[FYI] slackware 12.1 -current package update log

sxzzsf

Wed May 7 16:13:31 CDT 2008
n/php-5.2.6-i486-1.tgz:
       Upgraded to PHP 5.2.6.
       This version of PHP contains many fixes and enhancements. Some of the fixes
       are security related, and the PHP release announcement provides this list:
       * Fixed possible stack buffer overflow in the FastCGI SAPI identified by
       Andrei Nigmatulin.
       * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
       * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
       * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
       * Properly address incomplete multibyte chars inside escapeshellcmd()
       identified by Stefan Esser.
       * Upgraded bundled PCRE to version 7.6
       When last checked, CVE-2008-0599 was not yet open. However, additional
       information should become available at this URL:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
       The list reproduced above, as well as additional information about other
       fixes in PHP 5.2.6 may be found in the PHP release announcement here:
       http://www.php.net/releases/5_2_6.php
xap/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
       Upgraded to thunderbird-2.0.0.14.
       This upgrade fixes some more security bugs.
       For more information, see:
       http://www.mozilla.org/projects/ ... es.html#thunderbird
       (* Security fix *)

fei

刚说了--12.1应该是kernel 2.6.25 php 5.2.6才对嘛。。。

sxzzsf

Wed May 14 17:22:14 CDT 2008
extra/slackpkg/slackpkg-2.70.4-noarch-1.tgz:
       Upgraded to slackpkg 2.70.4-noarch-1. This fixes a bug where the "x86"
       ARCH was not recognized in a package name, leading to the kernel-headers
       package not getting properly upgraded. Thanks to Piter Punk! -
+--------------------------+

sxzzsf

Tue May 27 22:12:01 CDT 2008
a/mkinitrd-1.3.2-i486-3.tgz: Initialize RAID earlier so that the combination
       of RAID+LUKS+LVM works. Thanks to Eric Hameleers.
xap/rdesktop-1.6.0-i486-1.tgz: Upgraded to rdesktop-1.6.0.
       According to the rdesktop ChangeLog, this contains a:
       "* Fix for potential vulnerability against compromised/malicious servers
       (reported by iDefense)"
       This package build also includes the new alsa driver (--with-sound=alsa),
       though I couldn't get local sound redirection. Perhaps it was just my
       command line error though, so the driver remains included for testing.
       For more information on the security issue, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
       (* Security fix *)
extra/ktorrent/ktorrent-2.2.7-i486-1.tgz: Upgraded to ktorrent-2.2.7.

sxzzsf

Wed May 28 19:48:34 CDT 2008
n/samba-3.0.30-i486-1.tgz:
       Upgraded to samba-3.0.30.
       This is a security release in order to address CVE-2008-1105 ("Boundary
       failure when parsing SMB responses can result in a buffer overrun").
       For more information on the security issue, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
       (* Security fix *)
+--------------------------+

sxzzsf

Sat Jun 14 11:14:22 CDT 2008
slackware/l/jre-6u10_beta-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard
       Edition Runtime Environment Version 6.0 update 10 beta. This is a BETA
       VERSION and may contain problems, but it may also fix an issue with CUPS
       printing. If this fix is important to you, it may be worth giving this
       package a try at your own risk. For now, -current seems like the only prudent
       place for this package. Hopefully we will see official 6u10 releases soon.
extra/jdk-6/jdk-6u10_beta-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard
       Edition Development Kit Version 6.0 update 10 beta. This is a BETA VERSION
       but should fix a problem with CUPS printing. See above.

sxzzsf

Wed Jun 18 14:42:48 CDT 2008
xap/mozilla-firefox-3.0-i686-1.tgz: Upgraded to firefox-3.0.
Congratulations to the Firefox people for the nice improvements, as well as
such an impressive number of first-day downloads. :-) We didn't put this
out yesterday, figuring it was better to let people download from them...
+--------------------------+

sxzzsf

Fri Jun 27 23:17:20 CDT 2008
d/ruby-1.8.6_p230-i486-1.tgz:
  Upgraded to ruby-1.8.6-p230.
  This fixes a number of security related bugs in Ruby which could lead to a
  denial of service (DoS) condition or allow execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726
  (* Security fix *)

sxzzsf

Sat Jun 28 16:52:32 CDT 2008
n/gnutls-2.2.5-i486-1.tgz:
       Upgraded to GnuTLS version 2.2.5.
       This updated package fixes bugs which can lead to a denial of service
       (DoS) in programs linked with GnuTLS. Thanks to Ossi Herrala and
       Jukka Taimisto from the CROSS project at Codenomicon Ltd. for finding
       and reporting the problems, and to Simon Josefsson and
       Nikos Mavrogiannopoulos for researching the issues and developing
       patches, and to Andreas Metzler for noting and reporting a problem with
       one of the original patches.
       For more information about the issues patched, please refer to:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
       (* Security fix *)

sxzzsf

x/wqy-zenhei-font-ttf-0.6.26_0-noarch-1.tgz:
       Upgraded to wqy-zenhei-font-ttf-0.6.26-0.
       Thanks to the WenQuanYi font authors for producing such a high-quality font.
x/xorg-server-1.4.2-i486-1.tgz:
       Upgraded xorg-server to address denial of service and possible arbitrary
       code execution flaws reported in xorg-server 1.4 prior to 1.4.2.
       For more information about the issues patched, please refer to:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
       (* Security fix *)
x/xorg-server-xnest-1.4.2-i486-1.tgz:
       Security fixes (see CVE entries above).
       (* Security fix *)
x/xorg-server-xvfb-1.4.2-i486-1.tgz:
       Security fixes (see CVE entries above).
       (* Security fix *)