Slackware updates
[Posted August 31, 2005 by ris]
| From: |
| changelog-AT-mrgoblin.is-a-geek.org |
| To: |
| changelog-AT-mrgoblin.is-a-geek.org |
| Subject: |
| Slackware Changelog Notice!! |
| Date: |
| Wed, 31 Aug 2005 22:09:09 +1200 |
Slackware Current ChangeLog Notice.
The following additions have been made to The Current ChangeLog.txt
Please do not Reply to this email
-------------------------------------------------------------------
Tue Aug 30 13:01:43 PDT 2005
a/jfsutils-1.1.8-i486-1.tgz: Upgraded to jfsutils-1.1.8.
a/pciutils-2.1.11-i486-6.tgz: Updated pci.ids.
a/procps-3.2.5-i486-1.tgz: Upgraded to procps-3.2.5.
Thanks to Stuart Winter for informing me that newer 2.6 kernels needed this.
ap/espgs-8.15rc4-i486-1.tgz: Upgraded to espgs-8.15rc4.
ap/mysql-4.1.14-i486-1.tgz: Upgraded to mysql-4.1.14.
kde/kdeedu-3.4.2-i486-2.tgz: Fixed a minor /tmp bug in kvoctrain.
(* Security fix *)
l/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the processing of a
specially crafted regular expression. Theoretically this could be a security
issue if regular expressions are accepted from untrusted users to be
processed by a user with greater privileges, but this doesn't seem like a
common scenario (or, for that matter, a good idea). However, if you are
using an application that links to the shared PCRE library and accepts
outside input in such a manner, you will want to update to this new package.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
n/php-4.4.0-i486-3.tgz: Relinked with the system PCRE library, as the builtin
library has a buffer overflow that could be triggered by the processing of a
specially crafted regular expression.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
Recompiled with support for mbstring and cURL.
Thanks to Gerardo Exequiel Pozzi for pointing out that the new MySQL uses
UTF-8, which in turn requires that PHP support multibyte strings. Also,
thanks to Amrit for mentioning that the PHP cURL extentions are useful and
should be included.
n/samba-3.0.20-i486-1.tgz: Upgraded samba-3.0.20.
xap/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
(* Security fix *)
testing/packages/linux-2.6.12.5/alsa-driver-1.0.9b_2.6.12.5-i486-1.tgz
Recompiled against Linux 2.6.12.5.
testing/packages/linux-2.6.12.5/kernel-generic-2.6.12.5-i486-1.tgz
Upgraded to Linux 2.6.12.5 generic kernel.
testing/packages/linux-2.6.12.5/kernel-headers-2.6.12.5-i386-1.tgz
Upgraded to Linux 2.6.12.5 kernel headers for x86.
testing/packages/linux-2.6.12.5/kernel-modules-2.6.12.5-i486-1.tgz
Upgraded to Linux 2.6.12.5 kernel modules.
testing/packages/linux-2.6.12.5/kernel-source-2.6.12.5-noarch-1.tgz
Upgraded to Linux 2.6.12.5 kernel source.
testing/packages/php-5.0.4/php-5.0.4-i486-3.tgz: Relinked with the
system PCRE library, as the builtin library has a buffer overflow
that could be triggered by the processing of a specially crafted
regular expression.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
Recompiled with support for mbstring, cURL, and XSLT.
Thanks to Den (aka Diesel) for suggesting XSLT.
+--------------------------+
If for some reason you no longer wish to be notified of
Entries to the ChangeLog Please send an email
To: mrgoblin@userlocal.com
Subject: "unsubscribe slacklog"
and the subscribed email address in the body of the message.
Thank you
mRgOBLIN
