Slackwarearm-14.2 ChangeLog (2016-08-24)

Wed Aug 24 05:06:07 UTC 2016

  • patches/packages/glib2-2.46.2-arm-3_slack14.2.txz
    Applied upstream patch to fix a use-before-allocate bug in libgio. Without
    this fix, Thunar will crash if $HOME is on an NFS volume.
    Thanks to Jonathan Woithe.
  • patches/packages/stunnel-5.35-arm-2_slack14.2.txz
    Fixed incorrect config file name in generate-stunnel-key.sh.
    Thanks to Ebben Aries.
  • patches/packages/gnupg-1.4.21-arm-1_slack14.2.txz
    Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
    obtains 580 bytes from the standard RNG can trivially predict the next
    20 bytes of output. (This is according to the NEWS file included in the
    source. According to the annoucement linked below, an attacker who obtains
    4640 bits from the RNG can trivially predict the next 160 bits of output.)
    Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
    For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
    (* Security fix *)
  • patches/packages/libgcrypt-1.7.3-arm-1_slack14.2.txz
    Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
    obtains 580 bytes from the standard RNG can trivially predict the next
    20 bytes of output. (This is according to the NEWS file included in the
    source. According to the annoucement linked below, an attacker who obtains
    4640 bits from the RNG can trivially predict the next 160 bits of output.)
    Problem detected by Felix Doerre and Vladimir Klebanov, KIT.
    For more information, see:
    https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
    (* Security fix *)
  • news/2016/08/24/slackwarearm-14.2-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi