Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/06/23 19:43] – connie
+++ changelog_14.2 [2020/07/06 17:02] – [2020-06-24] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2020-07-06 ====
+**libvorbis-1.3.7**:  Upgraded.
+Fix out-of-bounds read encoding very low sample rates.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10393
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14160
+(**Security fix**)
+**ca-certificates-20200630**:  Upgraded.
+This update provides the latest CA certificates to check for the
+authenticity of SSL connections.
+==== 2020-06-24 ====
+**curl-7.71.0**:  Upgraded.
+This update fixes security issues:
+curl overwrite local file with -J [111]
+Partial password leak over DNS on HTTP redirect [48]
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
+(**Security fix**)
+**libjpeg-turbo-2.0.5**:  Upgraded.
+This update fixes bugs and a security issue:
+Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
+TJBench, or the `tjLoadImage()` function if one of the values in a binary
+PPM/PGM input file exceeded the maximum value defined in the file's header
+and that maximum value was less than 255.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790
+(**Security fix**)
 ==== 2020-06-23 ====