Slackware64-current ChangeLog (2023-02-01)
Wed Feb 1 22:27:31 UTC 2023
Packages
Upgraded
- l/apr-1.7.2-x86_64-1.txz
This update fixes security issues:
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer. (CVE-2022-24963)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-24963
https://www.cve.org/CVERecord?id=CVE-2021-35940
https://www.cve.org/CVERecord?id=CVE-2017-12613
(* Security fix *) - l/apr-util-1.6.3-x86_64-1.txz
This update fixes a security issue:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer. (CVE-2022-25147)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-25147
(* Security fix *) - xap/mozilla-thunderbird-102.7.1-x86_64-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/
https://www.cve.org/CVERecord?id=CVE-2023-0430
(* Security fix *)
Rebuilt
Wed Feb 1 05:29:53 UTC 2023
Packages
Rebuilt
- d/perl-5.36.0-x86_64-3.txz
Upgraded: IO-Socket-SSL-2.081, Moo-2.005005, Path-Tiny-0.144,
Sub-Quote-2.006008, Template-Toolkit-3.101, URI-5.17.
Added: JSON-4.10 (needed to build Samba with –bundled-libraries=heimdal).
Upgraded
- l/gjs-1.74.1-x86_64-1.txz
Compiled against mozjs102-102.7.0esr. - l/polkit-122-x86_64-1.txz
Compiled against mozjs102-102.7.0esr.
Added
- l/mozjs102-102.7.0esr-x86_64-1.txz
This is required by gjs-1.74.1 and polkit-122.