Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-13.0 ChangeLog (2011-08-25) ====== ====== Thu Aug 25 09:10:45 UTC 2011 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.13.0>patches/packages/php-5.3.8-i486-1_slack13.0.txz]] \\ Security fixes vs. 5.3.6 (5.3.7 was not usable): \\ Updated crypt_blowfish to 1.2. (CVE-2011-2483) \\ Fixed crash in error_log(). Reported by Mateusz Kocielski \\ Fixed buffer overflow on overlog salt in crypt(). \\ Fixed bug #54939 (File path injection vulnerability in RFC1867 \\ File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) \\ Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) \\ Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 \\ For those upgrading from PHP 5.2.x, be aware that quite a bit has \\ changed, and it will very likely not 'drop in', but PHP 5.2.x is not \\ supported by php.net any longer, so there wasn't a lot of choice \\ in the matter. We're not able to support a security fork of \\ PHP 5.2.x here either, so you'll have to just bite the bullet on \\ this. You'll be better off in the long run. :) \\ (* Security fix *) {{tag>slackware changelog slackware-13.0 2011-08}} news/2011/08/25/slackware-13.0-changelog.txt Last modified: 12 months agoby Giuseppe Di Terlizzi Log In