Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2017-04-22) ====== ====== Sat Apr 22 19:20:21 UTC 2017 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackwarearm.current>a/etc-14.2-arm-3.txz]] \\ Added user:group for NTP (UID 44/GID 44). * [[slackwarearm.current>e/emacs-25.1-arm-3.txz]] * [[slackwarearm.current>kde/calligra-2.9.11-arm-6.txz]] * [[slackwarearm.current>l/ffmpeg-3.2.4-arm-4.txz]] * [[slackwarearm.current>l/gegl-0.2.0-arm-2.txz]] * [[slackwarearm.current>l/gvfs-1.26.3-arm-2.txz]] * [[slackwarearm.current>l/virtuoso-ose-6.1.8-arm-3.txz]] * [[slackwarearm.current>xap/MPlayer-1.3_20170208-arm-3.txz]] * [[slackwarearm.current>xap/gimp-2.8.20-arm-2.txz]] * [[slackwarearm.current>xap/xv-3.10a-arm-2.txz]] * [[slackwarearm.current>xfce/tumbler-0.1.31-arm-3.txz]] \\ Fixed ffmpegthumbnailer bug. Thanks to Robby Workman. ==== Upgraded ==== * [[slackwarearm.current>a/minicom-2.7.1-arm-1.txz]] \\ Fix an out of bounds data access that can lead to remote code execution. \\ This issue was found by Solar Designer of Openwall during a security audit \\ of the Virtuozzo 7 product, which contains derived downstream code in its \\ prl-vzvncserver component. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467 \\ (* Security fix *) * [[slackwarearm.current>a/ntfs-3g-2017.3.23-arm-1.txz]] * [[slackwarearm.current>a/usb_modeswitch-2.5.0-arm-1.txz]] * [[slackwarearm.current>ap/acct-6.6.3-arm-1.txz]] * [[slackwarearm.current>ap/bc-1.07.1-arm-1.txz]] * [[slackwarearm.current>ap/cups-2.2.3-arm-1.txz]] * [[slackwarearm.current>ap/cups-filters-1.13.4-arm-1.txz]] * [[slackwarearm.current>ap/dc3dd-7.2.646-arm-1.txz]] * [[slackwarearm.current>ap/gutenprint-5.2.12-arm-1.txz]] * [[slackwarearm.current>ap/hplip-3.17.4-arm-1.txz]] * [[slackwarearm.current>ap/nano-2.8.1-arm-1.txz]] * [[slackwarearm.current>ap/sudo-1.8.19p2-arm-1.txz]] * [[slackwarearm.current>d/git-2.12.2-arm-1.txz]] * [[slackwarearm.current>d/mercurial-4.1.3-arm-1.txz]] * [[slackwarearm.current>l/LibRaw-0.18.2-arm-1.txz]] * [[slackwarearm.current>l/babl-0.1.24-arm-1.txz]] * [[slackwarearm.current>l/enchant-1.6.1-arm-1.txz]] * [[slackwarearm.current>l/giflib-5.1.4-arm-1.txz]] * [[slackwarearm.current>l/imagemagick-6.9.8_3-arm-1.txz]] \\ Shared library .so-version bump. \\ Moved from xap/ series. * [[slackwarearm.current>l/jasper-2.0.12-arm-1.txz]] \\ Shared library .so-version bump. \\ Thanks to Heinz Wiesinger. * [[slackwarearm.current>l/libarchive-3.3.1-arm-1.txz]] * [[slackwarearm.current>l/libdiscid-0.6.2-arm-1.txz]] * [[slackwarearm.current>l/libgphoto2-2.5.13-arm-1.txz]] * [[slackwarearm.current>l/libmtp-1.1.13-arm-1.txz]] * [[slackwarearm.current>l/libraw1394-2.1.2-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/libsamplerate-0.1.9-arm-1.txz]] * [[slackwarearm.current>l/libsndfile-1.0.28-arm-1.txz]] * [[slackwarearm.current>l/libspectre-0.2.8-arm-1.txz]] * [[slackwarearm.current>l/libtiff-4.0.7-arm-1.txz]] \\ This release contains security fixes and improvements. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448 \\ (* Security fix *) * [[slackwarearm.current>l/libvncserver-0.9.11-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/poppler-0.53.0-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/wavpack-5.1.0-arm-1.txz]] * [[slackwarearm.current>n/bind-9.11.0_P5-arm-1.txz]] \\ Fixed denial of service security issues. \\ For more information, see: \\ https://kb.isc.org/article/AA-01465 \\ https://kb.isc.org/article/AA-01466 \\ https://kb.isc.org/article/AA-01471 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138 \\ (* Security fix *) * [[slackwarearm.current>n/curl-7.54.0-arm-1.txz]] \\ This update fixes a security issue: \\ Switch off SSL session id when client cert is used. \\ For more information, see: \\ https://curl.haxx.se/docs/adv_20170419.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468 \\ (* Security fix *) * [[slackwarearm.current>n/dhcpcd-6.11.5-arm-1.txz]] \\ Thanks to Robby Workman. * [[slackwarearm.current>n/ethtool-4.10-arm-1.txz]] * [[slackwarearm.current>n/getmail-4.54.0-arm-1.txz]] * [[slackwarearm.current>n/mutt-1.8.1-arm-1.txz]] * [[slackwarearm.current>n/ntp-4.2.8p10-arm-1.txz]] \\ In addition to bug fixes and enhancements, this release fixes security \\ issues of medium and low severity: \\ Denial of Service via Malformed Config (Medium) \\ Authenticated DoS via Malicious Config Option (Medium) \\ Potential Overflows in ctl_put() functions (Medium) \\ Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium) \\ 0rigin DoS (Medium) \\ Buffer Overflow in DPTS Clock (Low) \\ Improper use of snprintf() in mx4200_send() (Low) \\ The following issues do not apply to Linux systems: \\ Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low) \\ Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low) \\ Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low) \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459 \\ (* Security fix *) * [[slackwarearm.current>n/openvpn-2.4.1-arm-1.txz]] * [[slackwarearm.current>n/proftpd-1.3.6-arm-1.txz]] \\ This release fixes a security issue: \\ AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418 \\ (* Security fix *) * [[slackwarearm.current>x/libdrm-2.4.80-arm-1.txz]] * [[slackwarearm.current>x/libinput-1.7.0-arm-1.txz]] * [[slackwarearm.current>x/libpciaccess-0.13.5-arm-1.txz]] * [[slackwarearm.current>x/libva-1.8.0-arm-1.txz]] * [[slackwarearm.current>x/m17n-lib-1.7.0-arm-1.txz]] * [[slackwarearm.current>x/mesa-17.0.4-arm-1.txz]] * [[slackwarearm.current>x/motif-2.3.7-arm-1.txz]] * [[slackwarearm.current>xap/mozilla-thunderbird-52.0.1-arm-1.txz]] * [[slackwarearm.current>xap/xine-lib-1.2.8-arm-1.txz]] \\ Thanks to Heinz Wiesinger. * [[slackwarearm.current>xap/xlockmore-5.51-arm-1.txz]] ==== Added ==== * [[slackwarearm.current>l/libbluray-1.0.0-arm-1.txz]] \\ Built with support for BD-J menus, but without the necessary .jar \\ file to use it. Thanks to Heinz Wiesinger. {{tag>slackware changelog slackwarearm-current 2017/04}} news/2017/04/22/slackwarearm-current-changelog.txt Last modified: 7 years agoby Giuseppe Di Terlizzi Log In