User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
changelog_14.2 [2019/11/04 23:38]
connie
changelog_14.2 [2020/05/20 00:31] (current)
connie [2020-05-18]
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-05-19 ====
 +
 +**bind-9.11.19**: ​ Upgraded.
 +This update fixes security issues:
 +A malicious actor who intentionally exploits the lack of effective
 +limitation on the number of fetches performed when processing referrals
 +can, through the use of specially crafted referrals, cause a recursing
 +server to issue a very large number of fetches in an attempt to process
 +the referral. This has at least two potential effects: The performance of
 +the recursing server can potentially be degraded by the additional work
 +required to perform these fetches, and the attacker can exploit this
 +behavior to use the recursing server as a reflector in a reflection attack
 +with a high amplification factor.
 +Replaying a TSIG BADTIME response as a request could trigger an assertion
 +failure.
 +For more information,​ see:
 +  * https://​kb.isc.org/​docs/​cve-2020-8616
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8616
 +  * https://​kb.isc.org/​docs/​cve-2020-8617
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8617
 +(**Security fix**)
 +
 +**libexif-0.6.22**: ​ Upgraded.
 +This update fixes bugs and security issues:
 +  * CVE-2018-20030:​ Fix for recursion DoS
 +  * CVE-2020-13114:​ Time consumption DoS when parsing canon array markers
 +  * CVE-2020-13113:​ Potential use of uninitialized memory
 +  * CVE-2020-13112:​ Various buffer overread fixes due to integer overflows in maker notes
 +  * CVE-2020-0093: ​ read overflow
 +  * CVE-2019-9278: ​ replaced integer overflow checks the compiler could optimize away by safer constructs
 +  * CVE-2020-12767:​ fixed division by zero
 +  * CVE-2016-6328: ​ fixed integer overflow when parsing maker notes
 +  * CVE-2017-7544: ​ fixed buffer overread
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20030
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13114
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13113
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13112
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0093
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-9278
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12767
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-6328
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-7544
 +(**Security fix**)
 +
 +==== 2020-05-18 ====
 +
 +**sane-1.0.30**: ​ Upgraded.
 +This update fixes several security issues.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12867
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12862
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12863
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12865
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12866
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12861
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12864
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2020a**: ​ Upgraded.
 +This package provides the latest timezone updates.
 +
 +==== 2020-04-21 ====
 +
 +**git-2.17.5**: ​ Upgraded.
 +This update fixes a security issue:
 +With a crafted URL that contains a newline or empty host, or lacks
 +a scheme, the credential helper machinery can be fooled into
 +providing credential information that is not appropriate for the
 +protocol in use and host being contacted.
 +Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
 +credentials are not for a host of the attacker'​s choosing; instead,
 +they are for some unspecified host (based on how the configured
 +credential helper handles an absent "​host"​ parameter).
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11008
 +(**Security fix**)
 +
 +==== 2020-04-17 ====
 +
 +**openvpn-2.4.9**: ​ Upgraded.
 +This update fixes a security issue:
 +Fix illegal client float. Thanks to Lev Stipakov.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11810
 +(**Security fix**)
 +
 +==== 2020-04-15 ====
 +
 +**bind-9.11.18**: ​ Upgraded.
 +This update fixes a security issue:
 +DNS rebinding protection was ineffective when BIND 9 is configured as a
 +forwarding DNS server. Found and responsibly reported by Tobias Klein.
 +[GL #1574]
 +(**Security fix**)
 +
 +==== 2020-04-14 ====
 +
 +**git-2.17.4**: ​ Upgraded.
 +This update fixes a security issue:
 +With a crafted URL that contains a newline in it, the credential helper
 +machinery can be fooled to give credential information for a wrong host.
 +The attack has been made impossible by forbidding a newline character in
 +any value passed via the credential protocol. Credit for finding the
 +vulnerability goes to Felix Wilhelm of Google Project Zero.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-5260
 +(**Security fix**)
 +
 +==== 2020-03-31 ====
 +
 +**gnutls-3.6.13**: ​ Upgraded.
 +This update fixes a security issue:
 +libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
 +since 3.6.3. The DTLS client would not contribute any randomness to the
 +DTLS negotiation,​ breaking the security guarantees of the DTLS protocol.
 +[GNUTLS-SA-2020-03-31,​ CVSS: high]
 +(**Security fix**)
 +
 +**httpd-2.4.43**: ​ Upgraded.
 +This release contains security fixes (since 2.4.39) and improvements.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10097
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-9517
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10098
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10092
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10082
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10081
 +(**Security fix**)
 +
 +
 +==== 2020-03-27 ====
 +
 +**linux-libre-*-4.4.217**: ​ Upgraded.
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.209:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19965
 +Fixed in 4.4.210:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19068
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14615
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14895
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19056
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19066
 +Fixed in 4.4.211:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15217
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-21008
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15220
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15221
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-5108
 +Fixed in 4.4.212:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14896
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14897
 +Fixed in 4.4.215:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-9383
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-2732
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-16233
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0009
 +Fixed in 4.4.216:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11487
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8647
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8649
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-16234
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8648
 +Fixed in 4.4.217:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14901
 +(**Security fix**)
 +
 +==== 2020-03-23 ====
 +
 +**gd-2.3.0**: ​ Upgraded.
 +This update fixes bugs and security issues:
 +  * Potential double-free in gdImage*Ptr().
 +  * gdImageColorMatch() out of bounds write on heap.
 +  * Uninitialized read in gdImageCreateFromXbm().
 +  * Double-free in gdImageBmp.
 +  * Potential NULL pointer dereference in gdImageClone().
 +  * Potential infinite loop in gdImageCreateFromGifCtx().
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-6978
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-6977
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11038
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-1000222
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14553
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-5711
 +(**Security fix**)
 +
 +**NetworkManager-1.8.4**: ​ Rebuilt.
 +Recompiled to get PPP working again with the new pppd. Thanks to longus.
 +
 +**sudo-1.8.31p1**: ​ Upgraded.
 +This is a bugfix release:
 +Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit,
 +as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE
 +to be set back to RLIM_INFINITY if we set the limit to zero, even for root,
 +which resulted in a warning from sudo.
 +
 +**rp-pppoe-3.13**: ​ Upgraded.
 +This needed a rebuild for ppp-2.4.8. Thanks to regdub.
 +
 +==== 2020-03-04 ====
 +
 +**ppp-2.4.8**: ​ Upgraded.
 +This update fixes a security issue:
 +By sending an unsolicited EAP packet to a vulnerable ppp client or server,
 +an unauthenticated remote attacker could cause memory corruption in the
 +pppd process, which may allow for arbitrary code execution.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8597
 +(**Security fix**)
 +
 +==== 2020-02-20 ====
 +
 +**proftpd-1.3.6c**: ​ Upgraded.
 +No CVEs assigned, but this sure looks like a security issue:
 +Use-after-free vulnerability in memory pools during data transfer.
 +(**Security fix**)
 +
 +==== 2020-02-14 ====
 +
 +**libarchive-3.4.2**: ​ Upgraded.
 +This update includes security fixes in the RAR5 reader.
 +(**Security fix**)
 +
 +==== 2020-01-31 ====
 +
 +**sudo-1.8.31**: ​ Upgraded.
 +This update fixes a security issue:
 +In Sudo before 1.8.31, if pwfeedback is enabled in /​etc/​sudoers,​ users can
 +trigger a stack-based buffer overflow in the privileged sudo process.
 +(pwfeedback is a default setting in some Linux distributions;​ however, it
 +is not the default for upstream or in Slackware, and would exist only if
 +enabled by an administrator.) The attacker needs to deliver a long string
 +to the stdin of getln() in tgetpass.c.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18634
 +(**Security fix**)
 +
 +**bind-9.11.15**: ​ Upgraded.
 +This is a bugfix release:
 +With some libmaxminddb versions, named could erroneously match an IP address
 +not belonging to any subnet defined in a given GeoIP2 database to one of the
 +existing entries in that database. [GL #1552]
 +Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
 +
 +==== 2020-01-11 ====
 +
 +**p7zip-16.02**:​ Added (FXP)
 +==== 2020-01-09 ====
 +
 +**linux-libre-*-4.4.208**: ​ Upgraded.
 +   ​IPV6_MULTIPLE_TABLES n -> y
 +  +IPV6_SUBTREES y
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.203:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19524
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15917
 +Fixed in 4.4.204:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18660
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15291
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18683
 +Fixed in 4.4.206:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-12614
 +Fixed in 4.4.207:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19227
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19062
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19338
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19332
 +Fixed in 4.4.208:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19057
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19063
 +(**Security fix**)
 +
 +**xfce4-weather-plugin-0.8.11**: ​ Upgraded.
 +Bugfix release to address the upcoming obsolescence of the
 +locationforecastLTS API from met.no. Thanks to Robby Workman.
 +
 +**libwmf-0.2.8.4**: ​ Rebuilt.
 +This is a bugfix release to correct the path for the GDK_PIXBUF_DIR.
 +Thanks to B. Watson and Robby Workman.
 +
 +==== 2019-12-21 ====
 +
 +**openssl-1.0.2u**: ​ Upgraded.
 +This update fixes a low severity security issue:
 +Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
 +exponentiation with 512-bit moduli.
 +For more information,​ see:
 +  * https://​www.openssl.org/​news/​secadv/​20191206.txt
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-1551
 +(**Security fix**)
 +
 +**openssl-solibs-1.0.2u**: ​ Upgraded.
 +
 +**tigervnc-1.10.1**: ​ Upgraded.
 +From tigervnc.org:​ "This is a security release to fix a number of issues
 +that were found by Kaspersky Lab. These issues affect both the client and
 +server and could theoretically allow a malicious peer to take control
 +over the software on the other side. No working exploit is known at this
 +time, and the issues require the peer to first be authenticated. We still
 +urge users to upgrade when possible."​
 +(**Security fix**)
 +
 +==== 2019-12-19 ====
 +
 +**bind-9.11.14**: ​ Upgraded.
 +This is a bugfix release:
 +Fixed a bug that caused named to leak memory on reconfiguration when
 +any GeoIP2 database was in use. [GL #1445]
 +Fixed several possible race conditions discovered by Thread Sanitizer.
 +
 +**wavpack-5.2.0**: ​ Upgraded.
 +Fixed denial-of-service and other potential security issues.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-19840
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-19841
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10536
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10537
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10538
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10539
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10540
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-7254
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-7253
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-6767
 +(**Security fix**)
 +
 +**ca-certificates-20191130**: ​ Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +==== 2019-11-21 ====
 +
 +**bind-9.11.13**: ​ Upgraded.
 +This update fixes a security issue:
 +Set a limit on the number of concurrently served pipelined TCP queries.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-6477
 +(**Security fix**)
 +
 +==== 2019-11-17 ====
 +
 +**linux-libre-*-4.4.202**: ​ Upgraded.
 +  * CRYPTO_CRC32C_INTEL m -> y
 +  * +X86_INTEL_TSX_MODE_AUTO n
 +  * +X86_INTEL_TSX_MODE_OFF y
 +  * +X86_INTEL_TSX_MODE_ON n
 +These updates fix various bugs and security issues, including mitigation for
 +the TSX Asynchronous Abort condition on some CPUs.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.201:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-0155
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-0154
 +Fixed in 4.4.202:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11135
 +(**Security fix**)
 +
 +==== 2019-11-12 ====
 +
 +**kdelibs-4.14.38**: ​ Rebuilt. ​                                                                                                                                                          
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**kdepim-4.14.10**: ​ Rebuilt.
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**kdepimlibs-4.14.10**: ​ Rebuilt.
 +Remove hardcoded TLSv1 allowing TLSv1.1 and TLSv1.2. Thanks to PJ Beers.
 +
 +**linux-libre-*-4.4.199**: ​ Upgraded.
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.191:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-3900
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15118
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-10906
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-10905
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10638
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15117
 +Fixed in 4.4.193:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14835
 +Fixed in 4.4.194:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14816
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14814
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15505
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14821
 +Fixed in 4.4.195:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17053
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17052
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17056
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17055
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17054
 +Fixed in 4.4.196:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-2215
 +Fixed in 4.4.197:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-16746
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20976
 +Fixed in 4.4.198:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17075
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-17133
 +Fixed in 4.4.199:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15098
 +(**Security fix**)
  
 ==== 2019-11-04 ==== ==== 2019-11-04 ====
changelog_14.2.1572928712.txt.gz ยท Last modified: 2019/11/04 23:38 by connie