Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.0 ChangeLog (2013-02-08) ====== ====== Fri Feb 8 21:35:08 UTC 2013 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.0>patches/packages/curl-7.29.0-arm-1_slack14.0.tgz]] \\ When negotiating SASL DIGEST-MD5 authentication, the function \\ Curl_sasl_create_digest_md5_message() uses the data provided from the \\ server without doing the proper length checks and that data is then \\ appended to a local fixed-size buffer on the stack. This vulnerability \\ can be exploited by someone who is in control of a server that a libcurl \\ based program is accessing with POP3, SMTP or IMAP. For applications \\ that accept user provided URLs, it is also thinkable that a malicious \\ user would feed an application with a URL to a server hosting code \\ targeting this flaw. \\ Affected versions: curl 7.26.0 to and including 7.28.1 \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249 \\ (* Security fix *) ==== Rebuilt ==== * [[slackwarearm.14.0>patches/packages/sdl-1.2.14-arm-7_slack14.0.tgz]] \\ Patched mouse clicking bug. {{tag>slackware changelog slackwarearm-14.0 2013-02}} news/2013/02/08/slackwarearm-14.0-changelog.txt Last modified: 12 months agoby Giuseppe Di Terlizzi Log In