summaryrefslogtreecommitdiff
path: root/ChangeLog.rss
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2019-04-18 21:13:58 +0000
committerEric Hameleers <alien@slackware.com>2019-04-19 08:59:44 +0200
commite2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch)
treed595288d3ad1e2512cef499ce15c79b8f32a1a14 /ChangeLog.rss
parent4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff)
downloadcurrent-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz
Thu Apr 18 21:13:58 UTC 201920190418211358
ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded. ap/sysstat-12.1.4-x86_64-1.txz: Upgraded. l/gvfs-1.40.1-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/icu4c-64.2-x86_64-1.txz: Upgraded. l/libcddb-1.3.2-x86_64-6.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/libcdio-2.1.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/zstd-1.4.0-x86_64-1.txz: Upgraded. n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded. n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded. This update fixes a security issue: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 (* Security fix *) n/nghttp2-1.38.0-x86_64-1.txz: Upgraded. n/openssh-8.0p1-x86_64-1.txz: Upgraded. This release contains a mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 (* Security fix *) xap/MPlayer-20190418-x86_64-1.txz: Upgraded. Compiled against libcdio-2.1.0. xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded. Compiled against libcdio-2.1.0. extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt. Recompiled against libcdio-2.1.0.
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss56
1 files changed, 54 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index da445ce2..9f6267df 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,62 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate>
- <lastBuildDate>Thu, 18 Apr 2019 15:59:41 GMT</lastBuildDate>
+ <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate>
+ <lastBuildDate>Fri, 19 Apr 2019 06:59:41 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.10</generator>
<item>
+ <title>Thu, 18 Apr 2019 21:13:58 GMT</title>
+ <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20190418211358</link>
+ <guid isPermaLink="false">20190418211358</guid>
+ <description>
+ <![CDATA[<pre>
+ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
+ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
+l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/icu4c-64.2-x86_64-1.txz: Upgraded.
+l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
+ Shared library .so-version bump.
+l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/zstd-1.4.0-x86_64-1.txz: Upgraded.
+n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
+n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ Trying to login with 8bit username containing invalid UTF8 input causes
+ auth process to crash if auth policy is enabled. This could be used rather
+ easily to cause a DoS. Similar crash also happens during mail delivery
+ when using invalid UTF8 in From or Subject header when OX push
+ notification driver is used.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
+ (* Security fix *)
+n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
+n/openssh-8.0p1-x86_64-1.txz: Upgraded.
+ This release contains a mitigation for a weakness in the scp(1) tool
+ and protocol (CVE-2019-6111): when copying files from a remote system
+ to a local directory, scp(1) did not verify that the filenames that
+ the server sent matched those requested by the client. This could
+ allow a hostile server to create or clobber unexpected local files
+ with attacker-controlled content.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
+ (* Security fix *)
+xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
+ Compiled against libcdio-2.1.0.
+xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
+ Compiled against libcdio-2.1.0.
+extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Wed, 17 Apr 2019 20:27:23 GMT</title>
<pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20190417202723</link>