This is an old revision of the document!
Table of Contents
ChangeLog
2017-05-01
rxvt-2.7.10: Rebuilt. Patched an integer overflow that can crash rxvt with an escape sequence, or possibly have unspecified other impact. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7483 (Security fix)
xfce4-weather-plugin-0.8.9: Upgraded. Package upgraded to fix the API used to fetch weather data. Thanks to Robby Workman.
2017-04-23
getmail-4.54.0: Upgraded. This is a bugfix release to fix a failure to retrieve HTML formatted emails that contain a line longer than 1024 characters. Thanks to Edward Trumbo.
ntp-4.2.8p10: Upgraded. In addition to bug fixes and enhancements, this release fixes security issues of medium and low severity:
- Denial of Service via Malformed Config (Medium)
- Authenticated DoS via Malicious Config Option (Medium)
- Potential Overflows in ctl_put() functions (Medium)
- Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
- 0rigin DoS (Medium)
- Buffer Overflow in DPTS Clock (Low)
- Improper use of snprintf() in mx4200_send() (Low)
- The following issues do not apply to Linux systems:
- Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
- Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
- Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)
For more information, see:
(Security fix)
proftpd-1.3.5e: Upgraded. This release fixes a security issue: AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418 (Security fix)
2017-04-19
minicom-2.7.1: Upgraded. Fix an out of bounds data access that can lead to remote code execution. This issue was found by Solar Designer of Openwall during a security audit of the Virtuozzo 7 product, which contains derived downstream code in its prl-vzvncserver component. For more information, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467 (Security fix)
2017-04-14
bind-9.10.4: Upgraded. Fixed denial of service security issues. For more information, see:
(Security fix)
2017-04-08
libtiff-4.0.7: : Upgraded. This release contains security fixes and improvements. For more information, see:
(Security fix)
2017-04-01
samba-4.4.13
2017-03-28
mariadb-10.0.30
2017-03-24
glibc-zoneinfo-2017b, mcabber-1.0.5, samba-4.4.12
2017-03-15
glibc-zoneinfo-2017a, libcgroup-0.41, pidgin-2.12.0
2017-03-08
R-3.3.3, icecat-45.7.0
2017-02-05
added murrine, murrine-themes
2017-02-04
added libreoffice 2.3
2017-01-29
added nted (NoteEdit)
2017-01-14
added SDL2, SDL2_image, physfs, supertux
2017-01-09
added nethack-3.6.0, fontforge-20150824
2016-12-17
fixed up output formatting in freepkg, which is now ready for testing; please let us know if you have comments, feature requests, or package requests
2016-12-15
added meld3, gtksourceview3, glade
2016-12-13
14.2 kernel upgrade 4.4.29 → 4.4.38
2016-12-05
icecat 38.8.0 → 45.5.1
2016-11-17
14.1 kernel upgrade 3.10.103 → 3.10.104
2016-11-03
14.2 kernel upgrade 4.4.19 → 4.4.29
2016-10-26
linux-libre-image 4.4.27 fixes Dirty COW (CVE-2016-5195)
2016-09-06
14.1 kernel upgrade 3.10.17 → 3.10.103
2016-08-26
14.2 kernel upgrade 4.4.14 → 4.4.19
2016-08-09
purged non-free font-bh-ttf and font-bh-type1 from the repository
2016-08-09
rebuilt icecat 38.8.0 to avoid unidentified crashes on some cpus