Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2019/10/15 00:40] – connie
+++ changelog_14.2 [2019/11/04 23:38] – connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2019-11-04 ====
+**libtiff-4.1.0**:  Upgraded.
+libtiff: fix integer overflow in _TIFFCheckMalloc() that could cause a crash.
+tif_dir: unset transferfunction field if necessary.
+pal2rgb: failed to free memory on a few errors.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14973
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19210
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6128
+(**Security fix**)
+==== 2019-10-21 ====
+**python-2.7.17**:  Upgraded.
+This update fixes bugs and security issues:
+Update vendorized expat library version to 2.2.8.
+Disallow URL paths with embedded whitespace or control characters into the
+underlying http client request. Such potentially malicious header injection
+URLs now cause an httplib.InvalidURL exception to be raised.
+Avoid file reading by disallowing ``local-file://`` and ``local_file://``
+URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
+:meth:`urllib.URLopener.retrieve`.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
+(**Security fix**)
+**ca-certificates-20191018**:  Upgraded.
+This update provides the latest CA certificates to check for the
+authenticity of SSL connections.
+**sudo-1.8.28p1**:  Rebuilt.
+This is a bugfix release:
+Ensure that /etc/environment exists to prevent complaints from "sudo -i".
 ==== 2019-10-14 ====