Slackwarearm-current ChangeLog (2017-04-22)
Sat Apr 22 19:20:21 UTC 2017
Packages
Rebuilt
- a/etc-14.2-arm-3.txz
Added user:group for NTP (UID 44/GID 44). - e/emacs-25.1-arm-3.txz
- kde/calligra-2.9.11-arm-6.txz
- l/ffmpeg-3.2.4-arm-4.txz
- l/gegl-0.2.0-arm-2.txz
- l/gvfs-1.26.3-arm-2.txz
- l/virtuoso-ose-6.1.8-arm-3.txz
- xap/MPlayer-1.3_20170208-arm-3.txz
- xap/gimp-2.8.20-arm-2.txz
- xap/xv-3.10a-arm-2.txz
- xfce/tumbler-0.1.31-arm-3.txz
Fixed ffmpegthumbnailer bug. Thanks to Robby Workman.
Upgraded
- a/minicom-2.7.1-arm-1.txz
Fix an out of bounds data access that can lead to remote code execution.
This issue was found by Solar Designer of Openwall during a security audit
of the Virtuozzo 7 product, which contains derived downstream code in its
prl-vzvncserver component.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467
(* Security fix *) - a/ntfs-3g-2017.3.23-arm-1.txz
- a/usb_modeswitch-2.5.0-arm-1.txz
- ap/acct-6.6.3-arm-1.txz
- ap/bc-1.07.1-arm-1.txz
- ap/cups-2.2.3-arm-1.txz
- ap/cups-filters-1.13.4-arm-1.txz
- ap/dc3dd-7.2.646-arm-1.txz
- ap/gutenprint-5.2.12-arm-1.txz
- ap/hplip-3.17.4-arm-1.txz
- ap/nano-2.8.1-arm-1.txz
- ap/sudo-1.8.19p2-arm-1.txz
- d/git-2.12.2-arm-1.txz
- d/mercurial-4.1.3-arm-1.txz
- l/LibRaw-0.18.2-arm-1.txz
- l/babl-0.1.24-arm-1.txz
- l/enchant-1.6.1-arm-1.txz
- l/giflib-5.1.4-arm-1.txz
- l/imagemagick-6.9.8_3-arm-1.txz
Shared library .so-version bump.
Moved from xap/ series. - l/jasper-2.0.12-arm-1.txz
Shared library .so-version bump.
Thanks to Heinz Wiesinger. - l/libarchive-3.3.1-arm-1.txz
- l/libdiscid-0.6.2-arm-1.txz
- l/libgphoto2-2.5.13-arm-1.txz
- l/libmtp-1.1.13-arm-1.txz
- l/libraw1394-2.1.2-arm-1.txz
Shared library .so-version bump. - l/libsamplerate-0.1.9-arm-1.txz
- l/libsndfile-1.0.28-arm-1.txz
- l/libspectre-0.2.8-arm-1.txz
- l/libtiff-4.0.7-arm-1.txz
This release contains security fixes and improvements.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448
(* Security fix *) - l/libvncserver-0.9.11-arm-1.txz
Shared library .so-version bump. - l/poppler-0.53.0-arm-1.txz
Shared library .so-version bump. - l/wavpack-5.1.0-arm-1.txz
- n/bind-9.11.0_P5-arm-1.txz
Fixed denial of service security issues.
For more information, see:
https://kb.isc.org/article/AA-01465
https://kb.isc.org/article/AA-01466
https://kb.isc.org/article/AA-01471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138
(* Security fix *) - n/curl-7.54.0-arm-1.txz
This update fixes a security issue:
Switch off SSL session id when client cert is used.
For more information, see:
https://curl.haxx.se/docs/adv_20170419.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468
(* Security fix *) - n/dhcpcd-6.11.5-arm-1.txz
Thanks to Robby Workman. - n/ethtool-4.10-arm-1.txz
- n/getmail-4.54.0-arm-1.txz
- n/mutt-1.8.1-arm-1.txz
- n/ntp-4.2.8p10-arm-1.txz
In addition to bug fixes and enhancements, this release fixes security
issues of medium and low severity:
Denial of Service via Malformed Config (Medium)
Authenticated DoS via Malicious Config Option (Medium)
Potential Overflows in ctl_put() functions (Medium)
Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
0rigin DoS (Medium)
Buffer Overflow in DPTS Clock (Low)
Improper use of snprintf() in mx4200_send() (Low)
The following issues do not apply to Linux systems:
Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459
(* Security fix *) - n/openvpn-2.4.1-arm-1.txz
- n/proftpd-1.3.6-arm-1.txz
This release fixes a security issue:
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418
(* Security fix *) - x/libdrm-2.4.80-arm-1.txz
- x/libinput-1.7.0-arm-1.txz
- x/libpciaccess-0.13.5-arm-1.txz
- x/libva-1.8.0-arm-1.txz
- x/m17n-lib-1.7.0-arm-1.txz
- x/mesa-17.0.4-arm-1.txz
- x/motif-2.3.7-arm-1.txz
- xap/mozilla-thunderbird-52.0.1-arm-1.txz
- xap/xine-lib-1.2.8-arm-1.txz
Thanks to Heinz Wiesinger. - xap/xlockmore-5.51-arm-1.txz
Added
- l/libbluray-1.0.0-arm-1.txz
Built with support for BD-J menus, but without the necessary .jar
file to use it. Thanks to Heinz Wiesinger.