Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/07/23 17:53] – [2020-07-06] connie
+++ changelog_14.2 [2020/08/21 18:29] – [2020-08-19] connie
@@ Line 3: / Line 3: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
-==== 2020-07-23 ====
+==== 2020-08-21 ====
-**libreoffice**
+**bind-9.11.22**:  Upgraded.
+This update fixes three security issues:
+"update-policy" rules of type "subdomain" were incorrectly treated as
+"zonesub" rules, which allowed keys used in "subdomain" rules to update
+names outside of the specified subdomains. The problem was fixed by making
+sure "subdomain" rules are again processed as described in the ARM.
+When BIND 9 was compiled with native PKCS#11 support, it was possible to
+trigger an assertion failure in code determining the number of bits in the
+PKCS#11 RSA public key with a specially crafted packet.
+It was possible to trigger an assertion failure when verifying the response
+to a TSIG-signed request.
+For more information, see:
+  * https://kb.isc.org/docs/cve-2020-8624
+  * https://kb.isc.org/docs/cve-2020-8623
+  * https://kb.isc.org/docs/cve-2020-8622
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622
+(**Security fix**)
+==== 2020-08-19 ====
+**curl-7.72.0**:  Upgraded.
+This update fixes a security issue:
+libcurl: wrong connect-only connection [98]
+For more information, see:
+  * https://curl.haxx.se/docs/CVE-2020-8231.html
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231
+(**Security fix**)
+**httpd-2.4.46**:  Upgraded.
+This is the latest release from the Apache HTTP Server 2.4.x stable branch.
+==== 2020-07-23 ====
+**libreoffice-6.2.8.2**: Upgraded (FXP). The full collection of language packs and help packs is not supplied, but they can be installed via libreoffice extension manager.
 ==== 2020-07-06 ====