slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	a96a6a61e4	Sat Oct 1 18:38:27 UTC 2022 patches/packages/glibc-zoneinfo-2022d-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.	2022-10-02 13:30:33 +02:00
Patrick J Volkerding	3087018ea7	Fri Sep 30 17:52:21 UTC 2022 extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 (* Security fix ) extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 ( Security fix ) patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236 ( Security fix ) patches/packages/php-7.4.32-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: phar wrapper: DOS when using quine gzip file. Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629 ( Security fix ) patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.14 ( Security fix ) patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded. Fixed use-after-free and stack-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324 ( Security fix *) patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded.	2022-10-01 13:30:35 +02:00
Patrick J Volkerding	ef823d82ca	Wed Sep 28 18:59:51 UTC 2022 patches/packages/xorg-server-xwayland-21.1.4-x86_64-2_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. I hadn't realized that the xorg-server patches were needed (or applied cleanly) to Xwayland. Thanks to LuckyCyborg for the kind reminder. :-) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *)	2022-09-29 13:30:05 +02:00
Patrick J Volkerding	0ab769ac69	Mon Sep 26 19:43:54 UTC 2022 patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz: Upgraded. Fix write-after-free error in DHCPv6 server code. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 (* Security fix ) patches/packages/vim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded. Fixed stack-based buffer overflow. Thanks to marav for the heads-up. In addition, Mig21 pointed out an issue where the defaults.vim file might need to be edited for some purposes as its contents will override the settings in the system-wide vimrc. Usually this file is replaced whenever vim is upgraded, which in those situations would be inconvenient for the admin. So, I've added support for a file named defaults.vim.custom which (if it exists) will be used instead of the defaults.vim file shipped in the package and will persist through upgrades. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296 ( Security fix *) patches/packages/vim-gvim-9.0.0594-x86_64-1_slack15.0.txz: Upgraded.	2022-09-27 13:30:30 +02:00
Patrick J Volkerding	1730200e5d	Fri Sep 23 23:51:02 UTC 2022 patches/packages/vim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256 (* Security fix *) patches/packages/vim-gvim-9.0.0558-x86_64-1_slack15.0.txz: Upgraded.	2022-09-24 13:30:28 +02:00
Patrick J Volkerding	d22a8a6524	Thu Sep 22 19:50:20 UTC 2022 patches/packages/ca-certificates-20220922-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections.	2022-09-23 13:30:28 +02:00
Patrick J Volkerding	8f546e8375	Wed Sep 21 19:19:07 UTC 2022 patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz: Rebuilt. Fixed crash when using the CUPS web setup interface: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing it (Issue #409). Thanks to MisterL, bryjen, and kjhambrick. Fixed an OpenSSL certificate loading issue: [PATCH] The OpenSSL code path wasn't loading the full certificate chain (Issue #465). Thanks to tmmukunn.	2022-09-22 13:30:28 +02:00
Patrick J Volkerding	b9facc142f	Tue Sep 20 22:50:28 UTC 2022 patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 (* Security fix ) patches/packages/mozilla-firefox-102.3.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-41/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40962 ( Security fix *) patches/packages/mozilla-thunderbird-102.3.0-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.3.0/releasenotes/	2022-09-21 13:30:31 +02:00
Patrick J Volkerding	ed751ebff5	Sun Sep 18 19:02:14 UTC 2022 patches/packages/vim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded. Fixed heap-based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234 (* Security fix *) patches/packages/vim-gvim-9.0.0500-x86_64-1_slack15.0.txz: Upgraded.	2022-09-19 13:30:28 +02:00
Patrick J Volkerding	b6bae52b64	Sat Sep 10 01:51:43 UTC 2022 patches/packages/vim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded. Fixed null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3153 (* Security fix *) patches/packages/vim-gvim-9.0.0417-x86_64-1_slack15.0.txz: Upgraded.	2022-09-11 13:30:27 +02:00
Patrick J Volkerding	dfdaa16c05	Thu Sep 8 01:33:19 UTC 2022 patches/packages/mozilla-thunderbird-102.2.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/	2022-09-08 13:30:28 +02:00
Patrick J Volkerding	23a0b53a62	Tue Sep 6 20:21:24 UTC 2022 extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz: Upgraded. Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1. patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 (* Security fix ) patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. Some accounts may need to be reconfigured after moving from Thunderbird 91.13.0 to Thunderbird 102.2.1. For more information, see: https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059 ( Security fix ) patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 ( Security fix *) patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz: Upgraded.	2022-09-07 13:30:33 +02:00
Patrick J Volkerding	ca8c1d3c22	Thu Sep 1 20:01:13 UTC 2022 patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt. [PATCH] JBIG2Stream: Fix crash on broken file. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860 (* Security fix *)	2022-09-02 13:30:06 +02:00
Patrick J Volkerding	1393bd0f4f	Tue Aug 30 19:39:30 UTC 2022 extra/sendmail/sendmail-8.17.1-x86_64-4_slack15.0.txz: Rebuilt. Patched sendmail.h to fix SASL auth. Thanks to af7567. Build without -DUSE_EAI (which is evidently considered experimental) since the option breaks the vacation binary. Thanks to bitfuzzy and HQuest. It is possible that this could work but requires additional options. I found this in the ChangeLog for the SUSE rpm: Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Any assistance with getting -DUSE_EAI working properly would be appreciated. extra/sendmail/sendmail-cf-8.17.1-noarch-4_slack15.0.txz: Rebuilt. patches/packages/vim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016 (* Security fix *) patches/packages/vim-gvim-9.0.0334-x86_64-1_slack15.0.txz: Upgraded.	2022-08-31 13:30:01 +02:00
Patrick J Volkerding	71a81b7408	Fri Aug 26 04:02:20 UTC 2022 patches/packages/linux-5.15.63/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.39: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734 Fixed in 5.15.40: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1943 Fixed in 5.15.41: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012 Fixed in 5.15.42: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499 Fixed in 5.15.44: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789 Fixed in 5.15.45: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1972 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503 Fixed in 5.15.46: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1973 Fixed in 5.15.47: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34495 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32981 Fixed in 5.15.48: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123 Fixed in 5.15.53: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33744 Fixed in 5.15.54: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918 Fixed in 5.15.56: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36123 Fixed in 5.15.57: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901 Fixed in 5.15.58: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879 Fixed in 5.15.59: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946 Fixed in 5.15.60: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373 Fixed in 5.15.61: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 ( Security fix ) patches/packages/vim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded. We're just going to move to vim-9 instead of continuing to backport patches to the vim-8 branch. Most users will be better served by this. Fixed use after free and null pointer dereference. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923 ( Security fix *) patches/packages/vim-gvim-9.0.0270-x86_64-1_slack15.0.txz: Upgraded.	2022-08-27 13:30:28 +02:00
Patrick J Volkerding	d96560a977	Tue Aug 23 19:27:56 UTC 2022 extra/sendmail/sendmail-8.17.1-x86_64-3_slack15.0.txz: Rebuilt. In recent versions of glibc, USE_INET6 has been removed which caused sendmail to reject mail from IPv6 addresses. Adding -DHAS_GETHOSTBYNNAME2=1 to the site.config.m4 allows the reverse lookups to work again fixing this issue. Thanks to talo. extra/sendmail/sendmail-cf-8.17.1-noarch-3_slack15.0.txz: Rebuilt. patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz: Upgraded. Fixed invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 (* Security fix ) patches/packages/mozilla-firefox-91.13.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix ) patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478 ( Security fix *)	2022-08-24 13:30:27 +02:00
Patrick J Volkerding	44e993e802	Sat Aug 20 20:04:15 UTC 2022 patches/packages/vim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt. Fix use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-3_slack15.0.txz: Rebuilt.	2022-08-21 13:30:26 +02:00
Patrick J Volkerding	77a67ac465	Thu Aug 18 23:19:52 UTC 2022 patches/packages/glibc-zoneinfo-2022c-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.	2022-08-19 13:29:58 +02:00
Patrick J Volkerding	821b8a94bf	Wed Aug 17 20:41:53 UTC 2022 patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.	2022-08-18 13:30:02 +02:00
Patrick J Volkerding	834b3a5fc2	Tue Aug 16 18:51:34 UTC 2022 patches/packages/mariadb-10.5.17-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 (* Security fix *)	2022-08-17 13:30:28 +02:00
Patrick J Volkerding	cffeb680aa	Mon Aug 15 20:23:47 UTC 2022 patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 (* Security fix *)	2022-08-16 13:30:28 +02:00
Patrick J Volkerding	24a4907817	Sat Aug 13 19:12:40 UTC 2022 patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates.	2022-08-14 13:30:29 +02:00
Patrick J Volkerding	5dd1410e22	Tue Aug 9 19:25:22 UTC 2022 patches/packages/zlib-1.2.12-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix update. Applied an upstream patch to restore the handling of CRC inputs to be the same as in previous releases of zlib. This fixes an issue with OpenJDK. Thanks to alienBOB.	2022-08-10 13:30:27 +02:00
Patrick J Volkerding	e8686ed7fd	Fri Jul 29 19:59:03 UTC 2022 patches/packages/gnutls-3.7.7-x86_64-1_slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak Ristioja. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 (* Security fix *)	2022-07-30 13:30:32 +02:00
Patrick J Volkerding	0648599e6d	Thu Jul 28 23:48:36 UTC 2022 patches/packages/mozilla-thunderbird-91.12.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.12.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.12 (* Security fix *)	2022-07-29 13:31:04 +02:00
Patrick J Volkerding	ad19766c1e	Wed Jul 27 19:17:38 UTC 2022 patches/packages/samba-4.15.9-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 (* Security fix *)	2022-07-28 13:30:29 +02:00
Patrick J Volkerding	bfbbd63f28	Mon Jul 25 20:53:49 UTC 2022 patches/packages/mozilla-firefox-91.12.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.12.0/releasenotes/ (* Security fix *) patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz: Rebuilt. This is a bugfix release. Upgraded: Devel-CheckLib-1.16, IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122, Template-Toolkit-3.100, URI-5.12, libnet-3.14. Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and possibly other programs) might have trouble linking with it since it's not in the LD_LIBRARY_PATH. Thanks to oneforall.	2022-07-26 13:30:29 +02:00
Patrick J Volkerding	7e93037632	Thu Jul 21 18:13:18 UTC 2022 patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810 (* Security fix *)	2022-07-22 13:30:29 +02:00
Patrick J Volkerding	83e918a979	Wed Jul 13 19:56:59 UTC 2022 patches/packages/xorg-server-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. xkb: switch to array index loops to moving pointers. xkb: add request length validation for XkbSetGeometry. xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2320 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-3_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-3_slack15.0.txz: Rebuilt.	2022-07-14 13:30:35 +02:00
Patrick J Volkerding	86cbc47746	Mon Jul 11 19:22:52 UTC 2022 patches/packages/seamonkey-2.53.13-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.13 (* Security fix *)	2022-07-12 13:30:28 +02:00
Patrick J Volkerding	5cd37beaa8	Sun Jul 10 18:49:34 UTC 2022 patches/packages/wavpack-5.5.0-x86_64-1_slack15.0.txz: Upgraded. WavPack 5.5.0 contains a fix for CVE-2021-44269 wherein encoding a specially crafted DSD file causes an out-of-bounds read exception. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269 (* Security fix *)	2022-07-11 13:30:28 +02:00
Patrick J Volkerding	9edcc6c242	Thu Jul 7 23:03:01 UTC 2022 patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded. g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903 (* Security fix ) extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627 ( Security fix *)	2022-07-08 13:30:29 +02:00
Patrick J Volkerding	4338767300	Tue Jul 5 20:17:00 UTC 2022 patches/packages/openssl-1.1.1q-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Heap memory corruption with RSA private key operation. AES OCB fails to encrypt some bytes. For more information, see: https://www.openssl.org/news/secadv/20220705.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097 (* Security fix *) patches/packages/openssl-solibs-1.1.1q-x86_64-1_slack15.0.txz: Upgraded.	2022-07-06 13:30:42 +02:00
Patrick J Volkerding	d01c4c7b84	Fri Jul 1 01:23:50 UTC 2022 patches/packages/mozilla-thunderbird-91.11.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 (* Security fix *)	2022-07-01 13:30:27 +02:00
Patrick J Volkerding	7a6788c35a	Tue Jun 28 19:16:08 UTC 2022 patches/packages/curl-7.84.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP compression denial of service. Unpreserved file permissions. FTP-KRB bad message verification. For more information, see: https://curl.se/docs/CVE-2022-32205.html https://curl.se/docs/CVE-2022-32206.html https://curl.se/docs/CVE-2022-32207.html https://curl.se/docs/CVE-2022-32208.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208 (* Security fix ) patches/packages/mozilla-firefox-91.11.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 ( Security fix *)	2022-06-29 13:30:31 +02:00
Patrick J Volkerding	40bf9bf864	Thu Jun 23 05:30:51 UTC 2022 patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded. In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. For more information, see: https://www.openssl.org/news/secadv/20220621.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068 (* Security fix *) patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.	2022-06-24 01:30:06 +02:00
Patrick J Volkerding	7809bcc762	Mon Jun 13 21:02:58 UTC 2022 patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 (* Security fix ) extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix ) extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: mysqlnd/pdo password buffer overflow. Uninitialized array in pg_query_params(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625 ( Security fix *)	2022-06-14 13:30:26 +02:00
Patrick J Volkerding	348dffe043	Wed Jun 8 19:15:34 UTC 2022 patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. Information Disclosure in mod_lua with websockets. mod_sed denial of service. Denial of service in mod_lua r:parsebody. Read beyond bounds in ap_strcmp_match(). Read beyond bounds via ap_rwrite(). Read beyond bounds in mod_isapi. mod_proxy_ajp: Possible request smuggling. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.54 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 (* Security fix *)	2022-06-09 13:30:28 +02:00
Patrick J Volkerding	b9f4e8dc0e	Sat Jun 4 18:43:17 UTC 2022 patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://www.pidgin.im/posts/2022-06-2.14.10-released/ (* Security fix *)	2022-06-05 13:30:26 +02:00
Patrick J Volkerding	a9dc1aa8fa	Thu Jun 2 19:42:06 UTC 2022 patches/packages/mozilla-thunderbird-91.10.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.10.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)	2022-06-03 13:30:29 +02:00
Patrick J Volkerding	f6bd13c472	Wed Jun 1 00:49:45 UTC 2022 patches/packages/mozilla-firefox-91.10.0esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-21/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747 (* Security fix *)	2022-06-01 13:30:20 +02:00
Patrick J Volkerding	81f2355530	Thu May 26 18:27:32 UTC 2022 patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691 (* Security fix *)	2022-05-27 13:30:00 +02:00
Patrick J Volkerding	590bfd3df8	Sat May 21 19:30:02 UTC 2022 patches/packages/mariadb-10.5.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27447 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27448 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27457 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27458 (* Security fix *)	2022-05-22 13:30:03 +02:00
Patrick J Volkerding	e9f027ce23	Sat May 21 01:35:40 UTC 2022 patches/packages/mozilla-firefox-91.9.1esr-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 (* Security fix ) patches/packages/mozilla-thunderbird-91.9.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-19/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529 ( Security fix *)	2022-05-21 13:30:05 +02:00
Patrick J Volkerding	341dffdb1a	Thu May 19 23:07:59 UTC 2022 patches/packages/bind-9.16.29-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. testing/packages/bind-9.18.3-x86_64-1_slack15.0.txz: Upgraded. Fixed a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1183 (* Security fix *)	2022-05-20 13:30:01 +02:00
Patrick J Volkerding	96bf53e55d	Wed May 11 19:01:59 UTC 2022 patches/packages/curl-7.83.1-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27780 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27778 (* Security fix *)	2022-05-12 13:29:51 +02:00
Patrick J Volkerding	3c08cf6792	Mon May 9 21:33:25 UTC 2022 patches/packages/linux-5.15.38/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.27: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494 Fixed in 5.15.28: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042 Fixed in 5.15.29: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854 Fixed in 5.15.32: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356 Fixed in 5.15.33: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0168 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1158 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516 Fixed in 5.15.34: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29582 Fixed in 5.15.35: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205 Fixed in 5.15.37: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222 ( Security fix *)	2022-05-10 13:30:03 +02:00
Patrick J Volkerding	2971d84285	Wed May 4 21:24:57 UTC 2022 patches/packages/mozilla-thunderbird-91.9.0-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/ (* Security fix ) patches/packages/openssl-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292 ( Security fix ) patches/packages/openssl-solibs-1.1.1o-x86_64-1_slack15.0.txz: Upgraded. patches/packages/seamonkey-2.53.12-x86_64-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.12 ( Security fix *)	2022-05-05 13:30:04 +02:00
Patrick J Volkerding	d88c750381	Mon May 2 20:02:49 UTC 2022 patches/packages/libxml2-2.9.14-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix integer overflow in xmlBuf and xmlBuffer. Fix potential double-free in xmlXPtrStringRangeFunction. Fix memory leak in xmlFindCharEncodingHandler. Normalize XPath strings in-place. Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars(). Fix leak of xmlElementContent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 (* Security fix *) patches/packages/mozilla-firefox-91.9.0esr-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/91.9.0/releasenotes/ patches/packages/samba-4.15.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.samba.org/samba/history/samba-4.15.7.html	2022-05-03 13:29:53 +02:00
Patrick J Volkerding	7d2523ede3	Sat Apr 30 21:18:47 UTC 2022 patches/packages/pidgin-2.14.9-x86_64-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491 (* Security fix *)	2022-05-01 13:30:01 +02:00

... 5 6 7 8 9 ...

1466 commits