Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-14.2 ChangeLog (2017-07-19) ====== ====== Wed Jul 19 08:08:08 UTC 2017 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.14.2>patches/packages/expat-2.2.2-arm-1_slack14.2.txz]] \\ Fixes security issues including: \\ External entity infinite loop DoS \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233 \\ https://libexpat.github.io/doc/cve-2017-9233/ \\ (* Security fix *) * [[slackwarearm.14.2>patches/packages/gd-2.2.4-arm-1_slack14.2.txz]] \\ Fixes security issues: \\ gdImageCreate() doesn't check for oversized images and as such is prone to \\ DoS vulnerabilities. (CVE-2016-9317) \\ double-free in gdImageWebPtr() (CVE-2016-6912) \\ potential unsigned underflow in gd_interpolation.c (CVE-2016-10166) \\ DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) \\ Signed Integer Overflow gd_io.c (CVE-2016-10168) \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168 \\ (* Security fix *) * [[slackwarearm.14.2>patches/packages/libtirpc-1.0.2-arm-1_slack14.2.txz]] \\ This is a bugfix release. ==== Rebuilt ==== * [[slackwarearm.14.2>patches/packages/rpcbind-0.2.4-arm-2_slack14.2.txz]] \\ Fixed a bug in a previous patch where a svc_freeargs() call ended up freeing \\ a static pointer causing rpcbind to crash. Thanks to Jonathan Woithe, \\ Rafael Jorge Csura Szendrodi, and Robby Workman for identifying the problem \\ and helping to test a fix. {{tag>slackware changelog slackwarearm-14.2 2017-07}} news/2017/07/19/slackwarearm-14.2-changelog.txt Last modified: 6 months agoby Giuseppe Di Terlizzi Log In