Slackwarearm-current ChangeLog (2020-04-23)
Thu Apr 23 08:08:08 UTC 2020
The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/slack-current-miniroot_22Apr20.tar.xz
Packages
Upgraded
- a/kernel-firmware-20200421_78c0348-noarch-1.txz
- a/openssl-solibs-1.1.1g-arm-1.txz
- d/git-2.26.2-arm-1.txz
This update fixes a security issue:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent “host” parameter).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
(* Security fix *) - d/vala-0.48.4-arm-1.txz
- l/netpbm-10.90.01-arm-1.txz
- n/openssl-1.1.1g-arm-1.txz
This update fixes a security issue:
Fixed segmentation fault in SSL_check_chain() that could be exploited by a
malicious peer in a Denial of Service attack.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
(* Security fix *) - x/libva-2.7.1-arm-1.txz
Rebuilt
- l/M2Crypto-0.35.2-arm-4.txz
Don't package typing-3.7.4.1 for python3.