summaryrefslogtreecommitdiff
path: root/ChangeLog.rss
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss39
1 files changed, 37 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 3649fef1..610aeb1d 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,30 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Thu, 2 Dec 2021 19:14:20 GMT</pubDate>
- <lastBuildDate>Fri, 3 Dec 2021 07:59:49 GMT</lastBuildDate>
+ <pubDate>Fri, 3 Dec 2021 20:07:20 GMT</pubDate>
+ <lastBuildDate>Sat, 4 Dec 2021 07:59:47 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.13</generator>
<item>
+ <title>Fri, 3 Dec 2021 20:07:20 GMT</title>
+ <pubDate>Fri, 3 Dec 2021 20:07:20 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20211203200720</link>
+ <guid isPermaLink="false">20211203200720</guid>
+ <description>
+ <![CDATA[<pre>
+ap/rpm-4.16.1.3-x86_64-4.txz: Rebuilt.
+ Patched to handle non-compliant RPMs created by install4j. Thanks to alienBOB.
+d/poke-1.4-x86_64-1.txz: Upgraded.
+l/enchant-2.3.2-x86_64-1.txz: Upgraded.
+l/freetype-2.11.1-x86_64-1.txz: Upgraded.
+l/glib2-2.70.2-x86_64-1.txz: Upgraded.
+n/lynx-2.9.0dev.10-x86_64-1.txz: Upgraded.
+extra/php8/php8-8.1.0-x86_64-1.txz: Removed.
+extra/php80/php80-8.0.13-x86_64-1.txz: Added.
+extra/php81/php81-8.1.0-x86_64-1.txz: Added.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Thu, 2 Dec 2021 19:14:20 GMT</title>
<pubDate>Thu, 2 Dec 2021 19:14:20 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20211202191420</link>
@@ -24,6 +44,21 @@
d/strace-5.15-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.73-x86_64-1.txz: Upgraded.
Everything linked to NSS/NSPR was rebuild tested here.
+ This update fixes a critical security issue:
+ NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are
+ vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS
+ signatures. Applications using NSS for handling signatures encoded within
+ CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications
+ using NSS for certificate validation or other TLS, X.509, OCSP or CRL
+ functionality may be impacted, depending on how they configure NSS.
+ Note: This vulnerability does NOT impact Mozilla Firefox. However, email
+ clients and PDF viewers that use NSS for signature verification, such as
+ Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.
+ Thanks to Tavis Ormandy of Google Project Zero.
+ For more information, see:
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
+ (* Security fix *)
l/qt5-5.15.3_20211130_014c375b-x86_64-1.txz: Upgraded.
</pre>]]>
</description>