Slackwarearm-current ChangeLog (2021-09-18)
Sat Sep 18 08:08:08 UTC 2021
The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/
Packages
Upgraded
- a/cryptsetup-2.4.1-arm-1.txz
- ap/sudo-1.9.8p1-arm-1.txz
- l/fftw-3.3.10-arm-1.txz
- l/libxkbcommon-1.3.1-arm-1.txz
- l/pipewire-0.3.36-arm-1.txz
- n/httpd-2.4.49-arm-1.txz
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *) - x/ibus-libpinyin-1.12.1-arm-1.txz
- x/libpinyin-2.6.1-arm-1.txz
Rebuilt
- a/sysvinit-scripts-15.0-noarch-4.txz
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal. - n/dhcpcd-9.4.0-arm-2.txz
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.