Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware64-13.37 ChangeLog (2015-02-16) ====== ====== Mon Feb 16 19:33:36 UTC 2015 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware64.13.37>patches/packages/patch-2.7.4-x86_64-1_slack13.37.txz]] \\ Patch no longer follows symbolic links to input and output files. This \\ ensures that symbolic links created by git-style patches cannot cause \\ patch to write outside the working directory. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196 \\ (* Security fix *) * [[slackware64.13.37>patches/packages/sudo-1.8.12-x86_64-1_slack13.37.txz]] \\ This update fixes a potential security issue by only passing the TZ \\ environment variable it is considered safe. This prevents exploiting bugs \\ in glibc's TZ parser that could be used to read files that the user does \\ not have access to, or to cause a denial of service. \\ For more information, see: \\ http://www.sudo.ws/sudo/alerts/tz.html \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680 \\ (* Security fix *) {{tag>slackware changelog slackware64-13.37 2015-02}} news/2015/02/16/slackware64-13.37-changelog.txt Last modified: 12 months agoby Giuseppe Di Terlizzi Log In