Slackwarearm-current ChangeLog (2018-08-03)

Fri Aug 03 08:08:08 UTC 2018

  • ap/man-db-2.8.4-arm-1.txz
  • d/gdb-8.1.1-arm-1.txz
  • d/python-pip-18.0-arm-1.txz
  • d/python-setuptools-40.0.0-arm-1.txz
  • d/python3-3.6.6-arm-1.txz
  • l/harfbuzz-1.8.5-arm-1.txz
  • l/libpcap-1.9.0-arm-1.txz
  • l/pango-1.42.3-arm-1.txz
  • n/lftp-4.8.4-arm-1.txz
    It has been discovered that lftp up to and including version 4.8.3 does
    not properly sanitize remote file names, leading to a loss of integrity
    on the local system when reverse mirroring is used. A remote attacker
    may trick a user to use reverse mirroring on an attacker controlled FTP
    server, resulting in the removal of all files in the current working
    directory of the victim's system.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
    (* Security fix *)
  • x/fonttosfnt-1.0.5-arm-1.txz
  • x/libdrm-2.4.93-arm-1.txz
  • xap/blueman-2.0.6-arm-1.txz
    This update fixes an issue where blueman-mechanism did not enforce the
    polkit action 'org.blueman.network.setup' for which a polkit policy is
    shipped. This meant that any user with access to the D-Bus system bus was
    able to access the related API without authentication. The result was an
    unspecified impact on the networking stack.
    Thanks to Matthias Gerstner for discovering this issue.
    (* Security fix *)
  • news/2018/08/03/slackwarearm-current-changelog.txt
  • Last modified: 2 years ago
  • by Giuseppe Di Terlizzi