Slackware-current ChangeLog (2019-02-06)
Wed Feb 6 22:44:32 UTC 2019
Packages
Upgraded
- l/libvpx-1.8.0-i586-1.txz
Shared library .so-version bump. - n/curl-7.64.0-i586-1.txz
This release fixes the following security issues:
NTLM type-2 out-of-bounds buffer read.
NTLMv2 type-3 header stack buffer overflow.
SMTP end-of-response out-of-bounds read.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
(* Security fix *)
Rebuilt
- d/opencl-headers-2.2-noarch-2.txz
Don't trigger “#pragma message” in cl_version.h when falling back on a
default version of OpenCL to target. Applications such as ffmpeg detect
this as an error and fail to compile. - l/gst-plugins-good-1.14.4-i586-2.txz
Recompiled against libvpx-1.8.0. - n/samba-4.9.4-i586-2.txz
Added time.h to libsmbclient.h to fix ffmpeg compatibility.
Thanks to USUARIONUEVO. - xap/xine-lib-1.2.9-i586-4.txz
Recompiled against libvpx-1.8.0.
Wed Feb 6 00:29:25 UTC 2019
Packages
Upgraded
- ap/linuxdoc-tools-0.9.73-i586-1.txz
Upgraded to gtk-doc-1.29.
Upgraded to asciidoc-8.6.10.
Upgraded to perl-XML-SAX-1.00.
Thanks to Stuart Winter. - d/slacktrack-2.19-i586-1.txz
Thanks to Stuart Winter. - n/dovecot-2.3.4.1-i586-1.txz
This update addresses security issues:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the cert_username
field. This may have allowed users with trusted certificate to specify any
username in the authentication. This bug didn't affect Dovecot's
Submission service.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
(* Security fix *)