Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.2 ChangeLog (1970-01-01) ====== ====== +patches/packages/git-2.14.1-x86_64-1_slack14.2.txz: Upgraded. ====== > Fixes security issues: \\ A "ssh://..." URL can result in a "ssh" command line with a hostname that \\ begins with a dash "-", which would cause the "ssh" command to instead \\ (mis)treat it as an option. This is now prevented by forbidding such a \\ hostname (which should not impact any real-world usage). \\ Similarly, when GIT_PROXY_COMMAND is configured, the command is run with \\ host and port that are parsed out from "ssh://..." URL; a poorly written \\ GIT_PROXY_COMMAND could be tricked into treating a string that begins with a \\ dash "-" as an option. This is now prevented by forbidding such a hostname \\ and port number (again, which should not impact any real-world usage). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117 \\ (* Security fix *) \\ \\ Fri Aug 11 08:08:08 UTC 2017 ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.2>patches/packages/curl-7.55.0-arm-1_slack14.2.txz]] \\ This update fixes three security issues: \\ URL globbing out of bounds read \\ TFTP sends more than buffer size \\ FILE buffer read out of bounds \\ For more information, see: \\ https://curl.haxx.se/docs/adv_20170809A.html \\ https://curl.haxx.se/docs/adv_20170809B.html \\ https://curl.haxx.se/docs/adv_20170809C.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000099 \\ (* Security fix *) ==== Rebuilt ==== * [[slackwarearm.14.2>patches/packages/glibc-2.23-arm-6_slack14.2.txz]] \\ Fixed a regression with the recent glibc patch packages: \\ Don't clobber the libm.so linker script with a symlink. \\ Thanks to guanx. * [[slackwarearm.14.2>patches/packages/glibc-i18n-2.23-arm-6_slack14.2.txz]] * [[slackwarearm.14.2>patches/packages/glibc-profile-2.23-arm-6_slack14.2.txz]] * [[slackwarearm.14.2>patches/packages/glibc-solibs-2.23-arm-6_slack14.2.txz]] {{tag>slackware changelog slackwarearm-14.2 1970/01}} news/1970/01/01/slackwarearm-14.2-changelog.txt Last modified: 7 years agoby Giuseppe Di Terlizzi Log In