User Tools

Site Tools


changelog_14.2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
changelog_14.2 [2019/11/21 20:40]
connie
changelog_14.2 [2020/07/06 17:02] (current)
connie [2020-06-24]
Line 2: Line 2:
  
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +
 +==== 2020-07-06 ====
 +
 +**libvorbis-1.3.7**: ​ Upgraded.
 +Fix out-of-bounds read encoding very low sample rates.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10393
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-14160
 +(**Security fix**)
 +
 +**ca-certificates-20200630**: ​ Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +==== 2020-06-24 ====
 +
 +**curl-7.71.0**: ​ Upgraded.
 +This update fixes security issues:
 +curl overwrite local file with -J [111]
 +Partial password leak over DNS on HTTP redirect [48]
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8177
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8169
 +(**Security fix**)
 +
 +**libjpeg-turbo-2.0.5**: ​ Upgraded.
 +This update fixes bugs and a security issue:
 +Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
 +TJBench, or the `tjLoadImage()` function if one of the values in a binary
 +PPM/PGM input file exceeded the maximum value defined in the file's header
 +and that maximum value was less than 255.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13790
 +(**Security fix**)
 +
 +==== 2020-06-23 ====
 +
 +**ntp-4.2.8p15**: ​ Upgraded.
 +This release fixes one vulnerability:​ Associations that use CMAC
 +authentication between ntpd from versions 4.2.8p11/​4.3.97 and
 +4.2.8p14/​4.3.100 will leak a small amount of memory for each packet.
 +Eventually, ntpd will run out of memory and abort.
 +(**Security fix**)
 +
 +**sudo-1.8.31p2**: ​ Upgraded.
 +This is a bugfix release. For more information,​ see:
 +  * https://​www.sudo.ws/​legacy.html#​1.8.31p2
 +
 +==== 2020-06-18 ====
 +
 +**bind-9.11.20**: ​ Upgraded.
 +This update fixes a security issue:
 +It was possible to trigger an INSIST in lib/​dns/​rbtdb.c:​new_reference() with
 +a particular zone content and query patterns.
 +For more information,​ see:
 +  * https://​kb.isc.org/​docs/​cve-2020-8619
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8619
 +(**Security fix**)
 +
 +==== 2020-06-14 ====
 +
 +**R-4.0.1**:​ upgraded (FXP).
 +
 +**pcre2-10.35**:​ added (FXP) as a new requirement for R.
 +
 +**fuse-exfat-1.3.0**:​ added (FXP).
 +
 +**linux-libre-*-4.4.227**: ​ Upgraded.
 +These updates fix various bugs and security issues, including a mitigation
 +for SRBDS (Special Register Buffer Data Sampling). SRBDS is an MDS-like
 +speculative side channel that can leak bits from the random number generator
 +(RNG) across cores and threads.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.218:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11668
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11608
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11609
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-10942
 +Fixed in 4.4.219:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11494
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11565
 +Fixed in 4.4.220:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12826
 +Fixed in 4.4.221:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19319
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12464
 +Fixed in 4.4.222:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-10751
 +Fixed in 4.4.224:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-10711
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-1749
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12769
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-10690
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13143
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19768
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12770
 +Fixed in 4.4.225:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-9517
 +Fixed in 4.4.226:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-10732
 +Fixed in 4.4.227:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0543
 +(**Security fix**)
 +
 +**gnutls-3.6.14**: ​ Upgraded.
 +Fixed insecure session ticket key construction,​ since 3.6.4. The TLS server
 +would not bind the session ticket encryption key with a value supplied by
 +the application until the initial key rotation, allowing attacker to bypass
 +authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
 +[GNUTLS-SA-2020-06-03,​ CVSS: high]
 +(**Security fix**)
 +
 +**ca-certificates-20200602**: ​ Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
 +
 +**proftpd-1.3.6d**: ​ Upgraded.
 +This is a bugfix release:
 +Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
 +
 +==== 2020-05-19 ====
 +
 +**bind-9.11.19**: ​ Upgraded.
 +This update fixes security issues:
 +A malicious actor who intentionally exploits the lack of effective
 +limitation on the number of fetches performed when processing referrals
 +can, through the use of specially crafted referrals, cause a recursing
 +server to issue a very large number of fetches in an attempt to process
 +the referral. This has at least two potential effects: The performance of
 +the recursing server can potentially be degraded by the additional work
 +required to perform these fetches, and the attacker can exploit this
 +behavior to use the recursing server as a reflector in a reflection attack
 +with a high amplification factor.
 +Replaying a TSIG BADTIME response as a request could trigger an assertion
 +failure.
 +For more information,​ see:
 +  * https://​kb.isc.org/​docs/​cve-2020-8616
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8616
 +  * https://​kb.isc.org/​docs/​cve-2020-8617
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8617
 +(**Security fix**)
 +
 +**libexif-0.6.22**: ​ Upgraded.
 +This update fixes bugs and security issues:
 +  * CVE-2018-20030:​ Fix for recursion DoS
 +  * CVE-2020-13114:​ Time consumption DoS when parsing canon array markers
 +  * CVE-2020-13113:​ Potential use of uninitialized memory
 +  * CVE-2020-13112:​ Various buffer overread fixes due to integer overflows in maker notes
 +  * CVE-2020-0093: ​ read overflow
 +  * CVE-2019-9278: ​ replaced integer overflow checks the compiler could optimize away by safer constructs
 +  * CVE-2020-12767:​ fixed division by zero
 +  * CVE-2016-6328: ​ fixed integer overflow when parsing maker notes
 +  * CVE-2017-7544: ​ fixed buffer overread
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-20030
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13114
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13113
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-13112
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0093
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-9278
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12767
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2016-6328
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2017-7544
 +(**Security fix**)
 +
 +==== 2020-05-18 ====
 +
 +**sane-1.0.30**: ​ Upgraded.
 +This update fixes several security issues.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12867
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12862
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12863
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12865
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12866
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12861
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-12864
 +(**Security fix**)
 +
 +**glibc-zoneinfo-2020a**: ​ Upgraded.
 +This package provides the latest timezone updates.
 +
 +==== 2020-04-21 ====
 +
 +**git-2.17.5**: ​ Upgraded.
 +This update fixes a security issue:
 +With a crafted URL that contains a newline or empty host, or lacks
 +a scheme, the credential helper machinery can be fooled into
 +providing credential information that is not appropriate for the
 +protocol in use and host being contacted.
 +Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
 +credentials are not for a host of the attacker'​s choosing; instead,
 +they are for some unspecified host (based on how the configured
 +credential helper handles an absent "​host"​ parameter).
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11008
 +(**Security fix**)
 +
 +==== 2020-04-17 ====
 +
 +**openvpn-2.4.9**: ​ Upgraded.
 +This update fixes a security issue:
 +Fix illegal client float. Thanks to Lev Stipakov.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-11810
 +(**Security fix**)
 +
 +==== 2020-04-15 ====
 +
 +**bind-9.11.18**: ​ Upgraded.
 +This update fixes a security issue:
 +DNS rebinding protection was ineffective when BIND 9 is configured as a
 +forwarding DNS server. Found and responsibly reported by Tobias Klein.
 +[GL #1574]
 +(**Security fix**)
 +
 +==== 2020-04-14 ====
 +
 +**git-2.17.4**: ​ Upgraded.
 +This update fixes a security issue:
 +With a crafted URL that contains a newline in it, the credential helper
 +machinery can be fooled to give credential information for a wrong host.
 +The attack has been made impossible by forbidding a newline character in
 +any value passed via the credential protocol. Credit for finding the
 +vulnerability goes to Felix Wilhelm of Google Project Zero.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-5260
 +(**Security fix**)
 +
 +==== 2020-03-31 ====
 +
 +**gnutls-3.6.13**: ​ Upgraded.
 +This update fixes a security issue:
 +libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
 +since 3.6.3. The DTLS client would not contribute any randomness to the
 +DTLS negotiation,​ breaking the security guarantees of the DTLS protocol.
 +[GNUTLS-SA-2020-03-31,​ CVSS: high]
 +(**Security fix**)
 +
 +**httpd-2.4.43**: ​ Upgraded.
 +This release contains security fixes (since 2.4.39) and improvements.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10097
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-9517
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10098
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10092
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10082
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-10081
 +(**Security fix**)
 +
 +
 +==== 2020-03-27 ====
 +
 +**linux-libre-*-4.4.217**: ​ Upgraded.
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.209:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19965
 +Fixed in 4.4.210:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19068
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14615
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14895
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19056
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19066
 +Fixed in 4.4.211:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15217
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-21008
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15220
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15221
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-5108
 +Fixed in 4.4.212:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14896
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14897
 +Fixed in 4.4.215:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-9383
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-2732
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-16233
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-0009
 +Fixed in 4.4.216:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11487
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8647
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8649
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-16234
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8648
 +Fixed in 4.4.217:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-14901
 +(**Security fix**)
 +
 +==== 2020-03-23 ====
 +
 +**gd-2.3.0**: ​ Upgraded.
 +This update fixes bugs and security issues:
 +  * Potential double-free in gdImage*Ptr().
 +  * gdImageColorMatch() out of bounds write on heap.
 +  * Uninitialized read in gdImageCreateFromXbm().
 +  * Double-free in gdImageBmp.
 +  * Potential NULL pointer dereference in gdImageClone().
 +  * Potential infinite loop in gdImageCreateFromGifCtx().
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-6978
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-6977
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-11038
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-1000222
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-14553
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-5711
 +(**Security fix**)
 +
 +**NetworkManager-1.8.4**: ​ Rebuilt.
 +Recompiled to get PPP working again with the new pppd. Thanks to longus.
 +
 +**sudo-1.8.31p1**: ​ Upgraded.
 +This is a bugfix release:
 +Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit,
 +as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE
 +to be set back to RLIM_INFINITY if we set the limit to zero, even for root,
 +which resulted in a warning from sudo.
 +
 +**rp-pppoe-3.13**: ​ Upgraded.
 +This needed a rebuild for ppp-2.4.8. Thanks to regdub.
 +
 +==== 2020-03-04 ====
 +
 +**ppp-2.4.8**: ​ Upgraded.
 +This update fixes a security issue:
 +By sending an unsolicited EAP packet to a vulnerable ppp client or server,
 +an unauthenticated remote attacker could cause memory corruption in the
 +pppd process, which may allow for arbitrary code execution.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2020-8597
 +(**Security fix**)
 +
 +==== 2020-02-20 ====
 +
 +**proftpd-1.3.6c**: ​ Upgraded.
 +No CVEs assigned, but this sure looks like a security issue:
 +Use-after-free vulnerability in memory pools during data transfer.
 +(**Security fix**)
 +
 +==== 2020-02-14 ====
 +
 +**libarchive-3.4.2**: ​ Upgraded.
 +This update includes security fixes in the RAR5 reader.
 +(**Security fix**)
 +
 +==== 2020-01-31 ====
 +
 +**sudo-1.8.31**: ​ Upgraded.
 +This update fixes a security issue:
 +In Sudo before 1.8.31, if pwfeedback is enabled in /​etc/​sudoers,​ users can
 +trigger a stack-based buffer overflow in the privileged sudo process.
 +(pwfeedback is a default setting in some Linux distributions;​ however, it
 +is not the default for upstream or in Slackware, and would exist only if
 +enabled by an administrator.) The attacker needs to deliver a long string
 +to the stdin of getln() in tgetpass.c.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18634
 +(**Security fix**)
 +
 +**bind-9.11.15**: ​ Upgraded.
 +This is a bugfix release:
 +With some libmaxminddb versions, named could erroneously match an IP address
 +not belonging to any subnet defined in a given GeoIP2 database to one of the
 +existing entries in that database. [GL #1552]
 +Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
 +
 +==== 2020-01-11 ====
 +
 +**p7zip-16.02**:​ Added (FXP)
 +==== 2020-01-09 ====
 +
 +**linux-libre-*-4.4.208**: ​ Upgraded.
 +   ​IPV6_MULTIPLE_TABLES n -> y
 +  +IPV6_SUBTREES y
 +These updates fix various bugs and security issues.
 +Be sure to upgrade your initrd after upgrading the kernel packages.
 +If you use lilo to boot your machine, be sure lilo.conf points to the correct
 +kernel and initrd and run lilo as root to update the bootloader.
 +If you use elilo to boot your machine, you should run eliloconfig to copy the
 +kernel and initrd to the EFI System Partition.
 +For more information,​ see:
 +
 +Fixed in 4.4.203:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19524
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15917
 +Fixed in 4.4.204:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18660
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-15291
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-18683
 +Fixed in 4.4.206:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-12614
 +Fixed in 4.4.207:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19227
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19062
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19338
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19332
 +Fixed in 4.4.208:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19057
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19063
 +(**Security fix**)
 +
 +**xfce4-weather-plugin-0.8.11**: ​ Upgraded.
 +Bugfix release to address the upcoming obsolescence of the
 +locationforecastLTS API from met.no. Thanks to Robby Workman.
 +
 +**libwmf-0.2.8.4**: ​ Rebuilt.
 +This is a bugfix release to correct the path for the GDK_PIXBUF_DIR.
 +Thanks to B. Watson and Robby Workman.
 +
 +==== 2019-12-21 ====
 +
 +**openssl-1.0.2u**: ​ Upgraded.
 +This update fixes a low severity security issue:
 +Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
 +exponentiation with 512-bit moduli.
 +For more information,​ see:
 +  * https://​www.openssl.org/​news/​secadv/​20191206.txt
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-1551
 +(**Security fix**)
 +
 +**openssl-solibs-1.0.2u**: ​ Upgraded.
 +
 +**tigervnc-1.10.1**: ​ Upgraded.
 +From tigervnc.org:​ "This is a security release to fix a number of issues
 +that were found by Kaspersky Lab. These issues affect both the client and
 +server and could theoretically allow a malicious peer to take control
 +over the software on the other side. No working exploit is known at this
 +time, and the issues require the peer to first be authenticated. We still
 +urge users to upgrade when possible."​
 +(**Security fix**)
 +
 +==== 2019-12-19 ====
 +
 +**bind-9.11.14**: ​ Upgraded.
 +This is a bugfix release:
 +Fixed a bug that caused named to leak memory on reconfiguration when
 +any GeoIP2 database was in use. [GL #1445]
 +Fixed several possible race conditions discovered by Thread Sanitizer.
 +
 +**wavpack-5.2.0**: ​ Upgraded.
 +Fixed denial-of-service and other potential security issues.
 +For more information,​ see:
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-19840
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-19841
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10536
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10537
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10538
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10539
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-10540
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-7254
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-7253
 +  * https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2018-6767
 +(**Security fix**)
 +
 +**ca-certificates-20191130**: ​ Upgraded.
 +This update provides the latest CA certificates to check for the
 +authenticity of SSL connections.
  
 ==== 2019-11-21 ==== ==== 2019-11-21 ====
changelog_14.2.1574386823.txt.gz ยท Last modified: 2019/11/21 20:40 by connie