Repository 32bit  Forum
Repository 64bit  Wiki
Fri Feb 8 03:57:05 UTC 2013
patches/packages/curl-7.29.0-x86_64-1_slack14.0.txz: Upgraded.
  When negotiating SASL DIGEST-MD5 authentication, the function
  Curl_sasl_create_digest_md5_message() uses the data provided from the
  server without doing the proper length checks and that data is then
  appended to a local fixed-size buffer on the stack. This vulnerability
  can be exploited by someone who is in control of a server that a libcurl
  based program is accessing with POP3, SMTP or IMAP. For applications
  that accept user provided URLs, it is also thinkable that a malicious
  user would feed an application with a URL to a server hosting code
  targeting this flaw.
  Affected versions: curl 7.26.0 to and including 7.28.1
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
  (* Security fix *)
patches/packages/sdl-1.2.14-x86_64-6_slack14.0.txz: Rebuilt.
  Patched mouse clicking bug.