Slackware-current ChangeLog (2019-04-18)
Thu Apr 18 21:13:58 UTC 2019
Packages
Upgraded
- l/libcdio-2.1.0-i586-1.txz
Shared library .so-version bump. - n/dovecot-2.3.5.2-i586-1.txz
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *) - n/openssh-8.0p1-i586-1.txz
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *) - xap/MPlayer-20190418-i586-1.txz
Compiled against libcdio-2.1.0. - extra/pure-alsa-system/MPlayer-20190418-i586-1_alsa.txz
Compiled against libcdio-2.1.0.
Rebuilt
- l/gvfs-1.40.1-i586-2.txz
Recompiled against libcdio-2.1.0. - l/libcddb-1.3.2-i586-6.txz
Recompiled against libcdio-2.1.0. - l/libcdio-paranoia-10.2+2.0.0-i586-2.txz
Recompiled against libcdio-2.1.0. - xap/audacious-plugins-3.10.1-i586-2.txz
Recompiled against libcdio-2.1.0. - extra/pure-alsa-system/audacious-plugins-3.10.1-i586-2_alsa.txz
Recompiled against libcdio-2.1.0.