Freenix Wiki

User Tools

Site Tools

Trace:
changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
changelog_14.2 [2020/02/14 17:37] – [2020-01-31] conniechangelog_14.2 [2020/03/23 20:50] – [2020-03-04] connie
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-03-23 ====
 +
 +**gd-2.3.0**:  Upgraded.
 +This update fixes bugs and security issues:
 +  * Potential double-free in gdImage*Ptr().
 +  * gdImageColorMatch() out of bounds write on heap.
 +  * Uninitialized read in gdImageCreateFromXbm().
 +  * Double-free in gdImageBmp.
 +  * Potential NULL pointer dereference in gdImageClone().
 +  * Potential infinite loop in gdImageCreateFromGifCtx().
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
 +(**Security fix**)
 +
 +**NetworkManager-1.8.4**:  Rebuilt.
 +Recompiled to get PPP working again with the new pppd. Thanks to longus.
 +
 +**sudo-1.8.31p1**:  Upgraded.
 +This is a bugfix release:
 +Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit,
 +as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE
 +to be set back to RLIM_INFINITY if we set the limit to zero, even for root,
 +which resulted in a warning from sudo.
 +
 +**rp-pppoe-3.13**:  Upgraded.
 +This needed a rebuild for ppp-2.4.8. Thanks to regdub.
 +
 +==== 2020-03-04 ====
 +
 +**ppp-2.4.8**:  Upgraded.
 +This update fixes a security issue:
 +By sending an unsolicited EAP packet to a vulnerable ppp client or server,
 +an unauthenticated remote attacker could cause memory corruption in the
 +pppd process, which may allow for arbitrary code execution.
 +For more information, see:
 +  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
 +(**Security fix**)
 +
 +==== 2020-02-20 ====
 +
 +**proftpd-1.3.6c**:  Upgraded.
 +No CVEs assigned, but this sure looks like a security issue:
 +Use-after-free vulnerability in memory pools during data transfer.
 +(**Security fix**)
  
 ==== 2020-02-14 ==== ==== 2020-02-14 ====
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie