Slackware-current ChangeLog (2020-04-22)
Wed Apr 22 02:19:37 UTC 2020
Packages
Upgraded
- d/git-2.26.2-i586-1.txz
This update fixes a security issue:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent “host” parameter).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
(* Security fix *) - k/kernel-source-5.4.34_smp-noarch-1.txz
INFINIBAND_CXGB3 n → m
INFINIBAND_IPOIB_CM n → y
INFINIBAND_IPOIB_DEBUG_DATA n → y
Thanks to Karl Magnus Kolstø. - n/openssl-1.1.1g-i586-1.txz
This update fixes a security issue:
Fixed segmentation fault in SSL_check_chain() that could be exploited by a
malicious peer in a Denial of Service attack.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
(* Security fix *) - testing/packages/PAM/openvpn-2.4.9-i586-1_pam.txz
This update fixes a security issue:
Fix illegal client float. Thanks to Lev Stipakov.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
(* Security fix *)
Rebuilt
- l/M2Crypto-0.35.2-i586-4.txz
Don't package typing-3.7.4.1 for python3.