Slackware-current ChangeLog (2018-03-29)
Thu Mar 29 20:48:28 UTC 2018
Packages
Rebuilt
- a/bash-4.4.019-i586-2.txz
Fixed builtins.1 and rbash.1 manpages to work properly with strict
implementations (such as mandoc). Thanks to orbea. - d/flex-2.6.4-i586-2.txz
Fix flex compiled with recent glibc. Thanks to nobodino. - d/subversion-1.9.7-i586-3.txz
Recompiled for ruby-2.5.1. - kde/korundum-4.14.3-i586-5.txz
Recompiled for ruby-2.5.1. - kde/qtruby-4.14.3-i586-7.txz
Recompiled for ruby-2.5.1. - l/apr-util-1.6.1-i586-4.txz
Merged upstream patch to fix httpd build. - n/epic5-2.0.1-i586-3.txz
Recompiled for ruby-2.5.1.
Upgraded
- d/python3-3.6.5-i586-1.txz
Refactored difflib and poplib to fix potential DoS vectors.
Thanks to Jamie Davis for the patch.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
(* Security fix *) - d/ruby-2.5.1-i586-1.txz
This release includes some bug fixes and some security fixes:
HTTP response splitting in WEBrick.
Unintentional file and directory creation with directory traversal in
tempfile and tmpdir.
DoS by large request in WEBrick.
Buffer under-read in String#unpack.
Unintentional socket creation by poisoned NUL byte in UNIXServer
and UNIXSocket.
Unintentional directory traversal by poisoned NUL byte in Dir.
Multiple vulnerabilities in RubyGems.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780
(* Security fix *)
Thu Mar 29 01:02:50 UTC 2018
Packages
Rebuilt
- a/etc-15.0-i586-3.txz
When adding an sddm user, use $HOME = /var/lib/sddm.
Make sure the sddm user is a member of the video group. - extra/recordmydesktop/recordmydesktop-0.3.8.1-i586-4.txz
Applied bitrate patches from Arch. Thanks to USUARIONUEVO.
Upgraded
- n/openssl-1.0.2o-i586-1.txz
This update fixes a security issue:
Constructed ASN.1 types with a recursive definition could exceed the stack.
For more information, see:
https://www.openssl.org/news/secadv/20180327.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
(* Security fix *)