Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/xap/rxvt-unicode/CVE-2022-4170.diff
Patrick J Volkerding b3409a9b21 Wed Jan 4 02:18:08 UTC 2023 
ap/lsof-4.96.5-x86_64-1.txz:  Upgraded.
ap/sqlite-3.40.1-x86_64-1.txz:  Upgraded.
kde/bluedevil-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-grub-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-gtk-5.26.5-x86_64-1.txz:  Upgraded.
kde/digikam-7.9.0-x86_64-2.txz:  Rebuilt.
  Recompiled against opencv-4.7.0.
kde/drkonqi-5.26.5-x86_64-1.txz:  Upgraded.
kde/kactivitymanagerd-5.26.5-x86_64-1.txz:  Upgraded.
kde/kde-cli-tools-5.26.5-x86_64-1.txz:  Upgraded.
kde/kde-gtk-config-5.26.5-x86_64-1.txz:  Upgraded.
kde/kdecoration-5.26.5-x86_64-1.txz:  Upgraded.
kde/kdeplasma-addons-5.26.5-x86_64-1.txz:  Upgraded.
kde/kgamma5-5.26.5-x86_64-1.txz:  Upgraded.
kde/khotkeys-5.26.5-x86_64-1.txz:  Upgraded.
kde/kinfocenter-5.26.5-x86_64-1.txz:  Upgraded.
kde/kmenuedit-5.26.5-x86_64-1.txz:  Upgraded.
kde/kpipewire-5.26.5-x86_64-1.txz:  Upgraded.
kde/kscreen-5.26.5-x86_64-1.txz:  Upgraded.
kde/kscreenlocker-5.26.5-x86_64-1.txz:  Upgraded.
kde/ksshaskpass-5.26.5-x86_64-1.txz:  Upgraded.
kde/ksystemstats-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwallet-pam-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwayland-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwin-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwrited-5.26.5-x86_64-1.txz:  Upgraded.
kde/layer-shell-qt-5.26.5-x86_64-1.txz:  Upgraded.
kde/libkscreen-5.26.5-x86_64-1.txz:  Upgraded.
kde/libksysguard-5.26.5-x86_64-1.txz:  Upgraded.
kde/milou-5.26.5-x86_64-1.txz:  Upgraded.
kde/oxygen-5.26.5-x86_64-1.txz:  Upgraded.
kde/oxygen-sounds-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-browser-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-desktop-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-disks-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-firewall-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-nm-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-pa-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-sdk-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-systemmonitor-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-vault-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-wallpapers-5.26.5-x86_64-1.txz:  Upgraded.
kde/polkit-kde-agent-1-5.26.5-x86_64-1.txz:  Upgraded.
kde/powerdevil-5.26.5-x86_64-1.txz:  Upgraded.
kde/qqc2-breeze-style-5.26.5-x86_64-1.txz:  Upgraded.
kde/sddm-kcm-5.26.5-x86_64-1.txz:  Upgraded.
kde/systemsettings-5.26.5-x86_64-1.txz:  Upgraded.
kde/xdg-desktop-portal-kde-5.26.5-x86_64-1.txz:  Upgraded.
l/SDL2-2.26.2-x86_64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.20.5-x86_64-2.txz:  Rebuilt.
  Recompiled against opencv-4.7.0.
l/imagemagick-7.1.0_57-x86_64-1.txz:  Upgraded.
l/libpcap-1.10.2-x86_64-1.txz:  Upgraded.
l/libpsl-0.21.2-x86_64-1.txz:  Upgraded.
l/librevenge-0.0.5-x86_64-1.txz:  Upgraded.
l/libsndfile-1.2.0-x86_64-1.txz:  Upgraded.
l/libtiff-4.4.0-x86_64-2.txz:  Rebuilt.
  Patched various security bugs.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-2056
    https://www.cve.org/CVERecord?id=CVE-2022-2057
    https://www.cve.org/CVERecord?id=CVE-2022-2058
    https://www.cve.org/CVERecord?id=CVE-2022-3970
    https://www.cve.org/CVERecord?id=CVE-2022-34526
  (* Security fix *)
l/netpbm-11.01.00-x86_64-1.txz:  Upgraded.
l/opencv-4.7.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/poppler-23.01.0-x86_64-1.txz:  Upgraded.
n/getmail-6.18.11-x86_64-1.txz:  Upgraded.
n/tcpdump-4.99.2-x86_64-1.txz:  Upgraded.
n/whois-5.5.15-x86_64-1.txz:  Upgraded.
  Updated the .bd, .nz and .tv TLD servers.
  Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
  Updated the .ac.uk and .gov.uk SLD servers.
  Recursion has been enabled for whois.nic.tv.
  Updated the list of new gTLDs with four generic TLDs assigned in October 2013
  which were missing due to a bug.
  Removed 4 new gTLDs which are no longer active.
  Added the Georgian translation, contributed by Temuri Doghonadze.
  Updated the Finnish translation, contributed by Lauri Nurmi.
xap/pidgin-2.14.12-x86_64-1.txz:  Upgraded.
xap/rxvt-unicode-9.26-x86_64-4.txz:  Rebuilt.
  When the "background" extension was loaded, an attacker able to control the
  data written to the terminal would be able to execute arbitrary code as the
  terminal's user. Thanks to David Leadbeater and Ben Collver.
  For more information, see:
    https://www.openwall.com/lists/oss-security/2022/12/05/1
    https://www.cve.org/CVERecord?id=CVE-2022-4170
  (* Security fix *)
2023-01-04 04:38:00 +01:00

12 lines
404 B
Diff
Raw Blame History

--- ./src/perl/background.orig 2021-05-09 10:04:44.000000000 -0500
+++ ./src/perl/background 2023-01-03 13:53:59.865031717 -0600
@@ -1451,8 +1451,7 @@
# any code execution or other shenanigans. does not
# support binary NULs in string.
sub q0 {
- (my $str = shift) =~ s/\x00//g; # make sure there really aren't any embedded NULs
- "q\x00$str\x00"
+ "qq\x00\Q$_[0]\E\x00"
}
sub old_bg_expr {
Reference in a new issue View git blame Copy permalink