Slackware-14.1 ChangeLog (2013-02-08)

Fri Feb 8 03:57:05 UTC 2013

Added

Rebuilt

  • d/llvm-3.2-i486-3.txz
    Fixed a few places where lib64 was hardcoded regardless of $ARCH.
    Thanks to Heinz Wiesinger.

Upgraded

  • l/sdl-1.2.15-i486-1.txz
    Upgraded to SDL-1.2.15, SDL_image-1.2.12, SDL_mixer-1.2.12,
    SDL_net-1.2.8, and SDL_ttf-2.0.11.
    Patched resizing and mouse clicking bugs.
  • n/curl-7.29.0-i486-1.txz
    When negotiating SASL DIGEST-MD5 authentication, the function
    Curl_sasl_create_digest_md5_message() uses the data provided from the
    server without doing the proper length checks and that data is then
    appended to a local fixed-size buffer on the stack. This vulnerability
    can be exploited by someone who is in control of a server that a libcurl
    based program is accessing with POP3, SMTP or IMAP. For applications
    that accept user provided URLs, it is also thinkable that a malicious
    user would feed an application with a URL to a server hosting code
    targeting this flaw.
    Affected versions: curl 7.26.0 to and including 7.28.1
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
    (* Security fix *)