date | project | content | link |
|---|
| 13:07 Saturday | slackware64-current-changelog | Commit by adrien on master :: r cf7083dc1564 / (53 files in 11 dirs): ( link) | # |
| 17:16 Wednesday | slackware64-current-changelog | Commit by adrien on master :: r 72d095ea52b3 / (154 files in 22 dirs): ( link) Wed Feb 8 01:21:42 UTC 2012
a/cups-1.4.8-x86_64-1.txz: Upgraded.
a/glibc-solibs-2.14.1-x86_64-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
(* Security fix *)
a/glibc-zoneinfo-2011i_2011n-noarch-4.txz: Rebuilt.
ap/alsa-utils-1.0.25-x86_64-1.txz: Upgraded.
ap/hplip-3.11.12-x86_64-1.txz: Upgraded.
ap/sqlite-3.7.10-x86_64-1.txz: Upgraded.
l/alsa-oss-1.0.25-x86_64-1.txz: Upgraded.
l/alsa-lib-1.0.25-x86_64-1.txz: Upgraded.
l/apr-util-1.4.1-x86_64-1.txz: Upgraded.
l/glibc-2.14.1-x86_64-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
(* Security fix *)
l/glibc-i18n-2.14.1-x86_64-4.txz: Rebuilt.
l/glibc-profile-2.14.1-x86_64-4.txz: Rebuilt.
Patched an overflow in tzfile. This was evidently first reported in
2009, but is only now getting around to being patched. To exploit it,
one must be able to write beneath /usr/share/zoneinfo, which is usually
not possible for a normal user, but may be in the case where they are
chroot()ed to a directory that they own.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
(* Security fix *)
n/httpd-2.2.22-x86_64-1.txz: Upgraded.
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]
*) SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. PR 52256.
[Rainer Canavan <rainer-apache 7val com>]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
(* Security fix *)
n/php-5.3.10-x86_64-1.txz: Upgraded.
Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
(* Security fix *)
n/proftpd-1.3.4a-x86_64-1.txz: Upgraded.
This update fixes a use-after-free() memory corruption error,
and possibly other unspecified issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
(* Security fix *)
n/vsftpd-2.3.5-x86_64-1.txz: Upgraded.
Minor version bump, this also works around a hard to trigger heap overflow
in glibc (glibc zoneinfo caching vuln). For there to be any possibility
to trigger the glibc bug within vsftpd, the non-default option
"chroot_local_user" must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
Nevertheless:
(* Security fix *) | # |
| 08:56 on Feb 03 | slackware64-current-changelog | Commit by adrien on master :: r 80f3d2edd225 / (168 files in 32 dirs): ( link) Thu Feb 2 16:02:47 UTC 2012
It is cloudy and foggy here today -- I did not see my shadow, and
will not be crawling back into my hole for 6 weeks. ;-)
testing/packages/mozilla-firefox-11.0b1-x86_64-1.txz: Added.
Thu Feb 2 15:07:23 UTC 2012
a/kernel-firmware-20120202git-noarch-1.txz: Upgraded.
There were some reports of a failing checksum on the .asc (which
did verify, so the package was good). So, we'll replace it with
a new build to make sure that it syncs out. | # |
| 04:23 on Feb 02 | slackware64-current-changelog | Commit by adrien on master :: r 4a3f83464e9b /slackware64-current/ (248 files in 54 dirs): ( link) Minor update. | # |
| 04:20 on Dec 16, 2011 | slackware64-current-changelog | Commit by adrien on master :: r de293aeefe48 / (23 files in 6 dirs): ( link) Wed Dec 14 16:22:29 UTC 2011
d/subversion-1.7.2-x86_64-1.txz: Upgraded.
This update fixes an issue with "git svn clone" being broken.
Thanks to Francesco Allertsen for the heads-up.
Hmmm, perhaps vbatts can tell me what has happened to the ruby bindings... | # |
| 04:20 on Nov 29, 2011 | slackware64-current-changelog | Commit by adrien on master :: r f02f30597929 / (23 files in 7 dirs): ( link) Tue Nov 29 00:09:21 UTC 2011
testing/packages/mozilla-thunderbird-9.0b2-x86_64-1.txz: Added. | # |
| 07:20 on Nov 27, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 78ca2a6f3b85 / (74 files in 14 dirs): ( link) | # |
| 16:20 on Nov 23, 2011 | slackware64-current-changelog | Commit by adrien on master :: r f5edd6994526 / (16 files in 4 dirs): ( link) Wed Nov 23 15:17:39 UTC 2011
d/make-3.82-x86_64-3.txz: Rebuilt.
Patched a free() crash when building Android. Thanks to Troy Unrau.
Fixed IA32 arch, package locations... sorry :)
6a2
> Patched a free() crash when building Android. Thanks to Troy Unrau. | # |
| 17:20 on Nov 22, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 8d8f55a7777f / (42 files in 10 dirs): ( link) Tue Nov 22 15:23:55 UTC 2011
Patched a free() crash when building Android. Thanks to Troy Unrau.
testing/packages/mozilla-firefox-9.0b2-x86_64-1.txz: Upgraded.
Thu Nov 17 02:09:25 UTC 2011
n/bind-9.7.4_P1-x86_64-1.txz: Upgraded.
--- 9.7.4-P1 released ---
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
(* Security fix *) | # |
| 19:25 on Nov 13, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 36e37dbfeeed / (62 files in 10 dirs): ( link) Sun Nov 13 16:03:06 UTC 2011
a/glibc-solibs-2.14.1-x86_64-2.txz: Rebuilt.
a/glibc-zoneinfo-2011i_2011n-noarch-2.txz: Rebuilt.
l/glibc-2.14.1-x86_64-2.txz: Rebuilt.
Merged ELF patches -- Matt Burgess <matthew_at_linuxfromscratch_dot_org>
l/glibc-i18n-2.14.1-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.14.1-x86_64-2.txz: Rebuilt.
testing/packages/mozilla-firefox-9.0b1-x86_64-1.txz: Added. | # |
| 22:20 on Nov 11, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 5c74ee15c72b / (58 files in 8 dirs): ( link) Fri Nov 11 18:58:21 UTC 2011
Good 11-11-11, everyone! Enjoy some fresh time. :)
a/glibc-solibs-2.14.1-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2011i_2011n-noarch-1.txz: Upgraded.
New upstream homepage: http://www.iana.org/time-zones
l/glibc-2.14.1-x86_64-1.txz: Upgraded.
l/glibc-i18n-2.14.1-x86_64-1.txz: Upgraded.
l/glibc-profile-2.14.1-x86_64-1.txz: Upgraded. | # |
| 08:20 on Nov 08, 2011 | slackware64-current-changelog | Commit by adrien on master :: r e7cc97a4aa5f / (50 files in 11 dirs): ( link) Tue Nov 8 04:07:49 UTC 2011
n/openssh-5.9p1-x86_64-2.txz: Rebuilt.
Upstream different timestamp, size, ChangeLog. GPG verifies on both
this newer one and what we had before (?).
xap/mozilla-firefox-8.0-x86_64-1.txz: Upgraded. | # |
| 00:21 on Oct 15, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 983b1d3fd554 / (86 files in 16 dirs): ( link) | # |
| 18:20 on Sep 06, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 4c26f3308243 / (24 files in 6 dirs): ( link) Tue Sep 6 16:53:43 UTC 2011
n/openssh-5.9p1-x86_64-1.txz: Upgraded. | # |
| 16:21 on Sep 06, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 40a79a12777c / (107 files in 17 dirs): ( link) Tue Sep 6 00:15:03 UTC 2011
l/seamonkey-solibs-2.3.3-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
(* Security fix *)
n/httpd-2.2.20-x86_64-1.txz: Upgraded.
SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
(* Security fix *)
xap/mozilla-firefox-6.0.2-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
(* Security fix *)
xap/mozilla-thunderbird-6.0.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
(* Security fix *)
xap/seamonkey-2.3.3-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/announce/
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
(* Security fix *)
testing/packages/mozilla-firefox-7.0b4-x86_64-1.txz: Upgraded. | # |
| 17:20 on Aug 25, 2011 | slackware64-current-changelog | Commit by adrien on master :: r bb6a1995e333 / (85 files in 18 dirs): ( link) Thu Aug 25 09:10:45 UTC 2011
a/kernel-firmware-20110814git-noarch-1.txz: Upgraded.
Fetch the latest kernel firmware from git -- the stuff in the kernel sources
is somewhat stale.
ap/soma-2.7.1-noarch-1.txz: Added.
Soma is a command line/dialog Internet radio player.
Thanks to David Woodfall.
l/jre-6u27-x86_64-1.txz: Upgraded.
n/php-5.3.8-x86_64-1.txz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
(* Security fix *)
extra/jdk-6/jdk-6u27-x86_64-1.txz: Upgraded.
testing/packages/mozilla-firefox-7.0b1-x86_64-1.txz: Added. | # |
| 20:20 on Aug 14, 2011 | slackware64-current-changelog | Commit by adrien on master :: r a9b00b86eeab / (50 files in 11 dirs): ( link) Sun Aug 14 17:49:30 UTC 2011
n/wget-1.13-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-6.0-x86_64-1.txz: Upgraded. | # |
| 01:20 on Aug 13, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 8081771b9879 / (38 files in 8 dirs): ( link) Fri Aug 12 23:20:00 UTC 2011
d/binutils-2.21.53.0.2-x86_64-1.txz: Upgraded.
n/bind-9.7.4-x86_64-1.txz: Upgraded.
This BIND update addresses a couple of security issues:
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
(* Security fix *) | # |
| 03:21 on Aug 12, 2011 | slackware64-current-changelog | Commit by adrien on master :: r d9ae60cc65cb / (100 files in 17 dirs): ( link) Fri Aug 12 00:29:11 UTC 2011
a/lilo-23.2-x86_64-1.txz: Upgraded.
ap/htop-0.9-x86_64-1.txz: Added.
htop is an ncurses-based interactive process viewer.
Thanks to Michal Dorocinski for the suggestion.
ap/sqlite-3.7.7.1-x86_64-1.txz: Upgraded.
Added options: -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_PARENTHESIS=1
e/emacs-23.3a-x86_64-1.txz: Upgraded.
testing/packages/mozilla-firefox-6.0b5-x86_64-1.txz: Added.
testing/packages/mozilla-thunderbird-6.0b3-x86_64-1.txz: Added.
testing/packages/seamonkey-2.3b3-x86_64-1.txz: Added.
testing/packages/seamonkey-solibs-2.3b3-x86_64-1.txz: Added. | # |
| 23:20 on Jul 29, 2011 | slackware64-current-changelog | Commit by adrien on master :: r 4c9c73939088 / (49 files in 11 dirs): ( link) | # |
RSS 2.0 Feed