Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2014-04-02) ====== ====== Wed Apr 2 19:31:23 UTC 2014 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/kernel-modules-armv7-3.13.7_armv7-arm-1.tgz]] * [[slackwarearm.current>a/kernel-modules-kirkwood-3.13.7_kirkwood-arm-1.tgz]] * [[slackwarearm.current>a/kernel_armv7-3.13.7-arm-1.txz]] * [[slackwarearm.current>a/kernel_kirkwood-3.13.7-arm-1.txz]] * [[slackwarearm.current>ap/mpg123-1.18.0-arm-1.tgz]] * [[slackwarearm.current>k/kernel-source-3.13.7-arm-1.txz]] * [[slackwarearm.current>l/apr-1.5.0-arm-1.txz]] * [[slackwarearm.current>l/apr-util-1.5.3-arm-1.txz]] * [[slackwarearm.current>l/mozilla-nss-3.16-arm-1.txz]] \\ This update fixes a security issue: \\ The cert_TestHostName function in lib/certdb/certdb.c in the \\ certificate-checking implementation in Mozilla Network Security Services \\ (NSS) before 3.16 accepts a wildcard character that is embedded in an \\ internationalized domain name's U-label, which might allow man-in-the-middle \\ attackers to spoof SSL servers via a crafted certificate. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 \\ (* Security fix *) * [[slackwarearm.current>n/curl-7.36.0-arm-1.txz]] \\ This update fixes four security issues. \\ For more information, see: \\ http://curl.haxx.se/docs/adv_20140326A.html \\ http://curl.haxx.se/docs/adv_20140326B.html \\ http://curl.haxx.se/docs/adv_20140326C.html \\ http://curl.haxx.se/docs/adv_20140326D.html \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522 \\ (* Security fix *) * [[slackwarearm.current>n/httpd-2.4.9-arm-1.txz]] \\ This update addresses two security issues. \\ Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults \\ when logging truncated cookies. Clean up the cookie logging parser to \\ recognize only the cookie=value pairs, not valueless cookies. \\ mod_dav: Keep track of length of cdata properly when removing leading \\ spaces. Eliminates a potential denial of service from specifically crafted \\ DAV WRITE requests. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438 \\ (* Security fix *) * [[slackwarearm.current>n/openssh-6.6p1-arm-1.txz]] \\ This update fixes a security issue when using environment passing with \\ a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be \\ tricked into accepting any environment variable that contains the \\ characters before the wildcard character. \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532 \\ (* Security fix *) * [[slackwarearm.current>n/tin-2.2.0-arm-1.txz]] * [[slackwarearm.current>kernels/*]] ==== Rebuilt ==== * [[slackwarearm.current>isolinux/*]] \\ tar is now version 1.26. {{tag>slackware changelog slackwarearm-current 2014/04}} news/2014/04/02/slackwarearm-current-changelog.txt Last modified: 8 years agoby Giuseppe Di Terlizzi Log In