Fri Feb 8 03:57:05 UTC 2013
a/elilo-3.14-i486-1.txz: Added.
d/llvm-3.2-i486-3.txz: Rebuilt.
Fixed a few places where lib64 was hardcoded regardless of $ARCH.
Thanks to Heinz Wiesinger.
l/sdl-1.2.15-i486-1.txz: Upgraded.
Upgraded to SDL-1.2.15, SDL_image-1.2.12, SDL_mixer-1.2.12,
SDL_net-1.2.8, and SDL_ttf-2.0.11.
Patched resizing and mouse clicking bugs.
n/curl-7.29.0-i486-1.txz: Upgraded.
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack. This vulnerability
can be exploited by someone who is in control of a server that a libcurl
based program is accessing with POP3, SMTP or IMAP. For applications
that accept user provided URLs, it is also thinkable that a malicious
user would feed an application with a URL to a server hosting code
targeting this flaw.
Affected versions: curl 7.26.0 to and including 7.28.1
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
(* Security fix *)