Slackwarearm-current ChangeLog (2019-04-04)
Thu Apr 04 08:08:08 UTC 2019
Packages
Rebuilt
- a/aaa_elflibs-15.0-arm-5.txz
Upgraded: libelf-0.176.so, libpcre.so.1.2.11, libglib-2.0.so.0.6000.0,
libgmodule-2.0.so.0.6000.0, libgobject-2.0.so.0.6000.0,
libgthread-2.0.so.0.6000.0, libtdb.so.1.4.0. - a/shadow-4.6-arm-2.txz
adduser: reprompt on invalid user input. Thanks to ttk. - ap/ghostscript-9.26-arm-2.txz
Fixes security issues:
A specially crafted PostScript file could have access to the file system
outside of the constrains imposed by -dSAFER.
Transient procedures can allow access to system operators, leading to
remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
(* Security fix *) - ap/sqlite-3.27.2-arm-2.txz
Recompiled against icu4c-64.1. - kde/calligra-2.9.11-arm-26.txz
Recompiled against icu4c-64.1. - kde/kdepimlibs-4.14.10-arm-7.txz
Recompiled to pull in new gpgme++ header files. - l/boost-1.69.0-arm-2.txz
Recompiled against icu4c-64.1. - l/libical-3.0.4-arm-2.txz
Recompiled against icu4c-64.1. - l/libvisio-0.1.6-arm-5.txz
Recompiled against icu4c-64.1. - l/qt-4.8.7-arm-7.txz
Recompiled against icu4c-64.1. - l/raptor2-2.0.15-arm-5.txz
Recompiled against icu4c-64.1. - n/php-7.2.16-arm-2.txz
Recompiled against icu4c-64.1. - n/tin-2.4.3-arm-2.txz
Recompiled against icu4c-64.1. - t/texlive-2018.180822-arm-5.txz
Recompiled against icu4c-64.1.
Upgraded
- a/hwdata-0.322-arm-1.txz
- a/kernel-firmware-20190402_67b7579-noarch-1.txz
- a/quota-4.05-arm-1.txz
- a/xfsprogs-4.20.0-arm-1.txz
Recompiled against icu4c-64.1. - d/cmake-3.14.1-arm-1.txz
- d/patchelf-0.10-arm-1.txz
- d/vala-0.44.2-arm-1.txz
- l/ffmpeg-3.4.6-arm-1.txz
- l/giflib-5.1.9-arm-1.txz
- l/glib-networking-2.60.1-arm-1.txz
- l/harfbuzz-2.4.0-arm-1.txz
Recompiled against icu4c-64.1. - l/icu4c-64.1-arm-1.txz
Shared library .so-version bump. - l/imagemagick-6.9.10_36-arm-1.txz
- l/python-pillow-6.0.0-arm-1.txz
- l/utf8proc-2.3.0-arm-1.txz
- l/v4l-utils-1.16.5-arm-1.txz
- n/dovecot-2.3.5.1-arm-1.txz
Missing input buffer size validation leads into arbitrary buffer overflow
when reading fts or pop3 uidl header from Dovecot index. Exploiting this
requires direct write access to the index files.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7524
(* Security fix *)
Compiled against icu4c-64.1. - n/gpgme-1.13.0-arm-1.txz
- n/httpd-2.4.39-arm-1.txz
This release contains security fixes and improvements.
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker
or prefork, code executing in less-privileged child processes or threads
(including scripts executed by an in-process scripting interpreter) could
execute arbitrary code with the privileges of the parent process by
manipulating the scoreboard.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
(* Security fix *) - n/iputils-20190324-arm-1.txz
- n/postfix-3.4.5-arm-1.txz
Recompiled against icu4c-64.1. - n/wget-1.20.2-arm-1.txz
Fixed an unspecified buffer overflow vulnerability.
(* Security fix *) - n/whois-5.4.2-arm-1.txz
- x/libinput-1.13.0-arm-1.txz
- x/mesa-19.0.1-arm-1.txz
- x/vulkan-sdk-1.1.101.0-arm-1.txz