This is an old revision of the document!
Slackwarearm-14.2 ChangeLog (2018-10-17)
Wed Oct 17 08:08:08 UTC 2018
Packages
Upgraded
- patches/packages/git-2.14.5-arm-1_slack14.2.txz
This update fixes a security issue:
Submodules' “URL“s come from the untrusted .gitmodules file, but we
blindly gave it to “git clone” to clone submodules when “git clone
–recurse-submodules” was used to clone a project that has such a
submodule. The code has been hardened to reject such malformed URLs
(e.g. one that begins with a dash). Credit for finding and fixing this
vulnerability goes to joernchen and Jeff King, respectively.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
(* Security fix *) - patches/packages/libssh-0.7.6-arm-1_slack14.2.txz
Fixed authentication bypass vulnerability.
For more information, see:
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
(* Security fix *)