Slackware-12.1 ChangeLog (2009-04-07)

Tue Apr 7 16:59:49 CDT 2009

  • patches/packages/php-5.2.9-i486-1_slack12.1.tgz
    This update fixes a few security issues:
    - Fixed a crash on extract in zip when files or directories entry names
    contain a relative path.
    - Fixed security issue in imagerotate(), background colour isn't validated
    correctly with a non truecolour image. (CVE-2008-5498)
    Reported by Hamid Ebadi, APA Laboratory.
    - Fixed a segfault when malformed string is passed to json_decode().
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
    (* Security fix *)
    patches/packages/xine-lib-1.1.16.3-i486-1_slack12.1.tgz:
    Upgraded to xine-lib-1.1.16.3.
    - Fix another possible int overflow in the 4XM demuxer.
    (ref. TKADV2009-004, CVE-2009-0385)
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
    (* Security fix *)
  • news/2009/04/07/slackware-12.1-changelog.txt
  • Last modified: 12 months ago
  • by Giuseppe Di Terlizzi