Novosti u *current* -u

[stereo Administrator offline]

26.04.2016.

Slackware 64bit:

Code: Select all

Tue Apr 26 05:16:02 UTC 2016
ap/lxc-2.0.0-x86_64-2.txz: Rebuilt.
       rc.lxc: Stop containers with lxc-stop rather than having lxc-attach call
       /sbin/halt. Thanks to linuxxer and Matteo Bernardini.
xfce/xfce4-weather-plugin-0.8.7-x86_64-1.txz: Upgraded.

Slackware 32bit:

Code: Select all

ap/lxc-2.0.0-i586-2.txz: Rebuilt.
       rc.lxc: Stop containers with lxc-stop rather than having lxc-attach call
       /sbin/halt. Thanks to linuxxer and Matteo Bernardini.
xfce/xfce4-weather-plugin-0.8.7-i586-1.txz: Upgraded.

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Sat Apr 30 20:28:33 UTC 2016
a/aaa_elflibs-14.2-x86_64-13.txz: Rebuilt.
a/lvm2-2.02.152-x86_64-1.txz: Upgraded.
ap/gphoto2-2.5.10-x86_64-1.txz: Upgraded.
ap/mariadb-10.0.25-x86_64-1.txz: Upgraded.
ap/vim-7.4.1811-x86_64-1.txz: Upgraded.
d/git-2.8.2-x86_64-1.txz: Upgraded.
d/ruby-2.2.5-x86_64-1.txz: Upgraded.
d/subversion-1.9.4-x86_64-1.txz: Upgraded.
       This release fixes two security issues:
       CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
       CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
       during COPY/MOVE authorization check.
       For more information, see:
       http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
       http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
       (* Security fix *)
l/libgphoto2-2.5.10-x86_64-1.txz: Upgraded.
n/whois-5.2.12-x86_64-1.txz: Upgraded.
n/yptools-2.14-x86_64-6.txz: Rebuilt.
       Don't remove unmerged .new config files. Thanks to christian laubscher.
x/xf86-input-evdev-2.10.2-x86_64-1.txz: Upgraded.
xap/vim-gvim-7.4.1811-x86_64-1.txz: Upgraded.
+--------------------------+
Sat Apr 30 05:51:33 UTC 2016
d/perl-5.22.2-x86_64-1.txz: Upgraded.
+--------------------------+
Fri Apr 29 20:54:01 UTC 2016
ap/cups-filters-1.8.3-x86_64-2.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
kde/calligra-2.9.11-x86_64-3.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
l/poppler-0.43.0-x86_64-1.txz: Upgraded.
       Shared library .so-version bump.
n/ntp-4.2.8p7-x86_64-1.txz: Upgraded.
       This release patches several low and medium severity security issues:
       CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
       CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
       AKA: ntp-sybil - MITIGATION ONLY
       CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
       botch
       CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
       properly validated
       CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
       MATCH_ASSOC
       CVE-2016-2519: ctl_getitem() return value not always checked
       CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
       CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
       CVE-2015-7704: KoD fix: peer associations were broken by the fix for
       NtpBug2901, AKA: Symmetric active/passive mode is broken
       CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
       CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
       authdecrypt-timing, AKA: authdecrypt-timing
       For more information, see:
       http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
       (* Security fix *)
n/php-5.6.21-x86_64-1.txz: Upgraded.
       This release fixes bugs and security issues.
       For more information, see:
       http://php.net/ChangeLog-5.php#5.6.21
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
       (* Security fix *)
x/libdrm-2.4.68-x86_64-1.txz: Upgraded.
xfce/tumbler-0.1.31-x86_64-6.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
+--------------------------+
Wed Apr 27 21:16:37 UTC 2016
n/yptools-2.14-x86_64-5.txz: Rebuilt.
       Use /usr/lib$LIBDIRSUFFIX/yp in /var/yp/Makefile.new. Thanks to alex14641.
xap/mozilla-firefox-45.1.0esr-x86_64-2.txz: Rebuilt.
       Fixed $RELEASEVER to avoid installing extra files and placing a few files in
       the wrong location. Thanks to Mikhail Zotov.
xfce/xfce4-settings-4.12.0-x86_64-3.txz: Rebuilt.
       Patched a bug that may prevent a display from waking up from standby mode
       when running a 4.4.x (or newer) kernel. Thanks to Matthias Schuster.
+--------------------------+
Wed Apr 27 04:20:57 UTC 2016
xap/mozilla-firefox-45.1.0esr-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
       (* Security fix *)
+--------------------------+

Slackware 32-bit

Code: Select all

Sat Apr 30 20:28:33 UTC 2016
a/aaa_elflibs-14.2-i586-13.txz: Rebuilt.
a/lvm2-2.02.152-i586-1.txz: Upgraded.
ap/gphoto2-2.5.10-i586-1.txz: Upgraded.
ap/mariadb-10.0.25-i586-1.txz: Upgraded.
ap/vim-7.4.1811-i586-1.txz: Upgraded.
d/git-2.8.2-i586-1.txz: Upgraded.
d/ruby-2.2.5-i586-1.txz: Upgraded.
d/subversion-1.9.4-i586-1.txz: Upgraded.
       This release fixes two security issues:
       CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
       CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
       during COPY/MOVE authorization check.
       For more information, see:
       http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
       http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
       (* Security fix *)
l/libgphoto2-2.5.10-i586-1.txz: Upgraded.
n/whois-5.2.12-i586-1.txz: Upgraded.
n/yptools-2.14-i586-6.txz: Rebuilt.
       Don't remove unmerged .new config files. Thanks to christian laubscher.
x/xf86-input-evdev-2.10.2-i586-1.txz: Upgraded.
xap/vim-gvim-7.4.1811-i586-1.txz: Upgraded.
+--------------------------+
Sat Apr 30 05:51:33 UTC 2016
d/perl-5.22.2-i586-1.txz: Upgraded.
+--------------------------+
Fri Apr 29 20:54:01 UTC 2016
ap/cups-filters-1.8.3-i586-2.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
kde/calligra-2.9.11-i586-3.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
l/poppler-0.43.0-i586-1.txz: Upgraded.
       Shared library .so-version bump.
n/ntp-4.2.8p7-i586-1.txz: Upgraded.
       This release patches several low and medium severity security issues:
       CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
       CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
       AKA: ntp-sybil - MITIGATION ONLY
       CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
       botch
       CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
       properly validated
       CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
       MATCH_ASSOC
       CVE-2016-2519: ctl_getitem() return value not always checked
       CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
       CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
       CVE-2015-7704: KoD fix: peer associations were broken by the fix for
       NtpBug2901, AKA: Symmetric active/passive mode is broken
       CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
       CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
       authdecrypt-timing, AKA: authdecrypt-timing
       For more information, see:
       http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519
       (* Security fix *)
n/php-5.6.21-i586-1.txz: Upgraded.
       This release fixes bugs and security issues.
       For more information, see:
       http://php.net/ChangeLog-5.php#5.6.21
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
       (* Security fix *)
x/libdrm-2.4.68-i586-1.txz: Upgraded.
xfce/tumbler-0.1.31-i586-6.txz: Rebuilt.
       Recompiled against poppler-0.43.0.
+--------------------------+
Wed Apr 27 21:16:37 UTC 2016
n/yptools-2.14-i586-5.txz: Rebuilt.
       Use /usr/lib$LIBDIRSUFFIX/yp in /var/yp/Makefile.new. Thanks to alex14641.
xap/mozilla-firefox-45.1.0esr-i586-2.txz: Rebuilt.
       Fixed $RELEASEVER to avoid installing extra files and placing a few files in
       the wrong location. Thanks to Mikhail Zotov.
xfce/xfce4-settings-4.12.0-i586-3.txz: Rebuilt.
       Patched a bug that may prevent a display from waking up from standby mode
       when running a 4.4.x (or newer) kernel. Thanks to Matthias Schuster.
+--------------------------+
Wed Apr 27 04:20:57 UTC 2016
xap/mozilla-firefox-45.1.0esr-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
       (* Security fix *)
+--------------------------+

[stereo Administrator offline]

02.05.2016.

Slackware 64bit:

Code: Select all

Mon May 2 19:42:54 UTC 2016
ap/tmux-2.1-i586-2.txz: Rebuilt.
       Reverted to tmux-2.1, because tmux-2.2 has dropped support for non-UTF8
       character sets "since supporting multiple character sets is a pain".
       Thanks to Dan Church for the bug report.
d/mercurial-3.8.1-i586-1.txz: Upgraded.
       This update fixes possible arbitrary code execution when converting Git
       repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
       the convert extension on Git repos with hostile names. This could affect
       automated code conversion services that allow arbitrary repository names.
       This is a further side-effect of Git CVE-2015-7545.
       Reported and fixed by Blake Burkhart.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
       (* Security fix *)
l/icu4c-56.1-i586-2.txz: Rebuilt.
       Patched pkgdata crash when using "-m". Thanks to Fabio Bas.
l/librsvg-2.40.15-i586-2.txz: Rebuilt.
       Reverted upstream patch that broke the rsvg-convert scaling functionality.
       Thanks to haary.
n/samba-4.4.3-i586-1.txz: Upgraded.
xap/imagemagick-6.9.3_9-i586-1.txz: Upgraded.

Slackware 32bit:

Code: Select all

ap/tmux-2.1-i586-2.txz: Rebuilt.
       Reverted to tmux-2.1, because tmux-2.2 has dropped support for non-UTF8
       character sets "since supporting multiple character sets is a pain".
       Thanks to Dan Church for the bug report.
d/mercurial-3.8.1-i586-1.txz: Upgraded.
       This update fixes possible arbitrary code execution when converting Git
       repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
       the convert extension on Git repos with hostile names. This could affect
       automated code conversion services that allow arbitrary repository names.
       This is a further side-effect of Git CVE-2015-7545.
       Reported and fixed by Blake Burkhart.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
       (* Security fix *)
l/icu4c-56.1-i586-2.txz: Rebuilt.
       Patched pkgdata crash when using "-m". Thanks to Fabio Bas.
l/librsvg-2.40.15-i586-2.txz: Rebuilt.
       Reverted upstream patch that broke the rsvg-convert scaling functionality.
       Thanks to haary.
n/samba-4.4.3-i586-1.txz: Upgraded.
xap/imagemagick-6.9.3_9-i586-1.txz: Upgraded.

[stereo Administrator offline]

03.05.2016.

Slackware 64bit:

Code: Select all

Tue May 3 20:30:53 UTC 2016
a/openssl-solibs-1.0.2h-x86_64-1.txz: Upgraded.
n/bind-9.10.4-x86_64-1.txz: Upgraded.
n/openssl-1.0.2h-x86_64-1.txz: Upgraded.
       This update fixes the following security issues:
       Memory corruption in the ASN.1 encoder (CVE-2016-2108)
       Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
       EVP_EncodeUpdate overflow (CVE-2016-2105)
       EVP_EncryptUpdate overflow (CVE-2016-2106)
       ASN.1 BIO excessive memory allocation (CVE-2016-2109)
       EBCDIC overread (CVE-2016-2176)
       For more information, see:
       https://www.openssl.org/news/secadv/20160503.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
       (* Security fix *)
xap/hexchat-2.12.1-x86_64-1.txz: Upgraded.
testing/packages/tmux-2.2-x86_64-1.txz: Added.
       For those using a UTF8 locale, I'm adding back the latest tmux in /testing.
       Most likely we'll throw the switch on "UTF8 by default" shortly into the
       next development cycle, but now isn't the time for it.

Slackware 32bit:

Code: Select all

a/openssl-solibs-1.0.2h-i586-1.txz: Upgraded.
n/bind-9.10.4-i586-1.txz: Upgraded.
n/openssl-1.0.2h-i586-1.txz: Upgraded.
       This update fixes the following security issues:
       Memory corruption in the ASN.1 encoder (CVE-2016-2108)
       Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
       EVP_EncodeUpdate overflow (CVE-2016-2105)
       EVP_EncryptUpdate overflow (CVE-2016-2106)
       ASN.1 BIO excessive memory allocation (CVE-2016-2109)
       EBCDIC overread (CVE-2016-2176)
       For more information, see:
       https://www.openssl.org/news/secadv/20160503.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
       (* Security fix *)
xap/hexchat-2.12.1-i586-1.txz: Upgraded.
testing/packages/tmux-2.2-i586-1.txz: Added.
       For those using a UTF8 locale, I'm adding back the latest tmux in /testing.
       Most likely we'll throw the switch on "UTF8 by default" shortly into the
       next development cycle, but now isn't the time for it.

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Wed May 4 19:24:29 UTC 2016
ap/hplip-3.16.5-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-45.1.1esr-x86_64-1.txz: Upgraded.

Slackware 32-bit

Code: Select all

Wed May 4 19:24:29 UTC 2016
ap/hplip-3.16.5-i586-1.txz: Upgraded.
xap/mozilla-firefox-45.1.1esr-i586-1.txz: Upgraded.

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Thu May 5 05:17:19 UTC 2016
a/kernel-generic-4.4.9-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.9-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.9-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-2.0-noarch-31.txz: Rebuilt.
       In rc.M, bluetooth must start before NetworkManager (like it did in Slackware
       14.1) in order to enable bluetooth networking. Thanks to James Marca.
ap/lxc-2.0.0-x86_64-3.txz: Rebuilt.
       Merged rc.M changes.
d/kernel-headers-4.4.9-x86-1.txz: Upgraded.
k/kernel-source-4.4.9-noarch-1.txz: Upgraded.
n/mutt-1.6.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.

Slackware 32-bit

Code: Select all

Thu May 5 05:17:19 UTC 2016
a/kernel-generic-4.4.9-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.9-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.9-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.9_smp-i686-1.txz: Upgraded.
a/sysvinit-scripts-2.0-noarch-31.txz: Rebuilt.
       In rc.M, bluetooth must start before NetworkManager (like it did in Slackware
       14.1) in order to enable bluetooth networking. Thanks to James Marca.
ap/lxc-2.0.0-i586-3.txz: Rebuilt.
       Merged rc.M changes.
d/kernel-headers-4.4.9_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.9_smp-noarch-1.txz: Upgraded.
n/mutt-1.6.1-i586-1.txz: Upgraded.
extra/linux-4.4.9-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Current (pre-release) ChangeLog for x86_64
Wed May 11 05:20:01 UTC 2016
a/dcron-4.5-x86_64-5.txz: Rebuilt.
       Patched bug where cron.update is not picked up while jobs are still running.
       Thanks to Jeroen Hendriks.
ap/lxc-2.0.0-x86_64-4.txz: Rebuilt.
       Applied "[PATCH] cgfsng: don't require that systemd subsystem be mounted".
       Thanks to Johannes Schöpfer.
ap/moc-2.5.1-x86_64-1.txz: Upgraded.
ap/slackpkg-2.82.1-noarch-1.txz: Upgraded.
       Updated x86* mirrors lists for Slackware 14.2.
n/openvpn-2.3.11-x86_64-1.txz: Upgraded.
x/mesa-11.2.2-x86_64-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-x86_64-1.txz: Upgraded.
       This release addresses several security issues in ImageMagick, including:
       Insufficient shell characters filtering allows code execution (CVE-2016-3714)
       Server Side Request Forgery (CVE-2016-3718)
       File deletion (CVE-2016-3715)
       File moving (CVE-2016-3716)
       Local file read (CVE-2016-3717)
       In addition, the default policy.xml config file has been modified to disable
       all of the previously vulnerable coders, and to disable indirect reads.
       For more information, see:
       https://imagetragick.com
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
       (* Security fix *)

Slackware 32-bit

Code: Select all

Wed May 11 05:20:01 UTC 2016
a/dcron-4.5-i586-5.txz: Rebuilt.
       Patched bug where cron.update is not picked up while jobs are still running.
       Thanks to Jeroen Hendriks.
ap/lxc-2.0.0-i586-4.txz: Rebuilt.
       Applied "[PATCH] cgfsng: don't require that systemd subsystem be mounted".
       Thanks to Johannes Schöpfer.
ap/moc-2.5.1-i586-1.txz: Upgraded.
ap/slackpkg-2.82.1-noarch-1.txz: Upgraded.
       Updated x86* mirrors lists for Slackware 14.2.
n/openvpn-2.3.11-i586-1.txz: Upgraded.
x/mesa-11.2.2-i586-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-i586-1.txz: Upgraded.
       This release addresses several security issues in ImageMagick, including:
       Insufficient shell characters filtering allows code execution (CVE-2016-3714)
       Server Side Request Forgery (CVE-2016-3718)
       File deletion (CVE-2016-3715)
       File moving (CVE-2016-3716)
       Local file read (CVE-2016-3717)
       In addition, the default policy.xml config file has been modified to disable
       all of the previously vulnerable coders, and to disable indirect reads.
       For more information, see:
       https://imagetragick.com
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
       (* Security fix *)

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Thu May 12 01:50:21 UTC 2016
a/kernel-firmware-20160511git-noarch-1.txz: Upgraded.
a/kernel-generic-4.4.10-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.10-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.10-x86_64-1.txz: Upgraded.
ap/man-pages-4.06-noarch-1.txz: Upgraded.
d/kernel-headers-4.4.10-x86-1.txz: Upgraded.
k/kernel-source-4.4.10-noarch-1.txz: Upgraded.
n/NetworkManager-1.2.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-45.1.0-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/network-manager-applet-1.2.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.

Slackware 32-bit

Code: Select all

Thu May 12 01:50:21 UTC 2016
a/kernel-firmware-20160511git-noarch-1.txz: Upgraded.
a/kernel-generic-4.4.10-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.10_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.10-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.10_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.10-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.10_smp-i686-1.txz: Upgraded.
ap/man-pages-4.06-noarch-1.txz: Upgraded.
d/kernel-headers-4.4.10_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.10_smp-noarch-1.txz: Upgraded.
n/NetworkManager-1.2.2-i586-1.txz: Upgraded.
xap/mozilla-thunderbird-45.1.0-i586-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/network-manager-applet-1.2.2-i586-1.txz: Upgraded.
extra/linux-4.4.10-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

Tue May 17 05:06:44 UTC 2016
a/aaa_elflibs-14.2-x86_64-14.txz: Rebuilt.
d/mercurial-3.8.2-x86_64-1.txz: Upgraded.
l/gdbm-1.12-x86_64-1.txz: Upgraded.
l/libmtp-1.1.11-x86_64-1.txz: Upgraded.
n/libndp-1.6-x86_64-1.txz: Upgraded.
       This update fixes a security issue. It was found that libndp did
       not properly validate and check the origin of Neighbor Discovery
       Protocol (NDP) messages. An attacker on a non-local network could
       use this flaw to advertise a node as a router, allowing them to
       perform man-in-the-middle attacks on a connecting client, or
       disrupt the network connectivity of that client.
       Thanks to Julien Bernard (Viagénie) for reporting this issue.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698
       (* Security fix *)
xap/gnuplot-5.0.3-x86_64-2.txz: Rebuilt.
       Added libcaca support. Thanks to Andrew Clemons.
a/kernel-firmware-20160516git-noarch-1.txz: Upgraded.
a/lvm2-2.02.154-x86_64-1.txz: Upgraded.
d/python-setuptools-21.0.0-x86_64-1.txz: Upgraded.
n/lftp-4.7.1-x86_64-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-x86_64-2.txz: Rebuilt.
       Fixed .new config file installation. Thanks to ivandi.
testing/source/linux-4.5.4-configs/*: Added.
testing/source/linux-4.6-configs/*: Added.

Slackware 32-bit

Code: Select all

Tue May 17 05:06:44 UTC 2016
a/aaa_elflibs-14.2-i586-14.txz: Rebuilt.
d/mercurial-3.8.2-i586-1.txz: Upgraded.
l/gdbm-1.12-i586-1.txz: Upgraded.
l/libmtp-1.1.11-i586-1.txz: Upgraded.
n/libndp-1.6-i586-1.txz: Upgraded.
       This update fixes a security issue. It was found that libndp did
       not properly validate and check the origin of Neighbor Discovery
       Protocol (NDP) messages. An attacker on a non-local network could
       use this flaw to advertise a node as a router, allowing them to
       perform man-in-the-middle attacks on a connecting client, or
       disrupt the network connectivity of that client.
       Thanks to Julien Bernard (Viagénie) for reporting this issue.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698
       (* Security fix *)
xap/gnuplot-5.0.3-i586-2.txz: Rebuilt.
       Added libcaca support. Thanks to Andrew Clemons.
a/kernel-firmware-20160516git-noarch-1.txz: Upgraded.
a/lvm2-2.02.154-i586-1.txz: Upgraded.
d/python-setuptools-21.0.0-i586-1.txz: Upgraded.
n/lftp-4.7.1-i586-1.txz: Upgraded.
xap/imagemagick-6.9.4_1-i586-2.txz: Rebuilt.
       Fixed .new config file installation. Thanks to ivandi.
testing/source/linux-4.5.4-configs/*: Added.
testing/source/linux-4.6-configs/*: Added.

[Shicy Administrator offline]

Slackware 64-bit

Code: Select all

 Fri May 20 21:20:29 UTC 2016
a/aaa_base-14.2-x86_64-2.txz: Rebuilt.
       Updated your your initial email. ;-)
       Thanks to Tonus for the typo report.
a/aaa_elflibs-14.2-x86_64-15.txz: Rebuilt.
a/btrfs-progs-v4.5.3-x86_64-1.txz: Upgraded.
a/e2fsprogs-1.43-x86_64-1.txz: Upgraded.
a/gzip-1.8-x86_64-1.txz: Upgraded.
a/kernel-generic-4.4.11-x86_64-1.txz: Upgraded.
a/kernel-huge-4.4.11-x86_64-1.txz: Upgraded.
a/kernel-modules-4.4.11-x86_64-1.txz: Upgraded.
a/tar-1.29-x86_64-1.txz: Upgraded.
ap/lxc-2.0.1-x86_64-1.txz: Upgraded.
ap/sqlite-3.13.0-x86_64-1.txz: Upgraded.
ap/vim-7.4.1832-x86_64-1.txz: Upgraded.
d/kernel-headers-4.4.11-x86-1.txz: Upgraded.
k/kernel-source-4.4.11-noarch-1.txz: Upgraded.
n/curl-7.49.0-x86_64-1.txz: Upgraded.
       Fixed a TLS certificate check bypass with mbedTLS/PolarSSL.
       For more information, see:
       https://curl.haxx.se/docs/adv_20160518.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739
       (* Security fix *)
n/dnsmasq-2.76-x86_64-1.txz: Upgraded.
n/lftp-4.7.2-x86_64-1.txz: Upgraded.
xap/vim-gvim-7.4.1832-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.

Slackware 32-bit

Code: Select all

Fri May 20 21:20:29 UTC 2016
a/aaa_base-14.2-i586-2.txz: Rebuilt.
       Updated your your initial email. ;-)
       Thanks to Tonus for the typo report.
a/aaa_elflibs-14.2-i586-15.txz: Rebuilt.
a/btrfs-progs-v4.5.3-i586-1.txz: Upgraded.
a/e2fsprogs-1.43-i586-1.txz: Upgraded.
a/gzip-1.8-i586-1.txz: Upgraded.
a/kernel-generic-4.4.11-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.4.11-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.4.11-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.4.11_smp-i686-1.txz: Upgraded.
a/tar-1.29-i586-1.txz: Upgraded.
ap/lxc-2.0.1-i586-1.txz: Upgraded.
ap/sqlite-3.13.0-i586-1.txz: Upgraded.
ap/vim-7.4.1832-i586-1.txz: Upgraded.
d/kernel-headers-4.4.11_smp-x86-1.txz: Upgraded.
k/kernel-source-4.4.11_smp-noarch-1.txz: Upgraded.
n/curl-7.49.0-i586-1.txz: Upgraded.
       Fixed a TLS certificate check bypass with mbedTLS/PolarSSL.
       For more information, see:
       https://curl.haxx.se/docs/adv_20160518.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739
       (* Security fix *)
n/dnsmasq-2.76-i586-1.txz: Upgraded.
n/lftp-4.7.2-i586-1.txz: Upgraded.
xap/vim-gvim-7.4.1832-i586-1.txz: Upgraded.
extra/linux-4.4.11-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.