mirror of
git://slackware.nl/current.git
synced 2024-12-26 09:58:59 +01:00
26cd2dd0d1
a/shadow-4.8.1-x86_64-8.txz: Rebuilt.
It seems that /etc/suauth is not supported when PAM is in use, even if
configure.ac is hacked to enable it. I've removed the man pages for it,
and would suggest using sudo as a replacement.
l/libexif-0.6.22-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
CVE-2018-20030: Fix for recursion DoS
CVE-2020-13114: Time consumption DoS when parsing canon array markers
CVE-2020-13113: Potential use of uninitialized memory
CVE-2020-13112: Various buffer overread fixes due to integer overflows
in maker notes
CVE-2020-0093: read overflow
CVE-2019-9278: replaced integer overflow checks the compiler could
optimize away by safer constructs
CVE-2020-12767: fixed division by zero
CVE-2016-6328: fixed integer overflow when parsing maker notes
CVE-2017-7544: fixed buffer overread
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
(* Security fix *)
l/oniguruma-6.9.5_rev1-x86_64-2.txz: Rebuilt.
Rebuilt with --enable-posix-api. Thanks to MisterL.
l/python-packaging-20.4-x86_64-1.txz: Upgraded.
n/bind-9.16.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
A malicious actor who intentionally exploits the lack of effective
limitation on the number of fetches performed when processing referrals
can, through the use of specially crafted referrals, cause a recursing
server to issue a very large number of fetches in an attempt to process
the referral. This has at least two potential effects: The performance of
the recursing server can potentially be degraded by the additional work
required to perform these fetches, and the attacker can exploit this
behavior to use the recursing server as a reflector in a reflection attack
with a high amplification factor.
For more information, see:
https://kb.isc.org/docs/cve-2020-8616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
(* Security fix *)
x/fontconfig-2.13.92-x86_64-1.txz: Upgraded.
x/xf86-input-libinput-0.30.0-x86_64-1.txz: Upgraded.
19 lines
843 B
Text
19 lines
843 B
Text
# HOW TO EDIT THIS FILE:
|
|
# The "handy ruler" below makes it easier to edit a package description. Line
|
|
# up the first '|' above the ':' following the base package name, and the '|' on
|
|
# the right side marks the last column you can put a character in. You must make
|
|
# exactly 11 lines for the formatting to be correct. It's also customary to
|
|
# leave one space after the ':'.
|
|
|
|
|-----handy-ruler------------------------------------------------------|
|
|
fontconfig: fontconfig (Font library and tools)
|
|
fontconfig:
|
|
fontconfig: Fontconfig is a library and tools designed to provide system-wide
|
|
fontconfig: font configuration, customization, and application access.
|
|
fontconfig:
|
|
fontconfig: Fontconfig is written and maintained by Keith Packard.
|
|
fontconfig:
|
|
fontconfig: Homepage: https://www.fontconfig.org
|
|
fontconfig:
|
|
fontconfig:
|
|
fontconfig:
|