Slackwarearm-14.2 ChangeLog (2017-07-19)
Wed Jul 19 08:08:08 UTC 2017
Packages
Upgraded
- patches/packages/expat-2.2.2-arm-1_slack14.2.txz
Fixes security issues including:
External entity infinite loop DoS
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
https://libexpat.github.io/doc/cve-2017-9233/
(* Security fix *) - patches/packages/gd-2.2.4-arm-1_slack14.2.txz
Fixes security issues:
gdImageCreate() doesn't check for oversized images and as such is prone to
DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
Signed Integer Overflow gd_io.c (CVE-2016-10168)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
(* Security fix *) - patches/packages/libtirpc-1.0.2-arm-1_slack14.2.txz
This is a bugfix release.
Rebuilt
- patches/packages/rpcbind-0.2.4-arm-2_slack14.2.txz
Fixed a bug in a previous patch where a svc_freeargs() call ended up freeing
a static pointer causing rpcbind to crash. Thanks to Jonathan Woithe,
Rafael Jorge Csura Szendrodi, and Robby Workman for identifying the problem
and helping to test a fix.