en-us shasta@slackware.pl (Slackware.PL staff) http://blogs.law.harvard.edu/tech/rss http://slackware.pl/ Changelog activity and resources for slackware64-14.2 (detailed version) ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.15p5-x86_64-1_slack14.2.txz Upgraded. This is a bugfix release. Sat, 30 Dec 2023 19:53:07 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/glibc-zoneinfo-2023d-noarch-1_slack14.2.txz Upgraded. This package provides the latest timezone updates. Sat, 23 Dec 2023 02:48:56 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/proftpd-1.3.8b-x86_64-1_slack14.2.txz Upgraded. This update fixes a security issue: mod_sftp: implemented mitigations for "Terrapin" SSH attack. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48795 (* Security fix *) Wed, 20 Dec 2023 21:10:47 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/libssh-0.10.6-x86_64-1_slack14.2.txz Upgraded. This update fixes security issues: Command injection using proxycommand. Potential downgrade attack using strict kex. Missing checks for return values of MD functions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6004 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.cve.org/CVERecord?id=CVE-2023-6918 (* Security fix *) Tue, 19 Dec 2023 21:24:05 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.15p4-x86_64-1_slack14.2.txz Upgraded. This is a bugfix release. Sat, 16 Dec 2023 20:33:34 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/libxml2-2.11.6-x86_64-1_slack14.2.txz Upgraded. We're going to drop back to the 2.11 branch here on the stable releases since it has all of the relevant security fixes and better compatibility. Thu, 14 Dec 2023 20:09:31 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.15p3-x86_64-1_slack14.2.txz Upgraded. This is a bugfix release. Thu, 14 Dec 2023 18:33:00 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/libxml2-2.12.3-x86_64-1_slack14.2.txz Upgraded. This update addresses regressions when building against libxml2 that were due to header file refactoring. Wed, 13 Dec 2023 22:01:34 +0100 ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/patches/packages/libxml2-2.12.2-x86_64-1_slack14.2.txz Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *) Sun, 10 Dec 2023 01:12:17 +0100