Slackware64-14.1 ChangeLog (2013-02-08)

Fri Feb 8 03:57:05 UTC 2013

  • d/llvm-3.2-x86_64-3.txz
    Fixed a few places where lib64 was hardcoded regardless of $ARCH.
    Thanks to Heinz Wiesinger.
  • l/sdl-1.2.15-x86_64-1.txz
    Upgraded to SDL-1.2.15, SDL_image-1.2.12, SDL_mixer-1.2.12,
    SDL_net-1.2.8, and SDL_ttf-2.0.11.
    Patched resizing and mouse clicking bugs.
  • n/curl-7.29.0-x86_64-1.txz
    When negotiating SASL DIGEST-MD5 authentication, the function
    Curl_sasl_create_digest_md5_message() uses the data provided from the
    server without doing the proper length checks and that data is then
    appended to a local fixed-size buffer on the stack. This vulnerability
    can be exploited by someone who is in control of a server that a libcurl
    based program is accessing with POP3, SMTP or IMAP. For applications
    that accept user provided URLs, it is also thinkable that a malicious
    user would feed an application with a URL to a server hosting code
    targeting this flaw.
    Affected versions: curl 7.26.0 to and including 7.28.1
    For more information, see:
    (* Security fix *)
  • news/2013/02/08/slackware64-14.1-changelog.txt
  • Last modified: 5 years ago
  • by Giuseppe Di Terlizzi