selected file.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
  (* Security fix *)
patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  xzgrep applied to a crafted file name with two or more newlines can no
  longer overwrite an arbitrary, attacker-selected file.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
  (* Security fix *)
2022-04-15 13:29:52 +02:00
Patrick J Volkerding
799fadd352 Wed Apr 13 20:51:01 UTC 2022
patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Double free in Regexp compilation.
  Buffer overrun in String-to-Float conversion.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
  (* Security fix *)
2022-04-14 13:30:03 +02:00
Patrick J Volkerding
c0c70f97c2 Tue Apr 12 21:56:14 UTC 2022
patches/packages/whois-5.5.13-x86_64-1_slack15.0.txz:  Upgraded.
  This update adds the .sd TLD server, updates the list of new gTLDs, and adds
  a Turkish translation.
2022-04-13 13:29:47 +02:00
Patrick J Volkerding
c023bce19a Fri Apr 8 20:03:36 UTC 2022
patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix and security release.
  Security fixes:
    7zip reader: fix PPMD read beyond boundary.
    ZIP reader: fix possible out of bounds read.
    ISO reader: fix possible heap buffer overflow in read_children().
    RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in
    libarchive 3.6.0).
    Fix heap use after free in archive_read_format_rar_read_data().
    Fix null dereference in read_data_compressed().
    Fix heap user after free in run_filters().
  (* Security fix *)
2022-04-09 13:29:59 +02:00
Patrick J Volkerding
d9ca4d1a16 Wed Apr 6 20:23:46 UTC 2022
patches/packages/mozilla-thunderbird-91.8.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
  (* Security fix *)
2022-04-07 13:29:46 +02:00
Patrick J Volkerding
a32f923a16 Tue Apr 5 19:16:30 UTC 2022
patches/packages/mozilla-firefox-91.8.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
  (* Security fix *)
2022-04-06 13:29:41 +02:00
Patrick J Volkerding
f37bd9fb49 Sun Apr 3 19:57:16 UTC 2022
patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2022-04-04 13:29:59 +02:00
Patrick J Volkerding
287bf2688a Wed Mar 30 22:37:05 UTC 2022
patches/packages/vim-8.2.4649-x86_64-1_slack15.0.txz:  Upgraded.
  Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646.
  This vulnerability is capable of crashing software, bypassing protection
  mechanisms, modifying memory, and possibly execution of arbitrary code.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
    https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
    b55986c52d
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-1_slack15.0.txz:  Upgraded.
2022-03-31 13:29:48 +02:00
Patrick J Volkerding
64d851e17a Mon Mar 28 19:33:46 UTC 2022
patches/packages/whois-5.5.12-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release. Thanks to Nobby6.
patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes memory corruption when deflating (i.e., when compressing)
  if the input has many distant matches. Thanks to marav.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
  (* Security fix *)
2022-03-29 13:29:47 +02:00
Patrick J Volkerding
54997ae6c7 Fri Mar 25 19:18:41 UTC 2022
patches/packages/seamonkey-2.53.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.11.1
  (* Security fix *)
2022-03-26 13:30:02 +01:00
Patrick J Volkerding
545dfeeec3 Thu Mar 24 20:59:09 UTC 2022
patches/packages/python3-3.9.12-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://pythoninsider.blogspot.com/2022/03/python-3104-and-3912-are-now-available.html
usb-and-pxe-installers/usbimg2disk.sh:  Upgraded.
  Calculate the space requirement by checking the size of the packages in the
  Slackware directory tree.
2022-03-25 13:29:47 +01:00
Patrick J Volkerding
29c65b6804 Mon Mar 21 20:24:16 UTC 2022
patches/packages/bind-9.16.27-x86_64-1_slack15.0.txz:  Upgraded.
  Sorry folks, I had not meant to bump BIND to the newer branch. I've moved
  the other packages into /testing. Thanks to Nobby6 for pointing this out.
  This update fixes bugs and the following security issues:
  A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
  to be called recursively, which in turn left TCP connections hanging in the
  CLOSE_WAIT state blocking indefinitely when out-of-order processing was
  disabled.
  The rules for acceptance of records into the cache have been tightened to
  prevent the possibility of poisoning if forwarders send records outside
  the configured bailiwick.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
  (* Security fix *)
testing/packages/bind-9.18.1-x86_64-1_slack15.0.txz:  Moved.
2022-03-22 13:30:01 +01:00
Patrick J Volkerding
8e056e9406 Sat Mar 19 20:28:16 UTC 2022
patches/packages/glibc-zoneinfo-2022a-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
2022-03-20 13:29:57 +01:00