patches/packages/php-5.2.9-i486-1_slack12.1.tgz
This update fixes a few security issues:
- Fixed a crash on extract in zip when files or directories entry names
contain a relative path.
- Fixed security issue in imagerotate(), background colour isn't validated
correctly with a non truecolour image. (CVE-2008-5498)
Reported by Hamid Ebadi, APA Laboratory.
- Fixed a segfault when malformed string is passed to json_decode().
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
(* Security fix *)
patches/packages/xine-lib-1.1.16.3-i486-1_slack12.1.tgz:
Upgraded to xine-lib-1.1.16.3.
- Fix another possible int overflow in the 4XM demuxer.
(ref. TKADV2009-004, CVE-2009-0385)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
(* Security fix *)