Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2019/10/02 15:47] – connie
+++ changelog_14.2 [2019/10/21 17:34] – connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2019-10-21 ====
+**python-2.7.17**:  Upgraded.
+This update fixes bugs and security issues:
+Update vendorized expat library version to 2.2.8.
+Disallow URL paths with embedded whitespace or control characters into the
+underlying http client request. Such potentially malicious header injection
+URLs now cause an httplib.InvalidURL exception to be raised.
+Avoid file reading by disallowing ``local-file://`` and ``local_file://``
+URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
+:meth:`urllib.URLopener.retrieve`.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
+(**Security fix**)
+**ca-certificates-20191018**:  Upgraded.
+This update provides the latest CA certificates to check for the
+authenticity of SSL connections.
+**sudo-1.8.28p1**:  Rebuilt.
+This is a bugfix release:
+Ensure that /etc/environment exists to prevent complaints from "sudo -i".
+==== 2019-10-14 ====
+**sudo-1.8.28**:  Upgraded.
+Fixed a bug where an sudo user may be able to run a command as root when
+the Runas specification explicitly disallows root access as long as the
+ALL keyword is listed first.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
+(**Security fix**)
 ==== 2019-10-02 ====