Slackwarearm-current ChangeLog (2013-12-19)

Thu Dec 19 19:12:23 UTC 2013

  • d/llvm-3.3-arm-3.tgz
    The LLVM package included binaries with an rpath pointing to the build
    location. This allows an attacker with write access to that location to add
    modified libraries (and execute arbitrary code) as any user running the LLVM
    binaries. This updated package rebuilds LLVM to exclude the build directories
    from the rpath information.
    Thanks to Christopher Oliver for the bug report.
    (* Security fix *)
  • l/libjpeg-v8a-arm-3.tgz
    Fix use of uninitialized memory when decoding images with missing SOS data
    for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
    This could allow remote attackers to obtain sensitive information from
    uninitialized memory locations via a crafted JPEG image.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
    (* Security fix *)
  • d/ruby-1.9.3_p484-arm-1.tgz
    This update fixes a heap overflow in floating point parsing. A specially
    crafted string could cause a heap overflow leading to a denial of service
    attack via segmentation faults and possibly arbitrary code execution.
    For more information, see:
    https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
    (* Security fix *)
  • kde/calligra-2.7.5-arm-1.tgz
  • kdei/calligra-l10n-bs-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-ca-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-cs-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-da-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-de-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-el-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-es-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-et-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-fi-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-fr-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-gl-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-hu-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-ia-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-it-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-kk-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-nb-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-nds-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-nl-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-pl-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-pt-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-pt_BR-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-ru-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-sk-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-sl-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-sv-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-tr-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-uk-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-zh_CN-2.7.5-noarch-1.tgz
  • kdei/calligra-l10n-zh_TW-2.7.5-noarch-1.tgz
  • l/cairo-1.12.16-arm-1.tgz
    Removed –enable-xcb-shm (may cause instability with GTK+3).
    Removed –enable-xlib-xcb (causes GIMP slowdown).
    Added –enable-ft and –enable-gl.
  • l/libiodbc-3.52.8-arm-1.tgz
    This update fixes an rpath pointing to a location in /tmp that was found in
    two test programs (iodbctest and iodbctestw). This could have allowed a
    local attacker with write access to /tmp to add modified libraries (and
    execute arbitrary code) as any user running the test programs.
    Thanks to Christopher Oliver for the bug report.
    (* Security fix *)
  • l/mozilla-nss-3.15.3-arm-1.tgz
    This update contains security fixes and improvements.
    For more information, see:
    http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
    (* Security fix *)
  • xap/gimp-2.8.10-arm-1.tgz
  • news/2013/12/19/slackwarearm-current-changelog.txt
  • Last modified: 6 years ago
  • by Giuseppe Di Terlizzi