changelog_14.2
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
changelog_14.2 [2019/03/27 22:42] – connie | changelog_14.2 [2019/06/16 16:19] – connie | ||
---|---|---|---|
Line 2: | Line 2: | ||
Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
+ | |||
+ | ==== 2019-06-16 ==== | ||
+ | |||
+ | **curl-7.65.1**: | ||
+ | This is a bugfix release. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | |||
+ | **openssl-1.0.2s**: | ||
+ | This is a bugfix release: | ||
+ | Change the default RSA, DSA and DH size to 2048 bit instead of 1024. | ||
+ | This changes the size when using the genpkey app when no size is given. | ||
+ | It fixes an omission in earlier changes that changed all RSA, DSA and DH | ||
+ | generation apps to use 2048 bits by default. | ||
+ | |||
+ | **openssl-solibs-1.0.2s**: | ||
+ | |||
+ | **rdesktop-1.8.6**: | ||
+ | This is a small bug fix release for rdesktop 1.8.5. An issue was discovered | ||
+ | soon after release where it was impossible to connect to some servers. This | ||
+ | issue has now been fixed, but otherwise this release is identical to 1.8.5. | ||
+ | |||
+ | ==== 2019-05-23 ==== | ||
+ | |||
+ | **curl-7.65.0**: | ||
+ | This release fixes the following security issues: | ||
+ | Integer overflows in curl_url_set | ||
+ | tftp: use the current blksize for recvfrom() | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2019-05-16 ==== | ||
+ | |||
+ | **rdesktop-1.8.5**: | ||
+ | This update fixes security issues: | ||
+ | Add bounds checking to protocol handling in order to fix many | ||
+ | security problems when communicating with a malicious server. | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2019-04-26 ==== | ||
+ | |||
+ | **bind-9.11.6_P1**: | ||
+ | This update fixes a security issue: | ||
+ | The TCP client quota set using the tcp-clients option could be exceeded | ||
+ | in some cases. This could lead to exhaustion of file descriptors. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **curl-7.64.1**: | ||
+ | This update fixes a regression in curl-7.64.0 which could lead to | ||
+ | 100% CPU usage. Thanks to arcctgx. | ||
+ | |||
+ | |||
+ | ==== 2019-04-17 ==== | ||
+ | |||
+ | **libpng-1.6.37**: | ||
+ | This update fixes security issues: | ||
+ | * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. | ||
+ | * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. | ||
+ | * Fixed a memory leak in pngtest.c. | ||
+ | * Fixed two vulnerabilities (CVE-2018-14048, | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | **libssh2-1.8.2**: | ||
+ | This update fixes a misapplied userauth patch that broke 1.8.1. | ||
+ | Thanks to Ook. | ||
+ | |||
+ | **glibc-zoneinfo-2019a**: | ||
+ | This package provides the latest timezone updates. | ||
+ | |||
+ | ==== 2019-04-06 ==== | ||
+ | |||
+ | **httpd-2.4.39**: | ||
+ | This release contains security fixes and improvements. | ||
+ | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker | ||
+ | or prefork, code executing in less-privileged child processes or threads | ||
+ | (including scripts executed by an in-process scripting interpreter) could | ||
+ | execute arbitrary code with the privileges of the parent process by | ||
+ | manipulating the scoreboard. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2019-04-06 ==== | ||
+ | |||
+ | **openjpeg-2.3.1**: | ||
+ | Includes many bug fixes (including security fixes). | ||
+ | (**Security fix**) | ||
+ | |||
+ | **wget-1.20.3**: | ||
+ | Fixed a buffer overflow vulnerability: | ||
+ | src/ | ||
+ | size if it is already full. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | |||
+ | ==== 2019-04-02 ==== | ||
+ | |||
+ | **ghostscript-9.26**: | ||
+ | Fixes security issues: | ||
+ | A specially crafted PostScript file could have access to the file system | ||
+ | outside of the constrains imposed by -dSAFER. | ||
+ | Transient procedures can allow access to system operators, leading to | ||
+ | remote code execution. | ||
+ | For more information, | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | (**Security fix**) | ||
+ | | ||
+ | **wget-1.20.2**: | ||
+ | Fixed an unspecified buffer overflow vulnerability. | ||
+ | (**Security fix**) | ||
==== 2019-03-27 ==== | ==== 2019-03-27 ==== |
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie