slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-26 09:58:59 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	653fd727bd	Tue Dec 12 19:54:42 UTC 2023 patches/packages/mozilla-thunderbird-115.5.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.2/releasenotes/	2023-12-13 13:30:44 +01:00
Patrick J Volkerding	e20d844068	Sun Dec 10 01:12:17 UTC 2023 patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz: Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *)	2023-12-10 13:30:41 +01:00
Patrick J Volkerding	d62d64ff5c	Wed Dec 6 20:29:23 UTC 2023 patches/packages/rdfind-1.6.0-x86_64-1_slack15.0.txz: Upgraded. Redundant data finder utility, needed to build the kernel-firmware package.	2023-12-07 13:30:45 +01:00
Patrick J Volkerding	759a12e5e6	Thu Nov 30 21:21:55 UTC 2023 patches/packages/samba-4.18.9-x86_64-1_slack15.0.txz: Upgraded. This is a security release in order to address the following defect: An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Upgrading to this package will not prevent this information leak - if you are using Samba as an Active Directory Domain Controller, you will need to follow the instructions in the samba.org link given below. For more information, see: https://www.samba.org/samba/security/CVE-2018-14628.html https://www.cve.org/CVERecord?id=CVE-2018-14628 (* Security fix *)	2023-12-01 13:30:38 +01:00
Patrick J Volkerding	65dd125008	Tue Nov 28 22:13:48 UTC 2023 patches/packages/mozilla-thunderbird-115.5.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.1/releasenotes/	2023-11-29 13:30:42 +01:00
Patrick J Volkerding	37e07224c1	Fri Nov 24 20:52:02 UTC 2023 patches/packages/vim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded. Fixed security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48231 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://www.cve.org/CVERecord?id=CVE-2023-48237 (* Security fix *) patches/packages/vim-gvim-9.0.2127-x86_64-1_slack15.0.txz: Upgraded.	2023-11-25 13:30:42 +01:00
Patrick J Volkerding	48f20efbe7	Wed Nov 22 19:26:09 UTC 2023 patches/packages/mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 (* Security fix *)	2023-11-23 13:30:33 +01:00
Patrick J Volkerding	151fc86d25	Tue Nov 21 21:15:30 UTC 2023 patches/packages/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded. Updated to the latest kernel firmware. patches/packages/linux-5.15.139/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.116: https://www.cve.org/CVERecord?id=CVE-2023-35788 https://www.cve.org/CVERecord?id=CVE-2022-45887 https://www.cve.org/CVERecord?id=CVE-2022-45886 https://www.cve.org/CVERecord?id=CVE-2023-3212 https://www.cve.org/CVERecord?id=CVE-2022-45919 Fixed in 5.15.117: https://www.cve.org/CVERecord?id=CVE-2023-2124 https://www.cve.org/CVERecord?id=CVE-2023-34255 Fixed in 5.15.118: https://www.cve.org/CVERecord?id=CVE-2023-3609 https://www.cve.org/CVERecord?id=CVE-2023-3117 https://www.cve.org/CVERecord?id=CVE-2023-3390 https://www.cve.org/CVERecord?id=CVE-2023-3338 Fixed in 5.15.119: https://www.cve.org/CVERecord?id=CVE-2023-3610 Fixed in 5.15.121: https://www.cve.org/CVERecord?id=CVE-2023-31248 https://www.cve.org/CVERecord?id=CVE-2023-38432 https://www.cve.org/CVERecord?id=CVE-2023-3866 https://www.cve.org/CVERecord?id=CVE-2023-2898 https://www.cve.org/CVERecord?id=CVE-2023-44466 https://www.cve.org/CVERecord?id=CVE-2023-4132 https://www.cve.org/CVERecord?id=CVE-2023-3611 https://www.cve.org/CVERecord?id=CVE-2022-48502 https://www.cve.org/CVERecord?id=CVE-2023-3865 https://www.cve.org/CVERecord?id=CVE-2023-35001 https://www.cve.org/CVERecord?id=CVE-2023-3776 https://www.cve.org/CVERecord?id=CVE-2023-3863 Fixed in 5.15.122: https://www.cve.org/CVERecord?id=CVE-2023-20593 Fixed in 5.15.123: https://www.cve.org/CVERecord?id=CVE-2023-3777 https://www.cve.org/CVERecord?id=CVE-2023-4004 Fixed in 5.15.124: https://www.cve.org/CVERecord?id=CVE-2023-4015 https://www.cve.org/CVERecord?id=CVE-2023-4147 https://www.cve.org/CVERecord?id=CVE-2023-1206 Fixed in 5.15.125: https://www.cve.org/CVERecord?id=CVE-2022-40982 https://www.cve.org/CVERecord?id=CVE-2023-20569 Fixed in 5.15.126: https://www.cve.org/CVERecord?id=CVE-2023-20588 https://www.cve.org/CVERecord?id=CVE-2023-4128 https://www.cve.org/CVERecord?id=CVE-2023-4208 https://www.cve.org/CVERecord?id=CVE-2023-4206 https://www.cve.org/CVERecord?id=CVE-2023-4207 https://www.cve.org/CVERecord?id=CVE-2023-40283 Fixed in 5.15.128: https://www.cve.org/CVERecord?id=CVE-2023-4569 https://www.cve.org/CVERecord?id=CVE-2023-39194 https://www.cve.org/CVERecord?id=CVE-2023-4273 https://www.cve.org/CVERecord?id=CVE-2023-3772 Fixed in 5.15.132: https://www.cve.org/CVERecord?id=CVE-2023-4921 https://www.cve.org/CVERecord?id=CVE-2023-4623 https://www.cve.org/CVERecord?id=CVE-2023-42753 https://www.cve.org/CVERecord?id=CVE-2023-42752 https://www.cve.org/CVERecord?id=CVE-2023-39189 https://www.cve.org/CVERecord?id=CVE-2023-4881 https://www.cve.org/CVERecord?id=CVE-2023-45871 https://www.cve.org/CVERecord?id=CVE-2023-39193 https://www.cve.org/CVERecord?id=CVE-2023-39192 Fixed in 5.15.133: https://www.cve.org/CVERecord?id=CVE-2023-42755 Fixed in 5.15.134: https://www.cve.org/CVERecord?id=CVE-2023-42754 https://www.cve.org/CVERecord?id=CVE-2023-4563 https://www.cve.org/CVERecord?id=CVE-2023-4244 https://www.cve.org/CVERecord?id=CVE-2023-5197 Fixed in 5.15.135: https://www.cve.org/CVERecord?id=CVE-2023-34324 https://www.cve.org/CVERecord?id=CVE-2023-31085 https://www.cve.org/CVERecord?id=CVE-2023-5158 Fixed in 5.15.136: https://www.cve.org/CVERecord?id=CVE-2023-35827 Fixed in 5.15.137: https://www.cve.org/CVERecord?id=CVE-2023-46813 https://www.cve.org/CVERecord?id=CVE-2023-5717 https://www.cve.org/CVERecord?id=CVE-2023-5178 ( Security fix ) patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. Thanks to zuriel for the taskbar icon fix on Wayland. :-) For more information, see: https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-50/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 ( Security fix *)	2023-11-22 13:30:37 +01:00
Patrick J Volkerding	4989eb7599	Sat Nov 18 19:26:33 UTC 2023 patches/packages/ca-certificates-20231117-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2023-11-19 13:30:32 +01:00
Patrick J Volkerding	65d9c1e075	Thu Nov 16 20:51:47 UTC 2023 patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release, needed by the GIMP upgrade. patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz: Upgraded. This release fixes security issues: If a user loads a malicious DDS, PSD, or PSP file, this could result in a program crash or possibly the execution of arbitrary code. Please note that this package also requires the updated gegl package. Thanks to henca for the heads-up. For more information, see: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/ https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ https://www.zerodayinitiative.com/advisories/ZDI-23-1592/ https://www.zerodayinitiative.com/advisories/ZDI-23-1593/ https://www.zerodayinitiative.com/advisories/ZDI-23-1594/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444 (* Security fix *)	2023-11-17 13:30:41 +01:00
Patrick J Volkerding	2aa4bf659d	Wed Nov 15 22:01:26 UTC 2023 patches/packages/mozilla-thunderbird-115.4.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.3/releasenotes/	2023-11-16 13:39:48 +01:00
Patrick J Volkerding	808e02a014	Tue Nov 14 21:22:47 UTC 2023 patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084 (* Security fix *)	2023-11-15 13:30:44 +01:00
Patrick J Volkerding	3dc2470097	Mon Nov 13 19:20:40 UTC 2023 extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-3550 https://www.cve.org/CVERecord?id=CVE-2022-3551 https://www.cve.org/CVERecord?id=CVE-2022-3553 https://www.cve.org/CVERecord?id=CVE-2022-4283 https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2023-0494 https://www.cve.org/CVERecord?id=CVE-2023-1393 https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix *)	2023-11-14 13:30:39 +01:00
Patrick J Volkerding	048a0f1ff7	Fri Nov 10 18:46:44 UTC 2023 patches/packages/whois-5.5.20-x86_64-1_slack15.0.txz: Upgraded. Added the .gn TLD server. Removed 6 new gTLDs which are no longer active.	2023-11-11 13:30:40 +01:00
Patrick J Volkerding	4f54aa8e51	Wed Nov 8 22:04:25 UTC 2023 patches/packages/mozilla-thunderbird-115.4.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/ patches/packages/sudo-1.9.15p1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release: Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers from being able to read the ldap.conf file.	2023-11-09 13:30:50 +01:00
Patrick J Volkerding	206ee03fe7	Tue Nov 7 19:57:12 UTC 2023 patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *)	2023-11-08 13:30:36 +01:00
Patrick J Volkerding	6142170248	Tue Oct 31 18:49:18 UTC 2023 extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.25	2023-11-01 13:30:19 +01:00
Patrick J Volkerding	61c8c898a8	Thu Oct 26 19:55:16 UTC 2023 patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix ) patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. This update fixes security issues: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. Use-after-free bug in DestroyWindow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 ( Security fix ) patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz: Rebuilt. This update fixes a security issue: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://www.cve.org/CVERecord?id=CVE-2023-5367 ( Security fix *)	2023-10-27 13:30:41 +02:00
Patrick J Volkerding	6f3fcdc1d3	Tue Oct 24 22:26:20 UTC 2023 patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-46/ https://www.cve.org/CVERecord?id=CVE-2023-5721 https://www.cve.org/CVERecord?id=CVE-2023-5732 https://www.cve.org/CVERecord?id=CVE-2023-5724 https://www.cve.org/CVERecord?id=CVE-2023-5725 https://www.cve.org/CVERecord?id=CVE-2023-5726 https://www.cve.org/CVERecord?id=CVE-2023-5727 https://www.cve.org/CVERecord?id=CVE-2023-5728 https://www.cve.org/CVERecord?id=CVE-2023-5730 (* Security fix ) patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.4.0/releasenotes/ patches/packages/vim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free security issue. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-5535 ( Security fix *) patches/packages/vim-gvim-9.0.2063-x86_64-1_slack15.0.txz: Upgraded.	2023-10-25 13:30:39 +02:00
Patrick J Volkerding	fabd0327d1	Sun Oct 22 19:30:42 UTC 2023 patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz: Rebuilt. This update fixes security issues: A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream:: gets(char, int), which could lead to privilege escalation or application crash. A heap-buffer-overflow was found in raw2image_ex(int), which may lead to application crash by maliciously crafted input file. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-32142 https://www.cve.org/CVERecord?id=CVE-2023-1729 ( Security fix *)	2023-10-23 13:30:40 +02:00
Patrick J Volkerding	6f8267e616	Thu Oct 19 19:14:05 UTC 2023 patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST. low: mod_macro buffer over-read. low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.58 https://www.cve.org/CVERecord?id=CVE-2023-45802 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://www.cve.org/CVERecord?id=CVE-2023-43622 (* Security fix *) patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/	2023-10-20 13:30:46 +02:00
Patrick J Volkerding	4940fc9a42	Tue Oct 17 19:34:56 UTC 2023 patches/packages/util-linux-2.37.4-x86_64-2_slack15.0.txz: Rebuilt. Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's '-h' option, used (for example) by telnetd. If -h is used without /etc/pam.d/remote, pam will not be configured properly, and /etc/securetty will be ignored, possibly allowing root to login from a tty that is not considered secure. Of course, the usual disclaimers about the security of telnet/telnetd apply. Thanks to HytronBG and Petri Kaukasoina. (* Security fix *)	2023-10-18 13:30:40 +02:00
Patrick J Volkerding	8587721dc4	Wed Oct 11 22:22:40 UTC 2023 patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash bug (a crafted file defining width of zero leads to divide by zero and a crash). Seems to be merely a bug rather than a security issue, but I'd been meaning to get beta20 building so this was a good excuse. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-0856 (* Security fix *)	2023-10-12 13:30:43 +02:00
Patrick J Volkerding	3923d6b15d	Tue Oct 10 19:27:56 UTC 2023 patches/packages/libcue-2.2.1-x86_64-4_slack15.0.txz: Rebuilt. Fixed a bug which could allow memory corruption resulting in arbitrary code execution. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-43641 (* Security fix ) patches/packages/libnotify-0.8.3-x86_64-1_slack15.0.txz: Upgraded. This release contains a critical stability/minor security update which affects Electron applications that utilize Portal notifications (eg, through Flatpak). It is highly recommended that all users of libnotify 0.8.x update to this release. ( Security fix *)	2023-10-11 13:30:18 +02:00
Patrick J Volkerding	8e8992f064	Mon Oct 9 18:10:01 UTC 2023 patches/packages/wayland-1.22.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/whois-5.5.19-x86_64-1_slack15.0.txz: Upgraded. Fixed english support for Japanese queries to not add again the /e argument if it had already been provided by the user. (Closes: #1050171) Added the .ye and .************* (.xn--54b7fta0cc, Bangladesh) TLD servers. Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy, .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .**** (.xn--mix891f, Macao) TLD servers. Upgraded the TLD URLs to HTTPS whenever possible. Updated the charset for whois.jprs.jp. Removed 3 new gTLDs which are no longer active. Removed support for the obsolete as32 dot notation.	2023-10-10 13:30:39 +02:00
Patrick J Volkerding	6f6a8c672a	Fri Oct 6 21:28:34 UTC 2023 patches/packages/netatalk-3.1.18-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Harden create_appledesktop_folder(). For more information, see: https://netatalk.sourceforge.io/CVE-2022-22995.php https://www.cve.org/CVERecord?id=CVE-2022-22995 (* Security fix *)	2023-10-07 13:30:36 +02:00
Patrick J Volkerding	2e4c4aae36	Tue Oct 3 22:19:10 UTC 2023 patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: libX11: out-of-bounds memory access in _XkbReadKeySyms(). libX11: stack exhaustion from infinite recursion in PutSubImage(). libX11: integer overflow in XCreateImage() leading to a heap overflow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43785 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://www.cve.org/CVERecord?id=CVE-2023-43787 (* Security fix ) patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer(). libXpm: out of bounds read on XPM with corrupted colormap. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43788 https://www.cve.org/CVERecord?id=CVE-2023-43789 ( Security fix *)	2023-10-04 13:30:38 +02:00
Patrick J Volkerding	fa0445dbfe	Sat Sep 30 21:33:49 UTC 2023 patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains two security related fixes -- one each for VP8 and VP9. For more information, see: https://crbug.com/1486441 https://www.cve.org/CVERecord?id=CVE-2023-5217 (* Security fix ) patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz: Upgraded. This release contains a security fix for a critical heap buffer overflow in the libvpx VP8 encoder. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ https://www.cve.org/CVERecord?id=CVE-2023-5217 ( Security fix *)	2023-10-01 13:30:39 +02:00
Patrick J Volkerding	c0d3f6fb28	Thu Sep 28 21:37:06 UTC 2023 extra/php81/php81-8.1.24-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.24 patches/packages/mozilla-firefox-115.3.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains a security fix. For more information, see: https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ https://www.cve.org/CVERecord?id=CVE-2023-5217 (* Security fix *)	2023-09-29 13:39:40 +02:00
Patrick J Volkerding	1690d47026	Wed Sep 27 23:51:07 UTC 2023 patches/packages/mozilla-thunderbird-115.3.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/	2023-09-28 13:39:40 +02:00
Patrick J Volkerding	766af50fb1	Tue Sep 26 19:30:21 UTC 2023 patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/mozilla-firefox-115.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/ https://www.cve.org/CVERecord?id=CVE-2023-5168 https://www.cve.org/CVERecord?id=CVE-2023-5169 https://www.cve.org/CVERecord?id=CVE-2023-5171 https://www.cve.org/CVERecord?id=CVE-2023-5174 https://www.cve.org/CVERecord?id=CVE-2023-5176 (* Security fix *)	2023-09-27 13:30:41 +02:00
Patrick J Volkerding	9615afc308	Thu Sep 21 19:32:42 UTC 2023 patches/packages/bind-9.16.44-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Limit the amount of recursion that can be performed by isccc_cc_fromwire. For more information, see: https://kb.isc.org/docs/cve-2023-3341 https://www.cve.org/CVERecord?id=CVE-2023-3341 (* Security fix ) patches/packages/cups-2.4.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fixed Heap-based buffer overflow when reading Postscript in PPD files. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4504 ( Security fix ) patches/packages/mozilla-thunderbird-115.2.3-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/ patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.17.1 https://www.cve.org/CVERecord?id=CVE-2023-4863 ( Security fix ) testing/packages/bind-9.18.19-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Limit the amount of recursion that can be performed by isccc_cc_fromwire. Fix use-after-free error in TLS DNS code when sending data. For more information, see: https://kb.isc.org/docs/cve-2023-3341 https://www.cve.org/CVERecord?id=CVE-2023-3341 https://kb.isc.org/docs/cve-2023-4236 https://www.cve.org/CVERecord?id=CVE-2023-4236 ( Security fix *)	2023-09-22 13:30:41 +02:00
Patrick J Volkerding	b0fcf677c3	Mon Sep 18 18:40:04 UTC 2023 patches/packages/netatalk-3.1.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Validate data type in dalloc_value_for_key(). This flaw could allow a malicious actor to cause Netatalk's afpd daemon to crash, or possibly to execute arbitrary code. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42464 (* Security fix *)	2023-09-19 13:30:40 +02:00
Patrick J Volkerding	5672ded1ee	Fri Sep 15 19:48:39 UTC 2023 patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-40217 (* Security fix *)	2023-09-16 13:39:10 +02:00
Patrick J Volkerding	41dd70fad9	Thu Sep 14 21:10:50 UTC 2023 patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz: Upgraded. Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4863 (* Security fix *)	2023-09-15 13:30:41 +02:00
Patrick J Volkerding	1c8e67398a	Wed Sep 13 01:32:01 UTC 2023 patches/packages/mozilla-firefox-115.2.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/ (* Security fix *) patches/packages/mozilla-thunderbird-115.2.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.2.1/releasenotes/	2023-09-13 13:30:41 +02:00
Patrick J Volkerding	466ae7e51f	Mon Sep 11 20:19:30 UTC 2023 patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue that does not affect Linux: Fix POLY1305 MAC implementation corrupting XMM registers on Windows. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4807 patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz: Upgraded. patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded. Fixed three use-after-free security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4733 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://www.cve.org/CVERecord?id=CVE-2023-4750 (* Security fix ) patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz: Upgraded. Fixed three use-after-free security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-4733 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://www.cve.org/CVERecord?id=CVE-2023-4750 ( Security fix *)	2023-09-12 13:39:43 +02:00
Patrick J Volkerding	38f09f634f	Sun Sep 3 19:37:21 UTC 2023 patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz: Rebuilt. Fix crash on startup. Thanks to Lockywolf and ponce.	2023-09-04 13:30:46 +02:00
Patrick J Volkerding	43cd17b912	Fri Sep 1 20:16:14 UTC 2023 extra/php81/php81-8.1.23-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.23	2023-09-02 13:30:37 +02:00
Patrick J Volkerding	7089a162f8	Wed Aug 30 21:58:04 UTC 2023 patches/packages/mozilla-firefox-115.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-36/ https://www.cve.org/CVERecord?id=CVE-2023-4573 https://www.cve.org/CVERecord?id=CVE-2023-4574 https://www.cve.org/CVERecord?id=CVE-2023-4575 https://www.cve.org/CVERecord?id=CVE-2023-4576 https://www.cve.org/CVERecord?id=CVE-2023-4577 https://www.cve.org/CVERecord?id=CVE-2023-4051 https://www.cve.org/CVERecord?id=CVE-2023-4578 https://www.cve.org/CVERecord?id=CVE-2023-4053 https://www.cve.org/CVERecord?id=CVE-2023-4580 https://www.cve.org/CVERecord?id=CVE-2023-4581 https://www.cve.org/CVERecord?id=CVE-2023-4582 https://www.cve.org/CVERecord?id=CVE-2023-4583 https://www.cve.org/CVERecord?id=CVE-2023-4584 https://www.cve.org/CVERecord?id=CVE-2023-4585 (* Security fix ) patches/packages/mozilla-thunderbird-115.2.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.2.0/releasenotes/ ( Security fix *)	2023-08-31 13:30:36 +02:00
Patrick J Volkerding	1676c6978a	Wed Aug 16 20:45:00 UTC 2023 patches/packages/mozilla-thunderbird-115.1.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/	2023-08-17 13:30:35 +02:00
Patrick J Volkerding	8db417d304	Mon Aug 14 19:04:41 UTC 2023 patches/packages/mariadb-10.5.22-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://mariadb.com/kb/en/mariadb-10-5-22-changelog/	2023-08-15 13:30:34 +02:00
Patrick J Volkerding	d32f6bcf5a	Mon Aug 7 19:22:02 UTC 2023 extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Security issue with external entity loading in XML without enabling it. Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247 (* Security fix *) patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded. Applied the last patches from Bram Moolenaar. RIP Bram, and thanks for your great work on VIM and your kindness to the orphan children in Uganda. If you'd like to honor Bram with a donation to his charity, please visit: https://iccf-holland.org/ patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz: Upgraded.	2023-08-08 13:30:34 +02:00
Patrick J Volkerding	79e6c8efb8	Fri Aug 4 20:17:36 UTC 2023 extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-3823 (* Security fix ) extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0. pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added. We'll hang onto this just in case. patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/ https://www.cve.org/CVERecord?id=CVE-2023-4045 https://www.cve.org/CVERecord?id=CVE-2023-4046 https://www.cve.org/CVERecord?id=CVE-2023-4047 https://www.cve.org/CVERecord?id=CVE-2023-4048 https://www.cve.org/CVERecord?id=CVE-2023-4049 https://www.cve.org/CVERecord?id=CVE-2023-4050 https://www.cve.org/CVERecord?id=CVE-2023-4052 https://www.cve.org/CVERecord?id=CVE-2023-4054 https://www.cve.org/CVERecord?id=CVE-2023-4055 https://www.cve.org/CVERecord?id=CVE-2023-4056 https://www.cve.org/CVERecord?id=CVE-2023-4057 ( Security fix ) patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/ patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because Windows has made changes that break Samba 4.15.x. The last 4.15.x will be retained in /pasture as a fallback. There may be some required configuration changes with this, but we've kept using MIT Kerberos to try to have the behavior change as little as possible. Upgrade carefully. This update fixes security issues: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. For more information, see: https://www.samba.org/samba/security/CVE-2022-2127.html https://www.samba.org/samba/security/CVE-2023-3347.html https://www.samba.org/samba/security/CVE-2023-34966.html https://www.samba.org/samba/security/CVE-2023-34967.html https://www.samba.org/samba/security/CVE-2023-34968.html https://www.cve.org/CVERecord?id=CVE-2022-2127 https://www.cve.org/CVERecord?id=CVE-2023-3347 https://www.cve.org/CVERecord?id=CVE-2023-34966 https://www.cve.org/CVERecord?id=CVE-2023-34967 https://www.cve.org/CVERecord?id=CVE-2023-34968 ( Security fix *)	2023-08-05 13:30:38 +02:00
Patrick J Volkerding	af3a1b13c3	Tue Aug 1 19:50:53 UTC 2023 patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix excessive time spent checking DH q parameter value. Fix DH_check() excessive time with over sized modulus. For more information, see: https://www.openssl.org/news/secadv/20230731.txt https://www.openssl.org/news/secadv/20230719.txt https://www.cve.org/CVERecord?id=CVE-2023-3817 https://www.cve.org/CVERecord?id=CVE-2023-3446 (* Security fix *) patches/packages/openssl-solibs-1.1.1v-x86_64-1_slack15.0.txz: Upgraded.	2023-08-02 13:30:35 +02:00
Patrick J Volkerding	b64d3ecbf3	Mon Jul 31 21:52:46 UTC 2023 patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ https://www.cve.org/CVERecord?id=CVE-2023-3417 (* Security fix ) patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.17 ( Security fix *)	2023-08-01 13:30:32 +02:00
Patrick J Volkerding	b15eb44ef7	Wed Jul 26 19:26:39 UTC 2023 patches/packages/curl-8.2.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/mozilla-firefox-115.0.3esr-x86_64-1_slack15.0.txz: Added. This seems good to go, but a little testing won't hurt. testing/packages/mozilla-thunderbird-115.0.1-x86_64-1_slack15.0.txz: Added. Here, like in -current, we're going to wait until upstream deems this ready to trigger the automatic update from earlier versions. testing/packages/rust-1.70.0-x86_64-1_slack15.0.txz: Added. This will replace the package in /extra/rust-for-mozilla/ when the 115.x versions of Firefox and Thunderbird become the main ones in Slackware 15.0.	2023-07-27 13:30:35 +02:00
Patrick J Volkerding	18a15de6ae	Tue Jul 25 19:45:27 UTC 2023 patches/packages/kernel-firmware-20230725_b6ea35f-noarch-1.txz: Upgraded. Restored license files and other documentation. Thanks to drumz.	2023-07-26 13:30:35 +02:00
Patrick J Volkerding	0ac01cde03	Mon Jul 24 22:07:56 UTC 2023 patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded. AMD microcode updated to fix a use-after-free in AMD Zen2 processors. From Tavis Ormandy's annoucement of the issue: "The practical result here is that you can spy on the registers of other processes. No system calls or privileges are required. It works across virtual machines and affects all operating systems. I have written a poc for this issue that's fast enough to reconstruct keys and passwords as users log in." For more information, see: https://seclists.org/oss-sec/2023/q3/59 https://www.cve.org/CVERecord?id=CVE-2023-20593 (* Security fix *)	2023-07-25 13:30:36 +02:00
Patrick J Volkerding	7dde293aa0	Mon Jul 24 00:17:18 UTC 2023 patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz: Upgraded. Updated the .ga TLD server. Added new recovered IPv4 allocations. Removed the delegation of 43.0.0.0/8 to JPNIC. Removed 12 new gTLDs which are no longer active. Improved the man page source, courtesy of Bjarni Ingi Gislason. Added the .edu.za SLD server. Updated the .alt.za SLD server. Added the -ru and -su NIC handles servers.	2023-07-24 13:30:35 +02:00

... 2 3 4 5 6 ...

1466 commits