This is an old revision of the document!
Slackware-13.0 ChangeLog (2010-08-27)
Fri Aug 27 00:23:17 UTC 2010
Packages
Rebuilt
- patches/packages/gnupg2-2.0.12-i486-2_slack13.0.txz
Patched to fix “Realloc Bug with X.509 certificates in GnuPG”.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547
(* Security fix *) - patches/packages/xorg-server-1.6.3-i486-2_slack13.0.txz
Patched to prevent overwriting stack memory and bypassing security mechanisms
on systems that use a 2.6 Linux kernel. Reported by Rafal Wojtczuk.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240
(* Security fix *) - patches/packages/xorg-server-xephyr-1.6.3-i486-2_slack13.0.txz
- patches/packages/xorg-server-xnest-1.6.3-i486-2_slack13.0.txz
- patches/packages/xorg-server-xvfb-1.6.3-i486-2_slack13.0.txz
Upgraded
- patches/packages/httpd-2.2.16-i486-1_slack13.0.txz
Fix Handling of requests without a path segment.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
(* Security fix *) - patches/packages/php-5.2.14-i486-1_slack13.0.txz
Fixed several security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
http://www.php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
http://www.php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/index.html
(* Security fix *) - patches/packages/pidgin-2.7.3-i486-1_slack13.0.txz
This fixes a crash due to malformed X-Status messages.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528
(* Security fix *)