Slackwarearm-14.2 ChangeLog (1970-01-01)

+patches/packages/git-2.14.1-x86_64-1_slack14.2.txz: Upgraded.

Fixes security issues:
A “ssh:…” URL can result in a “ssh” command line with a hostname that
begins with a dash “-”, which would cause the “ssh” command to instead
(mis)treat it as an option. This is now prevented by forbidding such a
hostname (which should not impact any real-world usage).
Similarly, when GIT_PROXY_COMMAND is configured, the command is run with
host and port that are parsed out from “ssh:
…” URL; a poorly written
GIT_PROXY_COMMAND could be tricked into treating a string that begins with a
dash “-” as an option. This is now prevented by forbidding such a hostname
and port number (again, which should not impact any real-world usage).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117
(* Security fix *)

Fri Aug 11 08:08:08 UTC 2017
  • patches/packages/glibc-2.23-arm-6_slack14.2.txz
    Fixed a regression with the recent glibc patch packages:
    Don't clobber the libm.so linker script with a symlink.
    Thanks to guanx.
  • patches/packages/glibc-i18n-2.23-arm-6_slack14.2.txz
  • patches/packages/glibc-profile-2.23-arm-6_slack14.2.txz
  • patches/packages/glibc-solibs-2.23-arm-6_slack14.2.txz
  • news/1970/01/01/slackwarearm-14.2-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi