Repository 32bit  Forum
Repository 64bit  Wiki
Wed Nov 29 08:15:09 UTC 2017
a/coreutils-8.28-i586-2.txz: Rebuilt.
  Removed ancient (1992) aliases "dir, vdir, d, v" from the profile scripts.
a/lzlib-1.9-i586-1.txz: Added.
a/plzip-1.6-i586-1.txz: Added.
ap/man-1.6g-i586-3.txz: Removed.
ap/man-db-2.7.6.1-i586-1.txz: Added.
  This package replaces the good old man package. Thanks to B. Watson.
ap/man-pages-4.14-noarch-2.txz: Rebuilt.
  Don't ship a whatis database, since man-db doesn't need one.
ap/mariadb-10.2.11-i586-1.txz: Upgraded.
d/git-2.15.1-i586-1.txz: Upgraded.
d/python-setuptools-38.2.3-i586-1.txz: Upgraded.
x/libXcursor-1.1.15-i586-1.txz: Upgraded.
  Fix heap overflows when parsing malicious files. (CVE-2017-16612)
  It is possible to trigger heap overflows due to an integer overflow
  while parsing images and a signedness issue while parsing comments.
  The integer overflow occurs because the chosen limit 0x10000 for
  dimensions is too large for 32 bit systems, because each pixel takes
  4 bytes. Properly chosen values allow an overflow which in turn will
  lead to less allocated memory than needed for subsequent reads.
  The signedness bug is triggered by reading the length of a comment
  as unsigned int, but casting it to int when calling the function
  XcursorCommentCreate. Turning length into a negative value allows the
  check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
  addition of sizeof (XcursorComment) + 1 makes it possible to allocate
  less memory than needed for subsequent reads.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
  (* Security fix *)
x/libXfont-1.5.3-i586-1.txz: Removed.
x/libXfont2-2.0.3-i586-1.txz: Upgraded.
  Open files with O_NOFOLLOW. (CVE-2017-16611)
  A non-privileged X client can instruct X server running under root
  to open any file by creating own directory with "fonts.dir",
  "fonts.alias" or any font file being a symbolic link to any other
  file in the system. X server will then open it. This can be issue
  with special files such as /dev/watchdog (which could then reboot
  the system).
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
  (* Security fix *)
x/xfs-1.2.0-i586-1.txz: Upgraded.
testing/packages/php-7.1.12-i586-2.txz: Rebuilt.
  Load mysqlnd.so before mysqli.so in etc/php.ini*. Thanks to KewlCat.
  Load libphp7.so in mod_php.conf.example. Thanks to Willy Sudiarto Raharjo.