Slackware-14.0 ChangeLog (2022-01-25)

Tue Jan 25 06:16:36 UTC 2022

  • patches/packages/expat-2.4.3-i486-2_slack14.0.txz
    Fix signed integer overflow in function XML_GetBuffer for when
    XML_CONTEXT_BYTES is defined to >0 (which is both common and
    default). Impact is denial of service or other undefined behavior.
    While we're here, also patch a memory leak on output file opening error.
    Thanks to marav.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
    (* Security fix *)
  • news/2022/01/25/slackware-14.0-changelog.txt
  • Last modified: 2 years ago
  • by Giuseppe Di Terlizzi