Slackware-current ChangeLog (2017-12-20)
Wed Dec 20 22:56:42 UTC 2017
Packages
Upgraded
Rebuilt
- xap/network-manager-applet-1.8.10-i586-2.txz
Patched to fix crash with NetworkManager-openvpn. Thanks to USUARIONUEVO.
Wed Dec 20 03:05:58 UTC 2017
Packages
Rebuilt
- ap/pamixer-1.3.1-i586-5.txz
Recompiled against boost-1.66.0. - kde/calligra-2.9.11-i586-18.txz
Recompiled against boost-1.66.0. - kde/kig-4.14.3-i586-7.txz
Recompiled against boost-1.66.0. - l/akonadi-1.13.0-i586-8.txz
Recompiled against boost-1.66.0. - xap/pan-0.143-i586-3.txz
Recompiled against gmime-2.
Upgraded
- d/ruby-2.4.3-i586-1.txz
This update fixes a security issue:
Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile
use Kernel#open to open a local file. If the localfile argument starts with
the pipe character “|”, the command following the pipe character is executed.
The default value of localfile is File.basename(remotefile), so malicious FTP
servers could cause arbitrary command execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405
(* Security fix *) - l/boost-1.66.0-i586-1.txz
Shared library .so-version bump. - l/gmime-2.6.23-i586-2.txz
Revert to gmime-2 until the issues with pan are worked out. Nothing else in
Slackware is using this library. - testing/packages/linux-4.14.7/kernel-source-4.14.7_smp-noarch-1.txz
These sources have been patched with two patches that have been submitted
upstream but have yet to appear in the mainline or stable kernels. With the
patches applied this kernel seems stable now on both 32 and 64-bit x86.
Thanks to Michele Ballabio for reporting the issue to the upstream kernel
developers, and to Ming Lei for the fix. Once these patches appear in the
4.14.x kernel series (and barring any other major regressions), we'll be
moving these kernels back into the main tree.