Slackwarearm-current ChangeLog (2020-04-23)

Thu Apr 23 08:08:08 UTC 2020

  • a/kernel-firmware-20200421_78c0348-noarch-1.txz
  • a/openssl-solibs-1.1.1g-arm-1.txz
  • d/git-2.26.2-arm-1.txz
    This update fixes a security issue:
    With a crafted URL that contains a newline or empty host, or lacks
    a scheme, the credential helper machinery can be fooled into
    providing credential information that is not appropriate for the
    protocol in use and host being contacted.
    Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
    credentials are not for a host of the attacker's choosing; instead,
    they are for some unspecified host (based on how the configured
    credential helper handles an absent “host” parameter).
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
    (* Security fix *)
  • d/vala-0.48.4-arm-1.txz
  • l/netpbm-10.90.01-arm-1.txz
  • n/openssl-1.1.1g-arm-1.txz
    This update fixes a security issue:
    Fixed segmentation fault in SSL_check_chain() that could be exploited by a
    malicious peer in a Denial of Service attack.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
    (* Security fix *)
  • x/libva-2.7.1-arm-1.txz
  • l/M2Crypto-0.35.2-arm-4.txz
    Don't package typing-3.7.4.1 for python3.
  • news/2020/04/23/slackwarearm-current-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi