slacky.eu

Codice: Seleziona tutto

Mon Apr 30 22:24:10 UTC 2012
patches/packages/mozilla-thunderbird-12.0.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release.
  Fixed POP3 filters that move mail to IMAP folders.
  Fixed loading message body in sub-folders that use fetch headers only.
  Addressed mail notification issues.
  Fixed crash in nMsgDatabase.
patches/packages/seamonkey-2.9.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release.
  Fixed POP3 filters that move mail to IMAP folders.
  Fixed loading message body in sub-folders that use fetch headers only.
  Addressed mail notification issues.
  Fixed crash in nMsgDatabase.
  Also, the build script and seamonkey-nss.pc were adjusted to fix issues
  with compiling against Seamonkey NSS.  Thanks to zerouno on LQ.
patches/packages/seamonkey-solibs-2.9.1-x86_64-1_slack13.37.txz:  Upgraded.
patches/packages/wicd-1.7.2.4-x86_64-1_slack13.37.txz:  Upgraded.
  Correct the fix for CVE-2012-2095 (and fix other new bugs).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2095
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Mon May  7 18:54:03 UTC 2012
patches/packages/pidgin-2.10.4-x86_64-1_slack13.37.txz:  Upgraded.
  Fixed possible MSN remote crash.
  Fixed XMPP remote crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Wed May  9 20:16:40 UTC 2012
patches/packages/wicd-1.7.2.4-x86_64-2_slack13.37.txz:  Rebuilt.
  Fixed an input sanitization bug that breaks accepting a passphrase for a new
  password protected access point.  Patch from upstream.
  Thanks to Willy Sudiarto Raharjo for the notice.
+--------------------------+
Tue May  8 21:21:10 UTC 2012
patches/packages/php-5.3.13-x86_64-1_slack13.37.txz:  Upgraded.
  This release completes a fix for a vulnerability in CGI-based setups.
  Note: mod_php and php-fpm are not vulnerable to this attack.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Sat May 19 19:03:37 UTC 2012
patches/packages/openssl-0.9.8x-x86_64-1_slack13.37.txz:  Upgraded.
  This is a very minor security fix:
  o Fix DTLS record length checking bug CVE-2012-2333
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
  (* Security fix *)
patches/packages/openssl-solibs-0.9.8x-x86_64-1_slack13.37.txz:  Upgraded.
  This is a very minor security fix:
  o Fix DTLS record length checking bug CVE-2012-2333
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Wed May 23 00:14:52 UTC 2012
patches/packages/libxml2-2.7.8-x86_64-4_slack13.37.txz:  Upgraded.
  Patched an off-by-one error in XPointer that could lead to a crash or
  possibly the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Thu Jun 14 05:02:39 UTC 2012
patches/packages/bind-9.7.6_P1-x86_64-1_slack13.37.txz:  Upgraded.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  It also fixes the so-called "ghost names attack" whereby a
  remote attacker may trigger continued resolvability of revoked domain names.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  (* Security fix *)
patches/packages/mozilla-firefox-13.0-x86_64-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-13.0-x86_64-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.10-x86_64-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.10-x86_64-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Sat Jun 16 16:19:36 UTC 2012
patches/packages/mozilla-firefox-13.0.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release, addressing issues with recent versions of Flash,
  Hotmail, and rendering of Hebrew text.
patches/packages/mozilla-thunderbird-13.0.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release, addressing issues with the new Filelink feature,
  and miscellaneous other stability and display updates.
+--------------------------+

Codice: Seleziona tutto

Mon Jun 25 02:32:37 UTC 2012
patches/packages/freetype-2.4.10-x86_64-1_slack13.37.txz:  Upgraded.
  Since freetype-2.4.8 many fixes were made to better handle invalid fonts.
  Many of them are vulnerabilities (see CVE-2012-1126 up to CVE-2012-1144
  and SA48320) so all users should upgrade.
  (* Security fix *)
patches/packages/seamonkey-2.10.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release.
patches/packages/seamonkey-solibs-2.10.1-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release.
+--------------------------+

Codice: Seleziona tutto

Fri Jul 13 23:14:15 UTC 2012
patches/packages/php-5.3.14-x86_64-1_slack13.37.txz:  Upgraded.
  This release fixes a weakness in the DES implementation of crypt
  and a heap overflow issue in the phar extension.
  (* Security fix *)
patches/packages/pidgin-2.10.6-x86_64-1_slack13.37.txz:  Upgraded.
  Fixes a security issue for users of MXit:  Incorrect handing of inline
  images in incoming instant messages can cause a buffer overflow and in
  some cases can be exploited to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Wed Jul 18 05:35:26 UTC 2012
patches/packages/libexif-0.6.21-x86_64-1_slack13.37.txz:  Upgraded.
  This update fixes a number of remotely exploitable issues in libexif
   with effects ranging from information leakage to potential remote
   code execution.
  For more information, see:
    http://sourceforge.net/mailarchive/message.php?messaggio_id=29534027
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845
  (* Security fix *)
patches/packages/mozilla-firefox-14.0.1-x86_64-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
patches/packages/mozilla-thunderbird-14.0-x86_64-1_slack13.37.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
patches/packages/seamonkey-2.11-x86_64-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
patches/packages/seamonkey-solibs-2.11-x86_64-1_slack13.37.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Sun Jul 22 19:45:25 UTC 2012
patches/packages/php-5.3.15-x86_64-1_slack13.37.txz:  Upgraded.
  Fixed potential overflow in _php_stream_scandir (CVE-2012-2688).
  (Thanks to Jason Powell, Stas)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.4.12-x86_64-1_slack13.37.txz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Fri Jul 27 17:15:24 UTC 2012
patches/packages/bind-9.7.6_P2-x86_64-1_slack13.37.txz:  Upgraded.
  Prevents a named assert (crash) when validating caused by using
  "Bad cache" data before it has been initialized.  [RT #30025]
  ISC_QUEUE handling for recursive clients was updated to address a
  race condition that could cause a memory leak.  This rarely occurred
  with UDP clients, but could be a significant problem for a server
  handling a steady rate of TCP queries.  [RT #29539 & #30233]
  Under heavy incoming TCP query loads named could experience a
  memory leak which could lead to significant reductions in query
  response or cause the server to be terminated on systems with
  "out of memory" killers. [RT #29539]
  A condition has been corrected where improper handling of zero-length
  RDATA could cause undesirable behavior, including termination of
  the named process.  [RT #29644]
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Thu Aug 16 04:01:31 UTC 2012
patches/packages/emacs-23.3-x86_64-2_slack13.37.txz:  Rebuilt.
  Patched to fix a security flaw in the file-local variables code.
  When the Emacs user option `enable-local-variables' is set to `:safe'
  (the default value is t), Emacs should automatically refuse to evaluate
  `eval' forms in file-local variable sections.  Due to the bug, Emacs
  instead automatically evaluates such `eval' forms.  Thus, if the user
  changes the value of `enable-local-variables' to `:safe', visiting a
  malicious file can cause automatic execution of arbitrary Emacs Lisp
  code with the permissions of the user.  Bug discovered by Paul Ling.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479
  (* Security fix *)
patches/packages/t1lib-5.1.2-x86_64-3_slack13.37.txz:  Rebuilt.
  Patched various overflows, crashes, and pointer bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2642
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
  (* Security fix *)
+--------------------------+

Codice: Seleziona tutto

Fri Aug 24 20:08:37 UTC 2012
patches/packages/php-5.3.16-x86_64-1_slack13.37.txz:  Upgraded.
  This is a bugfix release.
patches/packages/dhcp-4.2.4_P1-x86_64-1_slack13.37.txz:  Upgraded.
  This fixes memory leaks, denial of service vulnerabilities, and
  disallows packets with zero length client ids (not valid according to
  RFC 2132 section 9.14).
  For more information, see:
    https://kb.isc.org/article/AA-00736
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4539
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4868
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954
  (* Security fix *)
+--------------------------+